A baseline of AIX files with the TCB bit set must be checked weekly.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-4287	GEN000000-AIX00060	SV-4287r2_rule	DCSL-1	Medium

Description
If a baseline of files with the TCB bit set is not kept and checked weekly, the system could be compromised without the knowledge of any authority.

STIG	Date
AIX 6.1 SECURITY TECHNICAL IMPLEMENTATION GUIDE	2018-09-18

Details

Check Text ( C-2449r3_chk )
Perform the following command with no parameters to ensure the system is in trusted mode. # /bin/tcbck If TCB is not installed, the output will show an error code of 3001-101 and/or a text message indicating TCB is not installed. If the output from the command indicates it is not in trusted mode, this is not reviewed. Otherwise, check the root crontab to verify tcbck is executed weekly. If it is not in the crontab, ask the SA if the check is run manually and to see the results of the check.

Check Text ( C-2449r3_chk )

Perform the following command with no parameters to ensure the system is in trusted mode.

# /bin/tcbck

If TCB is not installed, the output will show an error code of 3001-101 and/or a text message indicating TCB is not installed. If the output from the command indicates it is not in trusted mode, this is not reviewed. Otherwise, check the root crontab to verify tcbck is executed weekly. If it is not in the crontab, ask the SA if the check is run manually and to see the results of the check.

Fix Text (F-4198r2_fix)
Add tcbck command as a weekly cronjob with the output sent to the SA.