GEN001394 - The /etc/group file must not have an extended ACL.

Information

The /etc/group file is critical to system security and must be protected from unauthorized modification. The group file contains a list of system groups and associated information.

Solution

Remove the extended ACL from the /etc/group file and disable extended permissions.

#acledit /etc/group

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-22338, Rule-ID|SV-38726r1_rule, STIG-ID|GEN001394, Vuln-ID|V-22338

Plugin: Unix

Control ID: f1edc4cbfb6edb294121030c122decca7c99781ef7431097efd3b9f8cbae3ad0