The integrity of AIX files with the TCB bit set must be checked weekly.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-4287	GEN000000-AIX00060	SV-4287r5_rule	DCSL-1	Medium

Description
If the integrity of files with the TCB bit set is not checked weekly, a system compromise may not be detected.

STIG	Date
Draft AIX Security Technical Implementation Guide	2011-08-17

Details

Check Text ( C-2449r3_chk )
Perform the following command with no parameters to ensure the system is in trusted mode: # /bin/tcbck If TCB is not installed, the output will show an error code of 3001-101 and/or a text message indicating TCB is not installed. If the output from the command indicates it is not in trusted mode, mark this item not reviewed. Otherwise, check the root crontab to verify tcbck is executed weekly. If it is not in the crontab, ask the SA if the check is run manually and to see the results of the check.

Check Text ( C-2449r3_chk )

Perform the following command with no parameters to ensure the system is in trusted mode:

# /bin/tcbck

If TCB is not installed, the output will show an error code of 3001-101 and/or a text message indicating TCB is not installed. If the output from the command indicates it is not in trusted mode, mark this item not reviewed. Otherwise, check the root crontab to verify tcbck is executed weekly. If it is not in the crontab, ask the SA if the check is run manually and to see the results of the check.

Fix Text (F-4198r2_fix)
Add tcbck command as a weekly cronjob with the output sent to the SA.