Detections
Analytics

CIS AIX 5.3/6.1 L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS AIX 5.3/6.1 L1 v1.0.0

Updated: 11/25/2019

Authority: CIS

Plugin: Unix

Revision: 1.13

Estimated Item Count: 109

File Details

Filename: CIS_AIX_5.3_6.1_v1.0.0_Level_I.audit

Size: 64.5 kB

Audit Items

DescriptionCategories
1.1.1 - /etc/security/user - 'mindiff >= 4'
1.1.2 - /etc/security/user - 'minage >= 1'
1.1.3 - /etc/security/user - 'maxage <= 13'
1.1.4 - /etc/security/user - 'minlen = 8'
1.1.5 - /etc/security/user - 'minalpha >= 2'
1.1.6 - /etc/security/user - 'minother >= 2'
1.1.7 - /etc/security/user - 'maxrepeats <= 2'
1.1.8 - /etc/security/user - 'histexpire >= 13'
1.1.9 - /etc/security/user - 'histsize >= 20'
1.1.10 - /etc/security/user - 'maxexpired <= 2'
1.2.1 - /etc/security/login.cfg - 'logininterval <= 300'
1.2.2 - /etc/security/login.cfg - 'logindisable <= 10'
1.2.3 - /etc/security/login.cfg - 'loginreenable >= 360'
1.2.4 - /etc/security/login.cfg - 'logintimeout <= 30'
1.2.5 - /etc/security/login.cfg - 'logindelay >= 10'
1.2.6 - /etc/security/user - 'loginretries <= 3'
1.2.7 - /etc/security/user - 'rlogin = false'
1.2.8 - /etc/security/user - 'sugroups=ALL su=true'
1.3.53 - /etc/inetd.conf - permissions and ownership - '/etc/inetd.conf root:system 644'
1.7.1 - Miscellaneous Enhancements - '~root/.profile PATH does not include dot'
1.7.2 - Miscellaneous Enhancements - '/etc/environment PATH does not include dot (AIX 5.3 only)'
1.7.5 - Miscellaneous Enhancements - '/etc/ftpusers includes root'
1.7.6 - Miscellaneous Enhancements - login herald - 'default herald is set to appropriate text'
1.7.7 - Miscellaneous Enhancements - 'guest account removal'
1.7.8 - Miscellaneous Enhancements - crontab permissions - '/usr/bin/errclear 755'
1.7.8 - Miscellaneous Enhancements - crontab permissions - '/usr/lib/ras/dumpcheck 755'
1.7.8 - Miscellaneous Enhancements - crontab permissions - '/usr/lib/spell/compress 755'
1.7.8 - Miscellaneous Enhancements - crontab permissions - '/usr/sbin/skulker 755'
2.2.2 - Configuring SSH - disabling direct root access - 'PermitRootLogin = no'
2.2.3 - Configuring SSH - server protocol - 'Protocol 2'
2.2.4 - Configuring SSH - client protocol - 'Protocol 2'
2.2.5 - Configuring SSH - banner configuration - 'Banner = /etc/motd'
2.2.6 - Configuring SSH - ignore .shosts and .rhosts - 'IgnoreRhosts = yes'
2.2.7 - Configuring SSH - disable null passwords - 'PermitEmptyPasswords = no'
2.2.10 - Configuring SSH - set privilege separation - 'UsePrivilegeSeparation = yes'
2.2.11 - Configuring SSH - sshd_config permissions lockdown - '/etc/ssh/sshd_config root:system 600'
2.2.12 - Configuring SSH - ssh_config permissions lockdown - '/etc/ssh/ssh_config root:system 600'
2.3.1 - /etc/mail/sendmail.cf - SmtpGreetingMessage - 'SmtpGreetingMessage = mailerready'
2.3.2 - /etc/mail/sendmail.cf - permissions and ownership - '/etc/mail/sendmail.cf root:system 640'
2.3.3 - /var/spool/mqueue - permissions and ownership - '/var/spool/mqueue root:system 700'
2.4.3 - CDE - sgid/suid binary lockdown - '/usr/dt/bin/dtaction root:sys 555'
2.4.3 - CDE - sgid/suid binary lockdown - '/usr/dt/bin/dtappgather root:bin 555'
2.4.3 - CDE - sgid/suid binary lockdown - '/usr/dt/bin/dtprintinfo root:bin 555'
2.4.3 - CDE - sgid/suid binary lockdown - '/usr/dt/bin/dtsession root:bin 555'
2.4.5 - CDE - screensaver lock - 'dtsession*lockTimeout <= 10'
2.4.5 - CDE - screensaver lock - 'dtsession*saverTimeout <= 10'
2.4.6 - CDE - /etc/dt/config/Xconfig permissions and ownership - '/etc/dt/config/Xconfig root:bin 444'
2.4.7 - CDE - /etc/dt/config/Xservers permissions and ownership - '/etc/dt/config/Xservers root:bin 444'
2.4.7 - CDE - /etc/dt/config/Xservers permissions and ownership - 'Dtlogin.servers = /etc/dt/config/Xservers'
2.4.8 - CDE - login screen hostname masking - 'dtlogin*greeting.labelString is set to appropriate text'