| GEN002825 - System must be configured to audit load/unload dynamic kernel modules - '/etc/security/audit/config FILE_Mknod exists' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002825 - System must be configured to audit load/unload dynamic kernel modules - '/etc/security/audit/events DEV_Create exists' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002825 - System must be configured to audit load/unload dynamic kernel modules - '/etc/security/audit/events DEV_Stop exists' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002825 - System must be configured to audit load/unload dynamic kernel modules - '/etc/security/audit/events DEV_Unconfigure exists' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN002960 - Access to the cron utility must be controlled using the cron.allow and/or cron.deny file(s) - '/var/adm/cron/cron.allow' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN002990 - The cron.allow file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'daemon' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'ipsec' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'lp' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'pconsole' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.allow file - 'snapp' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'adm' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'ipsec' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'lp' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003060 - Default system accounts must be included in the cron.deny file - 'nobody' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'adm' - at.allow | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'adm' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'daemon' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'esaadmin' - at.allow | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'invscout' - at.allow | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'ipsec' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'pconsole' - at.deny | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'sshd' - at.allow | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'sys' - at.allow | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003320 - System accounts must not be listed in at.allow or must be included in at.deny - 'uucp' - at.allow | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003340 - The at.allow file must have mode 0640 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003380 - The 'at' daemon must not execute programs in, or subordinate to, world-writable directories. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003604 - The system must not respond to ICMP timestamp requests sent to a broadcast address. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003608 - Proxy ARP must not be enabled on the system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003660 - The system must log authentication informational data - 'auth.*' | DISA STIG AIX 5.3 v1r2 | Unix | AUDIT AND ACCOUNTABILITY |
| GEN003770 - The services file must be group-owned by bin, sys, or system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003790 - The services file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003865 - Network analysis tools must not be installed - 'ethereal' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN004500 - The SMTP service log file must have mode 0644 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN004580 - The system must not use .forward files. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN004800 - Unencrypted FTP must not be used on the system - 'ftp is disabled' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN004940 - The ftpusers file must have mode 0640 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005365 - The snmpd.conf file must be group-owned by bin, sys, or system - '/etc/snmpdv3.conf' | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005390 - The /etc/syslog.conf file must have mode 0640 or less permissive. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005400 - The /etc/syslog.conf file must be owned by root. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005420 - The /etc/syslog.conf file must be group-owned by bin, sys, or system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005511 - The SSH client must be configured to not use CBC-based ciphers. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005540 - The SSH daemon must be configured for IP filtering - '/etc/hosts.deny' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005590 - The system must not be running any routing protocol daemons, unless the system is a router. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005600 - IP forwarding for IPv4 must not be enabled, unless the system is a router. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005840 - The NFS server must be configured to restrict file system access to local hosts - 'All exports contain ro or rw' | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN005900 - The nosuid option must be enabled on all NFS client mounts. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN006150 - The /usr/lib/smb.conf file must not have an extended ACL. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN006180 - The /var/private/smbpasswd file must be group-owned by sys or system. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN006220 - The smb.conf file must use the hosts option to restrict access to Samba. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
