All system files, programs, and directories must be owned by a system account.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-215183 | AIX7-00-001018 | SV-215183r991560_rule | CCI-001499 | medium |
| Description | ||||
| Restricting permissions will protect the files from unauthorized modification. | ||||
| STIG | Date | |||
| IBM AIX 7.x Security Technical Implementation Guide | 2024-08-16 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
CM-5(6)
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001499
1.00
- DISA · 3 · disa_xccdf · related
Details
Check Text (C-215183r991560_chk)
Check the ownership of system files, programs, and directories by running the following command:
# ls -lLa /etc /bin /usr/bin /usr/lbin /usr/ucb /sbin /usr/sbin
If any of the system files, programs, or directories are not owned by a system account, this is a finding.
Note: For this check, the system-provided "ipsec" user is considered to be a system account.
Fix Text (F-16379r294001_fix)
Change the owner of public directories to "root" or an application account using the following command:
# chown root </public/directory>
Note: Replace "root" with an application user as necessary.