STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX SYSTEM attribute must not be set to NONE for any account.

DISA Rule

SV-215177r508663_rule

Vulnerability Number

V-215177

Group Title

SRG-OS-000104-GPOS-00051

Rule Version

AIX7-00-001010

Severity

CAT I

CCI(s)

• CCI-000764 - The information system uniquely identifies and authenticates organizational users (or processes acting on behalf of organizational users).

Weight

10

Fix Recommendation

For every user who has "SYSTEM=NONE", run the following command to set their "SYSTEM" value to "compat":

# chuser SYSTEM=compat [user_name]

Check Contents

Examine the "SYSTEM" attribute values for all users in the "/etc/security/user" file by running the following command:
# lsuser -a SYSTEM ALL

The above command should yield the following output:
root SYSTEM=compat
daemon SYSTEM=compat
bin SYSTEM=compat
sys SYSTEM=compat

If the command displays SYSTEM=NONE for a user, this is a finding.

Vulnerability Number

V-215177

Documentable

False

Rule Version

AIX7-00-001010

Severity Override Guidance

Examine the "SYSTEM" attribute values for all users in the "/etc/security/user" file by running the following command:
# lsuser -a SYSTEM ALL

The above command should yield the following output:
root SYSTEM=compat
daemon SYSTEM=compat
bin SYSTEM=compat
sys SYSTEM=compat

If the command displays SYSTEM=NONE for a user, this is a finding.

Check Content Reference

M

Target Key

4012

Comments