Detections
Analytics

CIS IBM AIX 7.2 L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS IBM AIX 7.2 L1 v1.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.6

Estimated Item Count: 205

File Details

Filename: CIS_AIX_7.2_Benchmark_v1.0.0_Level_1.audit

Size: 320 kB

MD5: dc5f074200ce7013f396de99f37b7687
SHA256: 14e55fdfe245f25491609326e553b1a782bde6526606fa310acda90eb6f7c8dc

Audit Items

DescriptionCategories
2.1 Collect system configuration regularly
2.2 Scan for TROJAN aka Untrusted/Unauthorized Applications (Implement Allowlist)
2.3 Allowlist Authorized Software and Report Violations
2.4 Allowlist Authorized Libraries and Report Violations
2.5 Allowlist Authorized Scripts and Report Violations
2.7 Remove Unused Symbolic Links
3.3 Ensure default user umask is 027 or more restrictive
3.4 Remove group write permission from default groups - exceptions must be in TSD and audit
3.5 Application Data with requirement for world writable directories
3.6 Ensure there are no world writable files - exceptions must be in TSD and audit
3.7 Ensure there are no 'staff' writable files - exceptions must be in TSD and audit
3.8 Ensure all files and directories are owned by a user (uid) and assigned to a group (gid)
4.1.1.1 Disable writesrv
4.1.1.2 Disable ntalk/talk
4.1.1.3 dt
4.1.1.4 piobe
4.1.1.5 qdaemon
4.1.1.6 rc.nfs
4.1.1.7 cas_agent
4.1.2.1 inetd - aka Super Daemon
4.1.2.2 aixmibd
4.1.2.3 dhcpcd
4.1.2.4 dhcprd
4.1.2.5 dhcpsd
4.1.2.6 dpid2
4.1.2.7 gated
4.1.2.8 hostmibd
4.1.2.10 named
4.1.2.11 portmap
4.1.2.12 routed
4.1.2.13 rwhod
4.1.2.14 sendmail
4.1.2.15 snmpd
4.1.2.16 snmpmibd
4.1.2.17 timed
4.1.3.1 autoconf6
4.1.3.2 ndpd-host
4.1.3.3 ndpd-router
4.1.4.1 NFS - de-install NFS client
4.1.4.3 NFS - enable both nosuid and nodev options on NFS client mounts
4.1.4.4 NFS - localhost removal
4.1.4.6 NFS - no_root_squash option
4.1.5.1 bootps
4.1.5.2 chargen
4.1.5.3 comsat
4.1.5.4 daytime
4.1.5.5 discard
4.1.5.6 echo
4.1.5.7 exec
4.1.5.8 finger