| GEN001840 - All global initialization files' executable search paths must contain only absolute paths - '/etc/profile' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001870 - Local initialization files must be group-owned by the user's primary group or root - '~/.bash_profile' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001870 - Local initialization files must be group-owned by the user's primary group or root - '~/.bashrc' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001870 - Local initialization files must be group-owned by the user's primary group or root - '~/.cshrc' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001880 - All local initialization files must have mode 0740 or less permissive - '~/.dispatch' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001880 - All local initialization files must have mode 0740 or less permissive - '~/.exrc' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN001901 - Local initialization files' library search paths must contain only absolute paths - 'LIBPATH' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001980 - /etc/security/passwd file must not contain a plus (+) without defining entries for NIS+ netgroups - '/etc/security/passwd' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001980 - The .shosts file must not contain a plus (+) without defining entries for NIS+ netgroups - '~/.shosts' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN001980 - The hosts.equiv file must not contain a plus (+) without defining entries for NIS+ netgroups - '~/hosts.equiv' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN002120 - The /etc/shells (or equivalent) file must exist - '/etc/security/login.cfg contains shells=' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN002300 - Device files used for backup must only be readable and/or writable by root or the backup user - '/dev/cd*' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN002300 - Device files used for backup must only be readable and/or writable by root or the backup user - '/dev/rmt*' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN002440 - The owner, group, mode, ACL, and location of files with the setgid bit set must be documented using site-defined procedures | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN002560 - The system and user default umask must be 077 - '/etc/*' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN002800 - System must be configured to audit login, logout, and session initiation - '/etc/security/audit/config USER_Logout exists' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002800 - System must be configured to audit login, logout, and session initiation - '/etc/security/audit/events USER_SU exists' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002825 - System must be configured to audit load/unload dynamic kernel modules - '/etc/security/audit/events FILE_Mknod exists' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN002980 - The cron.allow file must have mode 0640 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'lpd' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'nobody' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'sshd' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must GEN003580be included in the cron.deny file - 'sshd' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003110 - Cron and crontab directories must not have extended ACLs - '/var/spool/cron' - no acls enabled | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003140 - Cron and crontab directories must be group-owned by system, sys, bin, or cron. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003180 - The cronlog file must have mode 0600 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003240 - The cron.allow file must be owned by root, bin, or sys. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003245 - The at.allow file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'bin' - at.allow | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'bin' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'invscout' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'lpd' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'snapp' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'uucp' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003360 - The at daemon must not execute group-writable or world-writable programs. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003510 - Kernel core dumps must be disabled unless needed - 'secondary dump device' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN003600 - The system must not forward IPv4 source-routed packets. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003720 - The inetd.conf file, xinetd.conf file, and the xinetd.d directory must be owned by root or bin - 'xinetd.d' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003740 - The inetd.conf and xinetd.conf files must have mode 0440 or less permissive - 'inetd.conf' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003760 - The services file must be owned by root or bin. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003780 - The services file must have mode 0444 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003865 - Network analysis tools must not be installed - 'tcpdump' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN003920 - The hosts.lpd (or equivalent) file must be owned by root, bin, sys, or lp | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003940 - The hosts.lpd (or equivalent) must have mode 0644 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN004840 - If the system is an anonymous FTP server, it must be isolated to the DMZ network. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN005180 - All .Xauthority files must have mode 0600 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005320 - The snmpd.conf file must have mode 0600 or less permissive - '/etc/snmpd.conf' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005350 - Management Information Base (MIB) files must not have extended ACLs. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005375 - The snmpd.conf file must not have an extended ACL - '/etc/snmpdv3.conf' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
