STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX Operating systems must enforce 24 hours/1 day as the minimum password lifetime.

DISA Rule

SV-215222r508663_rule

Vulnerability Number

V-215222

Group Title

SRG-OS-000075-GPOS-00043

Rule Version

AIX7-00-001125

Severity

CAT II

CCI(s)

• CCI-000198 - The information system enforces minimum password lifetime restrictions.

Weight

10

Fix Recommendation

From the command prompt, run the following command to set "minage=1" for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a minage=1

For each user who has "minage=0" set its "minage" to "1" by running the following command from command prompt:
# chsec -f /etc/security/user -s [user_name] -a minage=1

Check Contents

From the command prompt, run the following command to check the system default "minage" attribute value:
# lssec -f /etc/security/user -s default -a minage
default minage=1

If the default "minage" value is not set, or its value is less than "1", this is a finding.

From the command prompt, run the following command to check "minage" attribute value for all accounts:
# lsuser -a minage ALL
root minage=1
user1 minage=1
user2 minage=2

If any user's "minage" value is less than "1", this is a finding.

Vulnerability Number

V-215222

Documentable

False

Rule Version

AIX7-00-001125

Severity Override Guidance

From the command prompt, run the following command to check the system default "minage" attribute value:
# lssec -f /etc/security/user -s default -a minage
default minage=1

If the default "minage" value is not set, or its value is less than "1", this is a finding.

From the command prompt, run the following command to check "minage" attribute value for all accounts:
# lsuser -a minage ALL
root minage=1
user1 minage=1
user2 minage=2

If any user's "minage" value is less than "1", this is a finding.

Check Content Reference

M

Target Key

4012

Comments