STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must enforce a minimum 15-character password length.

DISA Rule

SV-215226r508663_rule

Vulnerability Number

V-215226

Group Title

SRG-OS-000078-GPOS-00046

Rule Version

AIX7-00-001129

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

From the command prompt, run the following command to set "minlen=15" for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a minlen=15

For each user who has "minlen" value less than "15", set its "minlen" to "15" by running the following command from command prompt:
# chsec -f /etc/security/user -s [user_name] -a minlen=15

Check Contents

From the command prompt, run the following command to check the system default "minlen" attribute value:
# lssec -f /etc/security/user -s default -a minlen
default minlen=15

If the default "minlen" value is not set, or its value is less than "15", this is a finding.

From the command prompt, run the following command to check "minlen" attribute value for all accounts:
# lsuser -a minlen ALL
root minlen=15
user1 minlen=20
user2 minlen=15
user3 minlen=15

If any users have "minlen" value less than "15", this is a finding.

Vulnerability Number

V-215226

Documentable

False

Rule Version

AIX7-00-001129

Severity Override Guidance

From the command prompt, run the following command to check the system default "minlen" attribute value:
# lssec -f /etc/security/user -s default -a minlen
default minlen=15

If the default "minlen" value is not set, or its value is less than "15", this is a finding.

From the command prompt, run the following command to check "minlen" attribute value for all accounts:
# lsuser -a minlen ALL
root minlen=15
user1 minlen=20
user2 minlen=15
user3 minlen=15

If any users have "minlen" value less than "15", this is a finding.

Check Content Reference

M

Target Key

4012

Comments