STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The regular users default primary group must be staff (or equivalent) on AIX.

DISA Rule

SV-215182r508663_rule

Vulnerability Number

V-215182

Group Title

SRG-OS-000001-GPOS-00001

Rule Version

AIX7-00-001016

Severity

CAT II

CCI(s)

• CCI-000015 - The organization employs automated mechanisms to support the information system account management functions.

Weight

10

Fix Recommendation

Set the default primary groups for regular to be "staff".
# chsec -f /etc/security/mkuser.default -s user -a pgrp=staff

Check Contents

Check the default primary group for regular users:
# lssec -f /etc/security/mkuser.default -s user -a pgrp

The above command should yield the following output:
user pgrp=staff

If the above command shows that the primary group (pgrp) is not "staff", this is a finding.

Vulnerability Number

V-215182

Documentable

False

Rule Version

AIX7-00-001016

Severity Override Guidance

Check the default primary group for regular users:
# lssec -f /etc/security/mkuser.default -s user -a pgrp

The above command should yield the following output:
user pgrp=staff

If the above command shows that the primary group (pgrp) is not "staff", this is a finding.

Check Content Reference

M

Target Key

4012

Comments