Upload
phungtuyen
View
219
Download
0
Embed Size (px)
Citation preview
155 rows
SECURITY AND COMPLIANCE ANALYTICS
Checklist: ORB-DATA-AIX-CIS-LEVEL-1-CHECK ChecksName Desired Values
0% 25% 50% 75% 100%Compliance
-09/23/2013 11/21/2013
/var/spool/mqueue - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: system
/etc/security/login.cfg - loginreenable - AIX 5.3-6.1 0%1 1 ComputerVALUE: 360
CDE - /etc/dt/config/Xconfig - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
/var/tmp/dpid2.log - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
CDE - /usr/dt/bin/dtprintinfo - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: bin
All user id must be unique - AIX 5.3-6.1 100%1 1 Computer
/etc/security/login.cfg - logintimeout - AIX 5.3-6.1 0%1 1 ComputerVALUE: 30
/etc/group - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0644
/etc/inetd.conf - group ownership - AIX 5.3-6.1 100%1 1 Computer
/var/adm/cron/log - group owner - AIX 5.3-6.1 0%1 1 ComputerVALUE: cron
/etc/security/user - histsize - AIX 5.3-6.1 0%1 1 ComputerVALUE: 20
/smit.log - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: system
SSH - /etc/ssh/sshd_config - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: system
CONFIG_FILE: /etc/ssh/sshd_config
/var/adm/cron/cron.allow - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
All group id must be unique - AIX 5.3-6.1 100%1 1 Computer
/etc/environment PATH - AIX 5.3-6.1 100%1 1 Computer
authorized users in at.allow - AIX 5.3-6.1 0%1 1 ComputerUSERS: sys adm
/etc/security/user - rlogin - AIX 5.3-6.1 0%1 1 Computer
155 rows
SECURITY AND COMPLIANCE ANALYTICS
Checklist: ORB-DATA-AIX-CIS-LEVEL-1-CHECK Checks
Name Desired Values0% 25% 50% 75% 100%
Compliance-09/23/2013 11/21/2013
SSH - /etc/ssh/ssh_config - group - AIX 5.3-6.1 100%1 1 ComputerVALUE: system
CONFIG_FILE: /etc/ssh/ssh_config
/etc/motd - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: bin
/etc/ftpusers - AIX 5.3-6.1 0%1 1 ComputerUSERS: root
/etc/security/user - histexpire - AIX 5.3-6.1 100%1 1 ComputerVALUE: 13
/etc/motd - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: bin
CDE -/etc/dt/config/Xservers - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: bin
CDE - /usr/dt/bin/dtappgather - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
/var/tmp/hostmibd.log - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: system
CDE - Dtlogin*greeting.persLabelString - AIX 5.3-6.1 100%1 1 ComputerVALUE: Authorized uses only. All act ivity may be monitored and reported.
NFS - localhost removal - AIX 5.3-6.1 100%1 1 Computer
/etc/passwd - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
authorized users in cron.allow - AIX 5.3-6.1 0%1 1 ComputerUSERS: sys adm
CDE - /etc/dt/config/*/Xresources - permissions - AIX 5.3-6.1 100%1 1 Computer
/etc/security/user - minalpha - AIX 5.3-6.1 0%1 1 ComputerVALUE: 2
/etc/mail/sendmail.cf - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
/var/tmp/snmpd.log - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0640
CDE - /usr/dt/bin/dtaction - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: sys
crontab permissions (permissions) - AIX 5.3-6.1 0%1 1 Computer
/etc/group - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: security
/etc/security audit - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: audit
155 rows
SECURITY AND COMPLIANCE ANALYTICS
Checklist: ORB-DATA-AIX-CIS-LEVEL-1-CHECK Checks
Name Desired Values0% 25% 50% 75% 100%
Compliance-09/23/2013 11/21/2013
SSH - /etc/ssh/sshd_config - PermitRootLogin - AIX 5.3-6.1 0%1 1 ComputerCONFIG_FILE: /etc/ssh/sshd_config
CDE - /usr/dt/bin/dtappgather - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: bin
CDE - /etc/dt/config/*/Xresources - owner - AIX 5.3-6.1 100%1 1 Computer
/var/adm/cron/at.allow - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0400
/var/adm/ras - permissions - AIX 5.3-6.1 0%1 1 Computer
CDE - /etc/dt/config/Xconfig - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: bin
CDE - /usr/dt/bin/dtprintinfo - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0555
/etc/security - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
SSH - /etc/ssh/sshd_config - Protocol - AIX 5.3-6.1 0%1 1 ComputerCONFIG_FILE: /etc/ssh/sshd_config
CDE - Dtlogin*greeting.labelString - AIX 5.3-6.1 100%1 1 ComputerVALUE: Authorized uses only. All act ivity may be monitored and reported.
/var/tmp/dpid2.log - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: system
TCP Wrappers - /etc/inetd.conf - AIX 5.3-6.1 0%1 1 Computer
/etc/security/user - minlen - AIX 5.3-6.1 0%1 1 ComputerVALUE: 8
TCP Wrappers - /etc/hosts.allow - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: system
/etc/profile PATH - AIX 5.3-6.1 100%1 1 Computer
/var/adm/cron/cron.allow - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: sys
/var/adm/cron/log - permissions - AIX 5.3-6.1 0%1 1 ComputerPERMS_DESC: 0660
/var/adm/sa - permissions - AIX 5.3-6.1 0%1 1 ComputerPERMS_DESC: 0755
SSH - /etc/ssh/sshd_config - IgnoreRhosts - AIX 5.3-6.1 0%1 1 ComputerCONFIG_FILE: /etc/ssh/sshd_config
/audit - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0750
155 rows
SECURITY AND COMPLIANCE ANALYTICS
Checklist: ORB-DATA-AIX-CIS-LEVEL-1-CHECK Checks
Name Desired Values0% 25% 50% 75% 100%
Compliance-09/23/2013 11/21/2013
TCP Wrappers - /etc/hosts.deny - is a file - AIX 5.3-6.1 0%1 1 Computer
/var/ct/RMstart.log - permissions - AIX 5.3-6.1 0%1 1 ComputerPERMS_DESC: 0640
/smit.log - permissions - AIX 5.3-6.1 0%1 1 ComputerPERMS_DESC: 0640
CDE - /usr/dt/bin/dtsession - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
/var/spool/cron/crontabs - owner - AIX 5.3-6.1 0%1 1 ComputerVALUE: root
SSH - /etc/ssh/sshd_config - PermitEmptyPasswords - AIX 5.3-6.1 0%1 1 ComputerCONFIG_FILE: /etc/ssh/sshd_config
/etc/security/login.cfg - logininterval - AIX 5.3-6.1 100%1 1 ComputerVALUE: 300
TCP Wrappers - /etc/hosts.deny - contents - AIX 5.3-6.1 0%1 1 Computer
/var/tmp/dpid2.log - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0640
/var/tmp/hostmibd.log - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
/etc/motd - permissions - AIX 5.3-6.1 0%1 1 ComputerPERMS_DESC: 0640
CDE - /usr/dt/bin/dtaction - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0555
/etc/security/login.cfg - logindelay - AIX 5.3-6.1 0%1 1 ComputerVALUE: 10
/var/adm/sa - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: adm
crontab permissions (owner) - AIX 5.3-6.1 0%1 1 Computer
/etc/security/user - maxexpired - AIX 5.3-6.1 0%1 1 ComputerVALUE: 2
/etc/security/user - maxage - AIX 5.3-6.1 100%1 1 ComputerVALUE: 13
CDE - /usr/dt/bin/dtaction - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
all unlocked accounts must have a password - AIX 5.3-6.1 0%1 1 Computer
/etc/mail/sendmail.cf - permissions - AIX 5.3-6.1 0%1 1 ComputerPERMS_DESC: 0640
155 rows
SECURITY AND COMPLIANCE ANALYTICS
Checklist: ORB-DATA-AIX-CIS-LEVEL-1-CHECK Checks
Name Desired Values0% 25% 50% 75% 100%
Compliance-09/23/2013 11/21/2013
CDE - /etc/dt/config/Xconfig - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0444
SSH - /etc/ssh/ssh_config - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
CONFIG_FILE: /etc/ssh/ssh_config
/etc/motd - contents - AIX 5.3-6.1 100%1 1 Computer
/etc/group - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
ftp banner - AIX 5.3-6.1 0%1 1 ComputerVALUE: %s Authorized uses only. All act ivity may be monitored and reported
NFS - nosuid on NFS client mounts - AIX 5.3-6.1 100%1 1 Computer
/etc/mail/sendmail.cf - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: system
SSH - /etc/ssh/sshd_config - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
CONFIG_FILE: /etc/ssh/sshd_config
CDE - /etc/dt/config/Xservers - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
SSH - /etc/ssh/sshd_config - Banner contents - AIX 5.3-6.1 0%1 1 Computer
TCP Wrappers - /etc/hosts.allow - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
/etc/security/user - mindiff - AIX 5.3-6.1 0%1 1 ComputerVALUE: 4
world writable directory in root PATH - AIX 5.3-6.1 100%1 1 ComputerROOT_PATH: /usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin:/usr/java5/jre/bin:/usr/java5/bin
/etc/environment PATH - AIX 5.3-6.1 100%1 1 Computer
CDE - /usr/dt/bin/dtsession - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0555
SSH - /etc/ssh/sshd_config - UsePrivilegeSeparation - AIX 5.3-6.1 0%1 1 ComputerCONFIG_FILE: /etc/ssh/sshd_config
/audit - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
/var/ct/RMstart.log - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
SSH - /etc/ssh/ssh_config - Protocol - AIX 5.3-6.1 0%1 1 ComputerCONFIG_FILE: /etc/ssh/ssh_config
/etc/mail/sendmail.cf - SmtpGreetingMessage - AIX 5.3-6.1 0%1 1 ComputerVALUE: mailerready
155 rows
SECURITY AND COMPLIANCE ANALYTICS
Checklist: ORB-DATA-AIX-CIS-LEVEL-1-CHECK Checks
Name Desired Values0% 25% 50% 75% 100%
Compliance-09/23/2013 11/21/2013
TCP Wrappers - /etc/hosts.allow - is a file - AIX 5.3-6.1 0%1 1 Computer
serial port restriction - AIX 5.3-6.1 100%1 1 ComputerEXCLUDE: <none>
/etc/passwd - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: security
/var/spool/mqueue - permissions - AIX 5.3-6.1 0%1 1 ComputerPERMS_DESC: 0700
/etc/security audit - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
/var/adm/sa - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: adm
/etc/security/user - loginretries - AIX 5.3-6.1 0%1 1 ComputerVALUE: 3
CDE - /etc/dt/config/Xconfig - Dtlogin.servers - AIX 5.3-6.1 100%1 1 Computer
/etc/security/user - maxrepeats - AIX 5.3-6.1 0%1 1 Computer
/etc/security/login.cfg - logindisable - AIX 5.3-6.1 100%1 1 ComputerVALUE: 10
/var/ct/RMstart.log - group - AIX 5.3-6.1 100%1 1 ComputerVALUE: system
/var/tmp/snmpd.log - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
/var/adm/cron/cron.allow - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0400
TCP Wrappers - /etc/hosts.deny - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
/var/adm/cron/at.allow - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: sys
CDE - /usr/dt/bin/dtappgather - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0555
/etc/security - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: security
/etc/motd - permissions - AIX 5.3-6.1 0%1 1 ComputerPERMS_DESC: 0644
/var/spool/cron/crontabs - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0770
guest account removal - AIX 5.3-6.1 0%1 1 Computer
155 rows
SECURITY AND COMPLIANCE ANALYTICS
Checklist: ORB-DATA-AIX-CIS-LEVEL-1-CHECK Checks
Name Desired Values0% 25% 50% 75% 100%
Compliance-09/23/2013 11/21/2013
TCP Wrappers - /etc/hosts.allow - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0600
/etc/inetd.conf - permissions - AIX 5.3-6.1 0%1 1 Computer
/etc/motd - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: bin
SSH - /etc/ssh/sshd_config - Banner setting - AIX 5.3-6.1 0%1 1 ComputerCONFIG_FILE: /etc/ssh/sshd_config
/etc/security/user- minother - AIX 5.3-6.1 0%1 1 ComputerVALUE: 2
/var/adm/cron/log - owner - AIX 5.3-6.1 0%1 1 ComputerVALUE: root
/etc/motd - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: bin
TCP Wrappers - /etc/hosts.deny - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0600
/etc/inetd.conf - ownership - AIX 5.3-6.1 100%1 1 Computer
/var/spool/cron/crontabs - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: cron
CDE - /etc/dt/config/*/Xresources - group owner - AIX 5.3-6.1 100%1 1 Computer
/etc/passwd - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0644
NFS - no_root_squash option - AIX 5.3-6.1 100%1 1 Computer
ftp umask - AIX 5.3-6.1 0%1 1 ComputerUMASK: 077
CDE - screensaver - dtsession*saverTimeout - AIX 5.3-6.1 100%1 1 ComputerVALUE: 10
/var/spool/mqueue - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
/smit.log - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
CDE - /usr/dt/bin/dtsession - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: bin
home directory permissions - AIX 5.3-6.1 0%1 1 ComputerEXCLUDE_USERS: root daemon bin sys adm uucp nobody lpd lp invscout snapp ipsec nuucp pconsole esaadmin sshd
SSH - /etc/ssh/sshd_config - permissions - AIX 5.3-6.1 0%1 1 ComputerPERMS_DESC: 0600
CONFIG_FILE: /etc/ssh/sshd_config
155 rows
SECURITY AND COMPLIANCE ANALYTICS
Checklist: ORB-DATA-AIX-CIS-LEVEL-1-CHECK Checks
Name Desired Values0% 25% 50% 75% 100%
Compliance-09/23/2013 11/21/2013
CDE - -/etc/dt/config/Xservers - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0444
/var/tmp/hostmibd.log - permissions - AIX 5.3-6.1 0%1 1 Computer
TCP Wrappers - /etc/hosts.allow - contents - AIX 5.3-6.1 0%1 1 Computer
/var/adm/cron/at.allow - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root
TCP Wrappers - /etc/hosts.deny - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: system
CDE - screensaver - dtsession*lockTimeout - AIX 5.3-6.1 100%1 1 ComputerVALUE: 10
/etc/security/user - minage - AIX 5.3-6.1 0%1 1 ComputerVALUE: 1
SSH - /etc/ssh/ssh_config - permissions - AIX 5.3-6.1 0%1 1 ComputerPERMS_DESC: 0600
CONFIG_FILE: /etc/ssh/ssh_config
/.profile PATH - AIX 5.3-6.1 100%1 1 Computer
/etc/security - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0750
/etc/security audit - permissions - AIX 5.3-6.1 100%1 1 ComputerPERMS_DESC: 0750
/audit - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: audit
login herald - AIX 5.3-6.1 0%1 1 ComputerVALUE: Unauthorized use of this system is prohibited.\nlogin:
home directory configuration files - AIX 5.3-6.1 100%1 1 ComputerEXCLUDE_DIRS: / /etc /bin /usr/sys /var/adm /usr/lib/uucp /var/spool/lp /var/adm/invscout /usr/sbin/snapp /etc/ipsec /var/spool/uucppublic /var/adm/pconsole /var/esa /var/empty
/var/tmp/snmpd.log - group owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: system
/etc/security/user - sugroups - AIX 5.3-6.1 0%1 1 Computer
CDE - /usr/dt/bin/dtprintinfo - owner - AIX 5.3-6.1 100%1 1 ComputerVALUE: root