Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-215326 | AIX7-00-003010 | SV-215326r508663_rule | Medium |
Description |
---|
Unauthorized access could destroy the integrity of the library files. |
STIG | Date |
---|---|
IBM AIX 7.x Security Technical Implementation Guide | 2023-05-17 |
Check Text ( C-16524r294429_chk ) |
---|
The following system library directories need to be checked: /usr/lib/security/ /usr/lib/methods/ Determine if any system library file has an extended ACL by running the follow script: find /usr/lib/security /usr/lib/methods/ -type f | while read file do aclget -o /tmp/111.acl $file > /dev/null 2>&1 if [ $? -eq 0 ]; then grep -e "[[:space:]]enabled$" /tmp/111.acl > /dev/null 2>&1 if [ $? -eq 0 ]; then echo "$file has ACL" fi fi done If the above script yield any output, this is a finding. |
Fix Text (F-16522r294430_fix) |
---|
Remove the extended ACL(s) from the system library file(s) and disable extended permissions using the follow script: find /usr/lib/security /usr/lib/methods/ -type f | while read file do aclget -o /tmp/111.acl $file > /dev/null 2>&1 if [ $? -eq 0 ]; then grep -e "[[:space:]]enabled$" /tmp/111.acl > /dev/null 2>&1 if [ $? -eq 0 ]; then echo "Removing ACL from "$file cat /tmp/111.acl | head -n9 > /tmp/222.acl echo " disabled" >> /tmp/222.acl aclput -i /tmp/222.acl $file fi fi done |