Detections
Analytics
GEN001374 - The /etc/nsswitch.conf file must not have an extended ACL.
Information
The nsswitch.conf file (or equivalent) configures the source of a variety of system security information including account, group, and host lookups. Malicious changes could prevent the system from functioning or compromise system security.NOTE: AIX does not use the /etc/nsswitch.conf file. This check is not applicable.
Solution
Remove the extended ACL from the /etc/nsswitch.conf file.# acledit /etc/nsswitch.conf
See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: ACCESS CONTROL
References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Rule-ID|SV-39334r1_rule, STIG-ID|GEN001374, Vuln-ID|V-22330
Plugin: Unix
Control ID: 036b1afe1ba496ef7304785e59a4640fbd8d81b69e26f649c786d37a0abd2b25