STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 25 Apr 2019: The AIX operating system must be configured to authenticate using Multi Factor Authentication.

DISA Rule

SV-103031r1_rule

Vulnerability Number

V-92943

Group Title

SRG-OS-000480-GPOS-000227

Rule Version

AIX7-00-003201

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Run the following command to set the global and user stanza "auth_type":

# chsec -f /etc/security/login.cfg -susw -a auth_type=PAM_AUTH

Check Contents

Verify the global "auth_type" is configured to use PAM:

# grep auth_type /etc/security/login.cfg |grep AUTH

auth_type = PAM_AUTH

If "auth_type" is not set to "PAM_AUTH", this is a finding.


Verify that the user stanza is configured to use PAM:

# lssec -f /etc/security/login.cfg -susw -a auth_type

usw auth_type=PAM_AUTH

If "auth_type" is not set to "PAM_AUTH", this is a finding.

Vulnerability Number

V-92943

Documentable

False

Rule Version

AIX7-00-003201

Severity Override Guidance

Verify the global "auth_type" is configured to use PAM:

# grep auth_type /etc/security/login.cfg |grep AUTH

auth_type = PAM_AUTH

If "auth_type" is not set to "PAM_AUTH", this is a finding.


Verify that the user stanza is configured to use PAM:

# lssec -f /etc/security/login.cfg -susw -a auth_type

usw auth_type=PAM_AUTH

If "auth_type" is not set to "PAM_AUTH", this is a finding.

Check Content Reference

M

Target Key

3491

Comments