STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must use Loadable Password Algorithm (LPA) password hashing algorithm.

DISA Rule

SV-215225r508663_rule

Vulnerability Number

V-215225

Group Title

SRG-OS-000078-GPOS-00046

Rule Version

AIX7-00-001128

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

From the command prompt, run the following command to set system wide password algorithm to "ssha512" so that it supports passwords longer than 8-character:
# chsec -f /etc/security/login.cfg -s usw -a pwd_algorithm=ssha512

For each users who have hashed passwords in "/etc/security/passwd" file that does not start with "{ssha512}", run passwd commands to reset the users' passwords so that they have to change their passwords in the next login:
# passwd [user_name]

Check Contents

From the command prompt, run the following command to check system wide password algorithm:

# lssec -f /etc/security/login.cfg -s usw -a pwd_algorithm
usw pwd_algorithm=ssha512

If the "pwd_algorithm" is not set to "ssha512", or "ssha256", this is a finding.

Vulnerability Number

V-215225

Documentable

False

Rule Version

AIX7-00-001128

Severity Override Guidance

From the command prompt, run the following command to check system wide password algorithm:

# lssec -f /etc/security/login.cfg -s usw -a pwd_algorithm
usw pwd_algorithm=ssha512

If the "pwd_algorithm" is not set to "ssha512", or "ssha256", this is a finding.

Check Content Reference

M

Target Key

4012

Comments