Detections
Analytics
GEN002300 - Device files used for backup must only be readable and/or writable by root or the backup user - '/dev/rmt*'
Information
System backups could be accidentally or maliciously overwritten and destroy the ability to recover the system if a compromise should occur. Unauthorized users could also copy system files.Solution
Use the chmod command to remove the world-writable bit from the backup device files.Procedure:
# chmod o-w <back device filename>
Document all changes.
See Also
http://iasecontent.disa.mil/stigs/zip/U_STIG_Library_2015_07.zip
Item Details
Audit Name: DISA AIX 5.3 STIG v1r2
Category: ACCESS CONTROL
References: 800-53|AC-6(7), CAT|II, CCI|CCI-000225, Rule-ID|SV-38745r1_rule, STIG-ID|GEN002300, Vuln-ID|V-925
Plugin: Unix
Control ID: 820bb48c4e6ad76caae7dc8eca5000ced8d24faae97d01b9168551daae754146