UCF STIG Viewer Logo

IBM AIX 7.x Security Technical Implementation Guide


Overview

Date Finding Count (286)
2022-06-06 CAT I (High): 26 CAT II (Med): 254 CAT III (Low): 6
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC II - Mission Support Public)

Finding ID Severity Title
V-215375 High The ntalk daemon must be disabled on AIX.
V-215179 High AIX must use the SSH server to implement replay-resistant authentication mechanisms for network access to privileged and non-privileged accounts.
V-215177 High The AIX SYSTEM attribute must not be set to NONE for any account.
V-215176 High All accounts on AIX must be assigned unique User Identification Numbers (UIDs) and must authenticate organizational and non-organizational users (or processes acting on behalf of these users).
V-215175 High All accounts on AIX system must have unique account names.
V-215174 High If AIX is using LDAP for authentication or account information, the /etc/ldap.conf file (or equivalent) must not contain passwords.
V-215260 High AIX must remove NOPASSWD tag from sudo config files.
V-215226 High AIX must enforce a minimum 15-character password length.
V-215258 High AIX telnet daemon must not be running.
V-215259 High AIX ftpd daemon must not be running.
V-215257 High The AIX rexec daemon must not be running.
V-215322 High AIX must disable /usr/bin/rcp, /usr/bin/rlogin, /usr/bin/rsh, /usr/bin/rexec and /usr/bin/telnet commands.
V-215334 High AIX must disable trivial file transfer protocol.
V-215233 High AIX must be able to control the ability of remote login for users.
V-215346 High The AIX rsh daemon must be disabled.
V-215347 High The AIX rlogind service must be disabled.
V-215221 High AIX root passwords must never be passed over a network in clear text form.
V-215220 High AIX must require the change of at least 50% of the total number of characters when passwords are changed.
V-215225 High AIX must use Loadable Password Algorithm (LPA) password hashing algorithm.
V-215403 High The AIX system must have no .netrc files on the system.
V-215197 High AIX must not have accounts configured with blank or null passwords.
V-215219 High AIX must enforce password complexity by requiring that at least one numeric character be used.
V-215217 High AIX must enforce password complexity by requiring that at least one upper-case character be used.
V-215213 High AIX must employ strong authenticators in the establishment of nonlocal maintenance and diagnostic sessions.
V-215204 High IF LDAP is used, AIX LDAP client must use SSL to authenticate with LDAP server.
V-215218 High AIX must enforce password complexity by requiring that at least one lower-case character be used.
V-215362 Medium If rwhod is not required on AIX, the rwhod daemon must be disabled.
V-215387 Medium The imap2 service must be disabled on AIX.
V-215230 Medium The password hashes stored on AIX system must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm.
V-215379 Medium The pcnfsd daemon must be disabled on AIX.
V-215378 Medium The dtspc daemon must be disabled on AIX.
V-215374 Medium The talk daemon must be disabled on AIX.
V-215377 Medium The discard daemon must be disabled on AIX.
V-215376 Medium The chargen daemon must be disabled on AIX.
V-215371 Medium The ttdbserver daemon must be disabled on AIX.
V-215370 Medium The cmsd daemon must be disabled on AIX.
V-215373 Medium The time daemon must be disabled on AIX.
V-215372 Medium The uucp (UNIX to UNIX Copy Program) daemon must be disabled on AIX.
V-215274 Medium The AIX /etc/group file must be owned by root.
V-215275 Medium The AIX /etc/group file must be group-owned by security.
V-215178 Medium Direct logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts.
V-215270 Medium AIX cron and crontab directories must be owned by root or bin.
V-215271 Medium AIX audio devices must be group-owned by root, sys, bin, or system.
V-215272 Medium AIX time synchronization configuration file must be owned by root.
V-215273 Medium AIX time synchronization configuration file must be group-owned by bin, or system.
V-215173 Medium If the AIX system is using LDAP for authentication or account information, the LDAP SSL, or TLS connection must require the server provide a certificate and this certificate must have a valid path to a trusted CA.
V-215172 Medium AIX must limit the number of concurrent sessions to 10 for all accounts and/or account types.
V-215171 Medium AIX must enforce the limit of three consecutive invalid login attempts by a user before the user account is locked and released by an administrator.
V-215170 Medium AIX must automatically remove or disable temporary user accounts after 72 hours or sooner.
V-215308 Medium AIX system must require authentication upon booting into single-user and maintenance modes.
V-215229 Medium AIX must prevent the use of dictionary words for passwords.
V-215414 Medium The sendmail server must have the debug feature disabled on AIX systems.
V-215415 Medium SMTP service must not have the EXPN or VRFY features active on AIX systems.
V-215382 Medium The sprayd daemon must be disabled on AIX.
V-215417 Medium The SMTP service HELP command must not be enabled on AIX.
V-215384 Medium The kshell daemon must be disabled on AIX.
V-215385 Medium The rquotad daemon must be disabled on AIX.
V-215386 Medium The tftp daemon must be disabled on AIX.
V-215388 Medium The pop3 daemon must be disabled on AIX.
V-215389 Medium The finger daemon must be disabled on AIX.
V-215418 Medium NIS maps must be protected through hard-to-guess domain names on AIX.
V-215419 Medium The AIX systems access control program must be configured to grant or deny system access to specific hosts.
V-215269 Medium The inetd.conf file on AIX must be owned by root.
V-215267 Medium AIX log files must be owned by a system group.
V-215266 Medium AIX log files must be owned by a system account.
V-215265 Medium AIX must not have IP forwarding for IPv6 enabled unless the system is an IPv6 router.
V-215264 Medium AIX must be configured with a default gateway for IPv6 if the system uses IPv6 unless the system is a router.
V-215263 Medium IP forwarding for IPv4 must not be enabled on AIX unless the system is a router.
V-215262 Medium AIX must be configured with a default gateway for IPv4 if the system uses IPv4, unless the system is a router.
V-215261 Medium AIX must remove !authenticate option from sudo config files.
V-215300 Medium AIX must turn off X11 forwarding for the SSH daemon.
V-215301 Medium AIX must turn off TCP forwarding for the SSH daemon.
V-215302 Medium The AIX SSH daemon must be configured to disable empty passwords.
V-215303 Medium The AIX SSH daemon must be configured to disable user .rhosts files.
V-215304 Medium The AIX SSH daemon must be configured to not use host-based authentication.
V-215305 Medium The AIX SSH daemon must not allow RhostsRSAAuthentication.
V-215306 Medium If AIX SSH daemon is required, the SSH daemon must only listen on the approved listening IP addresses.
V-215268 Medium AIX system files, programs, and directories must be group-owned by a system group.
V-215169 Medium AIX /etc/security/mkuser.sys.custom file must not exist unless it is needed for customizing a new user account.
V-215363 Medium The timed daemon must be disabled on AIX.
V-219956 Medium AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full.
V-215390 Medium The instsrv daemon must be disabled on AIX.
V-215227 Medium AIX must enforce password complexity by requiring that at least one special character be used.
V-215393 Medium If Stream Control Transmission Protocol (SCTP) must be disabled on AIX.
V-215392 Medium The Internet Network News (INN) server must be disabled on AIX.
V-215397 Medium AIX kernel core dumps must be disabled unless needed.
V-215402 Medium The AIX SSH daemon must be configured to only use FIPS 140-2 approved ciphers.
V-215401 Medium AIX must allow admins to send a message to a user who logged in currently.
V-215394 Medium The Reliable Datagram Sockets (RDS) protocol must be disabled on AIX.
V-215252 Medium AIX must provide the function for assigned ISSOs or designated SAs to change the auditing to be performed on all operating system components, based on all selectable event criteria in near real time.
V-215253 Medium AIX must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility.
V-215250 Medium AIX audit tools must be set to 4550 or less permissive.
V-215251 Medium AIX must verify the hash of audit tools.
V-215256 Medium AIX audit logs must be rotated daily.
V-215254 Medium AIX must provide a report generation function that supports on-demand audit review and analysis, on-demand reporting requirements, and after-the-fact investigations of security incidents.
V-215255 Medium AIX must record time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).
V-215318 Medium AIX must automatically lock after 15 minutes of inactivity in the CDE Graphical desktop environment.
V-215206 Medium The AIX /etc/passwd, /etc/security/passwd, and/or /etc/group files must not contain a plus (+) without defining entries for NIS+ netgroups or LDAP netgroups.
V-215313 Medium The AIX syslog daemon must not accept remote messages unless it is a syslog server documented using site-defined procedures.
V-215312 Medium AIX must implement a remote syslog server that is documented using site-defined procedures.
V-215317 Medium The AIX audit configuration files must be set to 640 or less permissive.
V-215316 Medium The AIX audit configuration files must be group-owned by audit.
V-215315 Medium The AIX audit configuration files must be owned by root.
V-215314 Medium AIX must be configured to use syslogd to log events by TCPD.
V-215238 Medium AIX must produce audit records containing information to establish the source and the identity of any individual or process associated with an event.
V-215438 Medium The AIX operating system must be configured to use Multi Factor Authentication for remote connections.
V-215439 Medium AIX must have the have the PowerSC Multi Factor Authentication Product configured.
V-215239 Medium AIX must produce audit records containing information to establish the outcome of the events.
V-215432 Medium There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the AIX system.
V-215433 Medium The .rhosts file must not be supported in AIX PAM.
V-215430 Medium AIX must not respond to ICMPv6 echo requests sent to a broadcast address.
V-215431 Medium AIX must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
V-215436 Medium The AIX operating system must use Multi Factor Authentication.
V-215276 Medium All AIX interactive users home directories must be owned by their respective users.
V-215434 Medium The AIX root user home directory must not be the root directory (/).
V-215435 Medium All AIX interactive users must be assigned a home directory in the passwd file and the directory must exist.
V-245569 Medium The AIX cron and crontab directories must be group-owned by cron.
V-245568 Medium The AIX /var/spool/cron/atjobs directory must have a mode of 0640 or less permissive.
V-215277 Medium All AIX interactive users home directories must be group-owned by the home directory owner primary group.
V-215249 Medium AIX audit tools must be group-owned by audit.
V-215248 Medium AIX audit tools must be owned by root.
V-215245 Medium Audit logs on the AIX system must be set to 660 or less permissive.
V-215244 Medium Audit logs on the AIX system must be group-owned by system.
V-215247 Medium AIX must start audit at boot.
V-245562 Medium The AIX /etc/syslog.conf file must be group-owned by system.
V-215241 Medium AIX must be configured to generate an audit record when 75% of the audit file system is full.
V-245564 Medium The inetd.conf file on AIX must be group owned by the "system" group.
V-215243 Medium Audit logs on the AIX system must be owned by root.
V-215242 Medium AIX must provide the function to filter audit records for events of interest based upon all audit fields within audit records, support on-demand reporting requirements, and an audit reduction function that supports on-demand audit review and analysis and after-the-fact investigations of security incidents.
V-215328 Medium The AIX /etc/group file must not have an extended ACL.
V-215329 Medium The AIX ldd command must be disabled.
V-215326 Medium All library files must not have extended ACLs.
V-215327 Medium AIX passwd.nntp file must have mode 0600 or less permissive.
V-215324 Medium AIX log files must not have extended ACLs, except as needed to support authorized software.
V-215325 Medium All system command files must not have extended ACLs.
V-215323 Medium AIX log files must have mode 0640 or less permissive.
V-215320 Medium AIX must set inactivity time-out on login sessions and terminate all login sessions after 10 minutes of inactivity.
V-215321 Medium AIX SSH private host key files must have mode 0600 or less permissive.
V-215228 Medium AIX must implement a way to force an identified temporary user to renew their password at next login.
V-245558 Medium The AIX /etc/hosts file must be group-owned by system.
V-215437 Medium The AIX operating system must be configured to authenticate using Multi Factor Authentication.
V-215369 Medium The daytime daemon must be disabled on AIX.
V-215338 Medium AIX system must restrict the ability to switch to the root user to members of a defined group.
V-215332 Medium The AIX user home directories must not have extended ACLs.
V-215429 Medium AIX must not process ICMP timestamp requests.
V-215428 Medium AIX must not run any routing protocol daemons unless the system is a router.
V-215425 Medium The local initialization file lists of preloaded libraries must contain only absolute paths on AIX.
V-215424 Medium The local initialization file library search paths must contain only absolute paths on AIX.
V-215427 Medium The AIX DHCP client must not send dynamic DNS updates.
V-215426 Medium AIX package management tool must be used daily to verify system software.
V-215421 Medium AIX control scripts library search paths must contain only absolute paths.
V-215420 Medium All AIX files and directories must have a valid group owner.
V-215423 Medium The global initialization file lists of preloaded libraries must contain only absolute paths on AIX.
V-215422 Medium The control script lists of preloaded libraries must contain only absolute paths on AIX systems.
V-245561 Medium The AIX /etc/syslog.conf file must be owned by root.
V-245560 Medium AIX cron and crontab directories must have a mode of 0640 or less permissive.
V-215237 Medium AIX must produce audit records containing information to establish where the events occurred.
V-215231 Medium If SNMP service is enabled on AIX, the default SNMP password must not be used in the /etc/snmpd.conf config file.
V-245563 Medium The AIX /etc/syslog.conf file must have a mode of 0640 or less permissive.
V-215190 Medium All AIX public directories must be owned by root or an application account.
V-215331 Medium All AIX users home directories must have mode 0750 or less permissive.
V-215330 Medium AIX NFS server must be configured to restrict file system access to local hosts.
V-215333 Medium AIX must use Trusted Execution (TE) Check policy.
V-215246 Medium AIX must provide audit record generation functionality for DoD-defined auditable events.
V-215335 Medium AIX must employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
V-215337 Medium AIX must enforce a delay of at least 4 seconds between login prompts following a failed login attempt.
V-215336 Medium AIX must remove all software components after updated versions have been installed.
V-215339 Medium All AIX Group Identifiers (GIDs) referenced in the /etc/passwd file must be defined in the /etc/group file.
V-245565 Medium The AIX /etc/inetd.conf file must have a mode of 0640 or less permissive.
V-215232 Medium AIX must require passwords to contain no more than three consecutive repeating characters.
V-215234 Medium NFS file systems on AIX must be mounted with the nosuid option unless the NFS file systems contain approved setuid or setgid programs.
V-215235 Medium AIX removable media, remote file systems, and any file system not containing approved device files must be mounted with the nodev option.
V-215236 Medium AIX must produce audit records containing information to establish what the date, time, and type of events that occurred.
V-215240 Medium AIX must produce audit records containing the full-text recording of privileged commands.
V-245567 Medium The AIX /var/spool/cron/atjobs directory must be group-owned by cron.
V-215365 Medium If SNMP is not required on AIX, the snmpmibd daemon must be disabled.
V-245566 Medium The AIX /var/spool/cron/atjobs directory must be owned by root or bin.
V-219057 Medium AIX must employ a deny-all, allow-by-exception firewall policy for allowing connections to other systems.
V-215182 Medium The regular users default primary group must be staff (or equivalent) on AIX.
V-215183 Medium All system files, programs, and directories must be owned by a system account.
V-215180 Medium The AIX system must automatically remove or disable emergency accounts after the crisis is resolved or 72 hours.
V-215181 Medium The shipped /etc/security/mkuser.sys file on AIX must not be customized directly.
V-215186 Medium AIX must configure the ttys value for all interactive users.
V-215187 Medium AIX must provide the lock command to let users retain their session lock until users are reauthenticated.
V-215184 Medium AIX device files and directories must only be writable by users with a system account or as configured by the vendor.
V-215188 Medium AIX must provide xlock command in the CDE environment to let users retain their sessions lock until users are reauthenticated.
V-215189 Medium AIX system must prevent the root account from directly logging in except from the system console.
V-215210 Medium AIX nosuid option must be enabled on all NFS client mounts.
V-215344 Medium AIX sendmail logging must not be set to less than nine in the sendmail.cf file.
V-215345 Medium AIX run control scripts executable search paths must contain only absolute paths.
V-215340 Medium All AIX files and directories must have a valid owner.
V-215341 Medium The sticky bit must be set on all public directories on AIX systems.
V-215342 Medium The AIX global initialization files must contain the mesg -n or mesg n commands.
V-215343 Medium The AIX hosts.lpd file must not contain a + character.
V-215223 Medium AIX Operating systems must enforce a 60-day maximum password lifetime restriction.
V-215222 Medium AIX Operating systems must enforce 24 hours/1 day as the minimum password lifetime.
V-215348 Medium The AIX qdaemon must be disabled if local or remote printing is not required.
V-215349 Medium If AIX system does not act as a remote print server for other servers, the lpd daemon must be disabled.
V-215224 Medium AIX must prohibit password reuse for a minimum of five generations.
V-215404 Medium AIX must turn on enhanced Role-Based Access Control (RBAC) to isolate security functions from nonsecurity functions, to grant system privileges to other operating system admins, and prohibit user installation of system software without explicit privileged status.
V-215396 Medium AIX process core dumps must be disabled.
V-215195 Medium UIDs reserved for system accounts must not be assigned to non-system accounts on AIX systems.
V-215194 Medium The Group Identifiers (GIDs) reserved for AIX system accounts must not be assigned to non-system accounts as their primary group GID.
V-215196 Medium The AIX root accounts list of preloaded libraries must be empty.
V-215191 Medium AIX administrative accounts must not run a web browser, except as needed for local service administration.
V-215395 Medium If automated file system mounting tool is not required on AIX, it must be disabled.
V-215193 Medium The AIX root account must not have world-writable directories in its executable search path.
V-215192 Medium AIX default system accounts (with the exception of root) must not be listed in the cron.allow file or must be included in the cron.deny file, if cron.allow does not exist.
V-215278 Medium All files and directories contained in users home directories on AIX must be group-owned by a group in which the home directory owner is a member.
V-215400 Medium AIX must allow admins to send a message to all the users who logged in currently.
V-215199 Medium The AIX root accounts home directory must not have an extended ACL.
V-215198 Medium The AIX root accounts home directory (other than /) must have mode 0700.
V-215296 Medium The AIX SSH daemon must not allow compression.
V-215297 Medium AIX must turn on SSH daemon privilege separation.
V-215294 Medium AIX SSH daemon must be configured to only use Message Authentication Codes (MACs) employing FIPS 140-2 approved cryptographic hash algorithms.
V-215295 Medium The AIX SSH daemon must be configured for IP filtering.
V-215292 Medium If GSSAPI authentication is not required on AIX, the SSH daemon must disable GSSAPI authentication.
V-215293 Medium AIX must setup SSH daemon to disable revoked public keys.
V-215290 Medium AIX must config the SSH idle timeout interval.
V-215279 Medium AIX library files must have mode 0755 or less permissive.
V-215441 Medium The AIX operating system must accept and verify Personal Identity Verification (PIV) credentials.
V-215440 Medium The AIX operating system must be configured to use a valid server_ca.pem file.
V-215399 Medium AIX must protect against or limit the effects of Denial of Service (DoS) attacks by ensuring AIX is implementing rate-limiting measures on impacted network interfaces.
V-215298 Medium AIX must turn on SSH daemon reverse name checking.
V-215299 Medium AIX SSH daemon must perform strict mode checking of home directory configuration files.
V-215357 Medium If IPv6 is not utilized on AIX server, the autoconf6 daemon must be disabled.
V-215356 Medium If DHCP is not enabled in the network on AIX, the dhcprd daemon must be disabled.
V-215355 Medium The AIX DHCP client must be disabled.
V-215398 Medium AIX must set Stack Execution Disable (SED) system wide mode to all.
V-215353 Medium If sendmail is not required on AIX, the sendmail service must be disabled.
V-245557 Medium The AIX /etc/hosts file must be owned by root.
V-215351 Medium If there are no X11 clients that require CDE on AIX, the dt service must be disabled.
V-215216 Medium AIX must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect unclassified information requiring confidentiality and cryptographic protection in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
V-215214 Medium If LDAP authentication is required on AIX, SSL must be used between LDAP clients and the LDAP servers to protect the integrity of remote access sessions.
V-215215 Medium AIX must only allow the use of DoD PKI-established certificate authorities for verification of the establishment of protected sessions.
V-215212 Medium AIX CDE must conceal, via the session lock, information previously visible on the display with a publicly viewable image.
V-215359 Medium If AIX server is not functioning as a multicast router, the mrouted daemon must be disabled.
V-215358 Medium If AIX server is not functioning as a network router, the gated daemon must be disabled.
V-215409 Medium AIX public directories must be the only world-writable directories and world-writable files must be located only in public directories.
V-215407 Medium In the event of a system failure, AIX must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.
V-215408 Medium The /etc/shells file must exist on AIX systems.
V-215289 Medium The AIX SSH server must use SSH Protocol 2.
V-215288 Medium All AIX shells referenced in passwd file must be listed in /etc/shells file, except any shells specified for the purpose of preventing logins.
V-215291 Medium AIX must disable Kerberos Authentication in ssh config file to enforce access restrictions.
V-245559 Medium The AIX /etc/hosts file must have a mode of 0640 or less permissive.
V-215281 Medium AIX time synchronization configuration file must have mode 0640 or less permissive.
V-215280 Medium Samba packages must be removed from AIX.
V-215283 Medium AIX must encrypt user data at rest using AIX Encrypted File System (EFS) if it is required.
V-215282 Medium The AIX /etc/group file must have mode 0644 or less permissive.
V-215285 Medium AIX must monitor and record successful remote logins.
V-215284 Medium AIX must protect the confidentiality and integrity of transmitted information during preparation for transmission and maintain the confidentiality and integrity of information during reception and disable all non-encryption network access methods.
V-215287 Medium On AIX, the SSH server must not permit root logins using remote access programs.
V-215286 Medium AIX must monitor and record unsuccessful remote logins.
V-215368 Medium The ndpd-router must be disabled on AIX.
V-215354 Medium If SNMP is not required on AIX, the snmpd service must be disabled.
V-215406 Medium The rwalld daemon must be disabled on AIX.
V-215391 Medium The echo daemon must be disabled on AIX.
V-215360 Medium If AIX server is not functioning as a DNS server, the named daemon must be disabled.
V-215361 Medium If AIX server is not functioning as a network router, the routed daemon must be disabled.
V-215366 Medium The aixmibd daemon must be disabled on AIX.
V-215367 Medium The ndpd-host daemon must be disabled on AIX.
V-215364 Medium If AIX server does not host an SNMP agent, the dpid2 daemon must be disabled.
V-215352 Medium If NFS is not required on AIX, the NFS daemon must be disabled.
V-215201 Medium The Department of Defense (DoD) login banner must be displayed immediately prior to, or as part of, graphical desktop environment login prompts on AIX.
V-215380 Medium The rstatd daemon must be disabled on AIX.
V-215203 Medium Any publically accessible connection to AIX operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system.
V-215202 Medium The Department of Defense (DoD) login banner must be displayed during SSH, sftp, and scp login sessions on AIX.
V-215205 Medium If LDAP authentication is required, AIX must setup LDAP client to refresh user and group caches less than a day.
V-215207 Medium AIX must protect the confidentiality and integrity of all information at rest.
V-215381 Medium The rusersd daemon must be disabled on AIX.
V-215209 Medium All AIX NFS anonymous UIDs and GIDs must be configured to values without permissions.
V-215208 Medium AIX must provide time synchronization applications that can synchronize the system clock to external time sources at least every 24 hours.
V-215350 Medium If AIX system does not support either local or remote printing, the piobe service must be disabled.
V-215416 Medium All global initialization file executable search paths must contain only absolute paths.
V-215383 Medium The klogin daemon must be disabled on AIX.
V-215211 Medium AIX must be configured to allow users to directly initiate a session lock for all connection types.
V-215405 Medium If DHCP server is not required on AIX, the DHCP server must be disabled.
V-215410 Medium AIX must be configured to only boot from the system boot device.
V-215200 Medium AIX must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote login access to the system.
V-215411 Medium AIX must not use removable media as the boot loader.
V-215412 Low If the AIX host is running an SMTP service, the SMTP greeting must not provide version information.
V-215309 Low If bash is used, AIX must display logout messages.
V-215413 Low AIX must contain no .forward files.
V-215311 Low If csh/tcsh shell is used, AIX must display logout messages.
V-215310 Low If Bourne / ksh shell is used, AIX must display logout messages.
V-215185 Low SSH must display the date and time of the last successful account login to AIX system upon login.