UCF STIG Viewer Logo

The root account's home directory must not have an extended ACL.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22309 GEN000930 SV-38690r1_rule ECLP-1 Medium
Description
File system extended ACLs provide access to files beyond what is allowed by the mode numbers of the files.
STIG Date
Draft AIX Security Technical Implementation Guide 2011-08-17

Details

Check Text ( C-36915r1_chk )
Verify the root account's home directory has no extended ACL.

Procedure:
# aclget ~root
If extended permissions are enabled, the directory has an extended ACL, and this is a finding.
Fix Text (F-32136r1_fix)
Remove the extended ACL from the root account's home directory.
#acledit ~/root
Change extended attributes to disabled.