STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must automatically remove or disable temporary user accounts after 72 hours or sooner.

DISA Rule

SV-215170r508663_rule

Vulnerability Number

V-215170

Group Title

SRG-OS-000002-GPOS-00002

Rule Version

AIX7-00-001001

Severity

CAT II

CCI(s)

• CCI-000016 - The information system automatically removes or disables temporary accounts after an organization-defined time period for each type of account.

Weight

10

Fix Recommendation

From the command prompt, execute the following command to set the expiration time to 72 hours from now:
# chuser expires=1218103116 tmp_user

From the command prompt, execute the following command:
# lsuser -a expires tmp_user

The above command should yield the following output:
tmp_user expires=1218103116

Check Contents

From the command prompt, execute the following command:
# lsuser -a expires tmp_user

The above command should yield the following output:
tmp_user expires=0
Or
tmp_user expires=1215103116

The "expires" value is in "MMDDhhmmyy" form, or the value is "0".

If "expires" value is "0", or the expiration time is greater than "72" hours from the user creation time, this is a finding.

Vulnerability Number

V-215170

Documentable

False

Rule Version

AIX7-00-001001

Severity Override Guidance

From the command prompt, execute the following command:
# lsuser -a expires tmp_user

The above command should yield the following output:
tmp_user expires=0
Or
tmp_user expires=1215103116

The "expires" value is in "MMDDhhmmyy" form, or the value is "0".

If "expires" value is "0", or the expiration time is greater than "72" hours from the user creation time, this is a finding.

Check Content Reference

M

Target Key

4012

Comments