EXAMPLE REPORT — real, unedited output (hostname sanitized) · VIOS 3.1 compliance← all reports
AIXray
by PowerTrue Systems · AIX · IBM Power · VIOS
Compliance report

Compliance report — DISA STIG (IBM AIX 7.x) — ptaix01

Host: ptaix01  ·  Generated: 2026-07-04  ·  Reference data: 2026-07-01  ·  Standard: DISA STIG for IBM AIX 7.x  ·  READ-ONLY — nothing was changed
Automation coverage. AIXray automates 11 finding(s) mapped to this standard. A compliance program also requires manual/organizational review — see the manual-review section below. N is the count of findings carrying a DISA STIG (IBM AIX 7.x) control tag in this scan; no full control-set total is claimed.

Auditor control summary one row per mapped control · non-pass first

ControlMapped finding(s)StatusObserved evidence
stig:V-215402SSH ciphersPASSchacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes128-ctr
stig:V-215287SSH root loginPASSpermitrootlogin prohibit-password
stig:V-215258Cleartext inetd servicesPASStelnet not enabled in inetd.conf
stig:V-215259Cleartext inetd servicesPASSftp not enabled in inetd.conf
stig:V-215432Trust files (.rhosts)PASSnone present
stig:V-215231SNMP community stringsPASSno default community
stig:V-215200Login bannerPASSherald set
stig:V-215269STIG file permissionsPASS/etc/inetd.conf 0644 u=0 g=0
stig:V-215272STIG file permissionsPASS/etc/ntp.conf 0640 u=0 g=0
stig:V-215273STIG file permissionsPASS/etc/ntp.conf 0640 u=0 g=0
stig:V-215281STIG file permissionsPASS/etc/ntp.conf 0640 u=0 g=0
stig:V-215274STIG file permissionsPASS/etc/group 0644 u=0 g=7
stig:V-215275STIG file permissionsPASS/etc/group 0644 u=0 g=7
stig:V-215282STIG file permissionsPASS/etc/group 0644 u=0 g=7
stig:V-245558STIG file permissionsPASS/etc/hosts 0640 u=0 g=0
stig:V-245559STIG file permissionsPASS/etc/hosts 0640 u=0 g=0
stig:V-245562STIG file permissionsPASS/etc/syslog.conf 0640 u=0 g=0
stig:V-245563STIG file permissionsPASS/etc/syslog.conf 0640 u=0 g=0
stig:V-215171STIG account policyPASSloginretries=3 (need le 3)
stig:V-215172STIG account policyPASSmaxulogs=10 (need le 10)
stig:V-215217STIG account policyPASSminupperalpha=1 (need ge 1)
stig:V-215218STIG account policyPASSminloweralpha=1 (need ge 1)
stig:V-215219STIG account policyPASSmindigit=1 (need ge 1)
stig:V-215220STIG account policyPASSmindiff=8 (need ge 8)
stig:V-215222STIG account policyPASSminage=1 (need ge 1)
stig:V-215223STIG account policyPASSmaxage=8 (need le 8)
stig:V-215224STIG account policyPASShistsize=5 (need ge 5)
stig:V-215226STIG account policyPASSminlen=15 (need ge 15)
stig:V-215227STIG account policyPASSminspecialchar=1 (need ge 1)
stig:V-215232STIG account policyPASSmaxrepeats=3 (need le 3)
stig:V-215337STIG account policyPASSlogindelay=4 (need ge 4)
stig:V-215263STIG network tunablesPASSipforwarding=0 (need eq 0)
stig:V-215265STIG network tunablesPASSip6forwarding=0 (need eq 0)
stig:V-215399STIG network tunablesPASSclean_partial_conns=1 (need eq 1)
stig:V-215430STIG network tunablesPASSbcastping=0 (need eq 0)
stig:V-215257STIG disabled servicesPASSexec not enabled in inetd.conf
stig:V-215334STIG disabled servicesPASStftp not enabled in inetd.conf
stig:V-215346STIG disabled servicesPASSshell not enabled in inetd.conf
stig:V-215347STIG disabled servicesPASSlogin not enabled in inetd.conf
stig:V-215369STIG disabled servicesPASSdaytime not enabled in inetd.conf
stig:V-215370STIG disabled servicesPASScmsd not enabled in inetd.conf
stig:V-215371STIG disabled servicesPASSttdbserver not enabled in inetd.conf
stig:V-215372STIG disabled servicesPASSuucp not enabled in inetd.conf
stig:V-215373STIG disabled servicesPASStime not enabled in inetd.conf
stig:V-215374STIG disabled servicesPASStalk not enabled in inetd.conf
stig:V-215375STIG disabled servicesPASSntalk not enabled in inetd.conf
stig:V-215376STIG disabled servicesPASSchargen not enabled in inetd.conf
stig:V-215377STIG disabled servicesPASSdiscard not enabled in inetd.conf
stig:V-215378STIG disabled servicesPASSdtspc not enabled in inetd.conf
stig:V-215379STIG disabled servicesPASSpcnfsd not enabled in inetd.conf
stig:V-215380STIG disabled servicesPASSrstatd not enabled in inetd.conf
stig:V-215381STIG disabled servicesPASSrusersd not enabled in inetd.conf
stig:V-215382STIG disabled servicesPASSsprayd not enabled in inetd.conf
stig:V-215383STIG disabled servicesPASSklogin not enabled in inetd.conf
stig:V-215384STIG disabled servicesPASSkshell not enabled in inetd.conf
stig:V-215385STIG disabled servicesPASSrquotad not enabled in inetd.conf
stig:V-215386STIG disabled servicesPASStftp not enabled in inetd.conf
stig:V-215387STIG disabled servicesPASSimap2 not enabled in inetd.conf
stig:V-215388STIG disabled servicesPASSpop3 not enabled in inetd.conf
stig:V-215389STIG disabled servicesPASSfinger not enabled in inetd.conf
stig:V-215390STIG disabled servicesPASSinstsrv not enabled in inetd.conf
stig:V-215391STIG disabled servicesPASSecho not enabled in inetd.conf
stig:V-215406STIG disabled servicesPASSrwalld not enabled in inetd.conf
stig:V-215353STIG disabled servicesPASSsendmail not started in /etc/rc.tcpip
stig:V-215354STIG disabled servicesPASSsnmpd not started in /etc/rc.tcpip
stig:V-215365STIG disabled servicesPASSsnmpmibd not started in /etc/rc.tcpip
stig:V-215358STIG disabled servicesPASSgated not started in /etc/rc.tcpip
stig:V-215361STIG disabled servicesPASSrouted not started in /etc/rc.tcpip
stig:V-215362STIG disabled servicesPASSrwhod not started in /etc/rc.tcpip
stig:V-215363STIG disabled servicesPASStimed not started in /etc/rc.tcpip
stig:V-215208Time synchronization (NTP)PASSxntpd active, 2 server(s)

Critical-first queue Critical then High risk · work top-down

RiskCategoryFindingObserved
CriticalA. Lifecycle & supportVIOS levelVIOS 3.1.4.10 — support ended 2026-04-30
HighA. Lifecycle & supportTechnology Level currency7300-03 (latest: 7300-04)

Remediation worklist every open finding, grouped by category

A. Lifecycle & support
RiskFindingObservedWhat it means & how to fixControl tags
HighTechnology Level currency7300-03 (latest: 7300-04)A newer Technology Level (7300-04) is available — known fixed defects and CVEs this box does not have.
Fix: schedule an update to the latest TL/SP in a maintenance window (smitty update_all from a downloaded lpp_source). Path: smitty update_all to 7300-04 from a downloaded lpp_source. Check IBM FLRT for firmware/VIOS prereqs first. On a VIOS this AIX level is secondary — patch the VIOS with 'updateios' (or viosupgrade), not update_all; the VIOS level (vios_level, above) is the primary currency signal.
CriticalVIOS levelVIOS 3.1.4.10 — support ended 2026-04-30This VIOS line no longer receives fixes — and every client LPAR depends on this box. On a dual-VIOS pair, upgrade the standby VIOS first, fail client traffic over, then do the other.
Fix: plan the VIOS upgrade to a supported stream (viosupgrade, or 'updateios' within a stream); do the second VIOS of the pair first if dual-VIOS.
ffiec:II.C.11

Manual review outside the tool's read-only view

Control mappings reference the DISA STIG for IBM AIX 7.x (public domain). This report indicates AIXray's read-only observations and is not a certified audit.