GEN001190 - All network services daemon files must not have extended ACLs - /usr/sbin/*

Information

Restricting permission on daemons will protect them from unauthorized modification and possible system compromise.

Solution

Remove the extended ACL(s) from the network service daemon file(s).
#acledit < directory >/< network service daemon >
Disable extended permissions.

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6, CAT|II, CCI|CCI-000225, Group-ID|V-22313, Rule-ID|SV-38685r1_rule, STIG-ID|GEN001190, Vuln-ID|V-22313

Plugin: Unix

Control ID: 6dc8652db5b27c284ea7efdaaa5843c21c88beb3b80f37b5586ffbd34176b54f