STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Apr 2019: AIX must configure the ttys value for all interactive users.

DISA Rule

SV-102347r1_rule

Vulnerability Number

V-92245

Group Title

SRG-OS-000114-GPOS-000059

Rule Version

AIX7-00-001025

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

From the command prompt, run the following command to set "ttys=ALL" for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a ttys=ALL

Run the following command to recheck "ttys" values for all users:
# lsuser -a ttys ALL

For each interactive user who does not have "ttys=ALL", set the value of "ttys" to "ALL" by running the following command from command prompt:
# chsec -f /etc/security/user -s [user_name] -a ttys=ALL

Check Contents

Verify that the default "ttys" value is set for all users:

# lssec -f /etc/security/users -s default -a ttys
default ttys=ALL

If the value returned is not "ttys=ALL", this is a finding.

From the command prompt, run the following command to check "ttys" attribute value for all accounts:
# lsuser -a ttys ALL

The above command should yield the following output:
root ttys=ALL
user1 ttys=ALL
user2 ttys=ALL
user3 ttys=ALL

If any interactive user account does not have "ttys=ALL", this is a finding.

Vulnerability Number

V-92245

Documentable

False

Rule Version

AIX7-00-001025

Severity Override Guidance

Verify that the default "ttys" value is set for all users:

# lssec -f /etc/security/users -s default -a ttys
default ttys=ALL

If the value returned is not "ttys=ALL", this is a finding.

From the command prompt, run the following command to check "ttys" attribute value for all accounts:
# lsuser -a ttys ALL

The above command should yield the following output:
root ttys=ALL
user1 ttys=ALL
user2 ttys=ALL
user3 ttys=ALL

If any interactive user account does not have "ttys=ALL", this is a finding.

Check Content Reference

M

Target Key

3491

Comments