STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Apr 2019: AIX Operating systems must enforce 24 hours/1 day as the minimum password lifetime.

DISA Rule

SV-101407r1_rule

Vulnerability Number

V-91309

Group Title

SRG-OS-000075-GPOS-00043

Rule Version

AIX7-00-001125

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

From the command prompt, run the following command to set "minage=1" for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a minage=1

For each user who has "minage=0" set its "minage" to "1" by running the following command from command prompt:
# chsec -f /etc/security/user -s [user_name] -a minage=1

Check Contents

From the command prompt, run the following command to check the system default "minage" attribute value:
# lssec -f /etc/security/user -s default -a minage
default minage=1

If the default "minage" value is not set, or its value is less than "1", this is a finding.

From the command prompt, run the following command to check "minage" attribute value for all accounts:
# lsuser -a minage ALL
root minage=1
user1 minage=1
user2 minage=2

If any user's "minage" value is less than "1", this is a finding.

Vulnerability Number

V-91309

Documentable

False

Rule Version

AIX7-00-001125

Severity Override Guidance

From the command prompt, run the following command to check the system default "minage" attribute value:
# lssec -f /etc/security/user -s default -a minage
default minage=1

If the default "minage" value is not set, or its value is less than "1", this is a finding.

From the command prompt, run the following command to check "minage" attribute value for all accounts:
# lsuser -a minage ALL
root minage=1
user1 minage=1
user2 minage=2

If any user's "minage" value is less than "1", this is a finding.

Check Content Reference

M

Target Key

3491

Comments