STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

All AIX interactive users must be assigned a home directory in the passwd file and the directory must exist.

DISA Rule

SV-215435r508663_rule

Vulnerability Number

V-215435

Group Title

SRG-OS-000480-GPOS-00230

Rule Version

AIX7-00-003141

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Remove any unauthorized accounts with no home directory.

If the account is valid, create the home directory using the appropriate system administration utility or process.

Check Contents

Verify each interactive user is assigned a home directory:

# cut -d: -f1,6 /etc/passwd
root
srvproxy
doejohn

If an interactive user is not assigned a home directory, this is a finding.

Verify that the interactive user home directories exist on the system:

# cut -d: -f6 /etc/passwd | xargs -n1 ls -ld

drwxr-xr-x 2 doejohn staff 256 Jan 25 13:18 /home/doejohn

drwxr-xr-x 2 sshd system 256 Aug 11 2017 /home/srvproxy

drwx------ 2 root system 256 Jan 30 12:54 /root

If any interactive user home directory does not exist, this is a finding.

Vulnerability Number

V-215435

Documentable

False

Rule Version

AIX7-00-003141

Severity Override Guidance

Verify each interactive user is assigned a home directory:

# cut -d: -f1,6 /etc/passwd
root
srvproxy
doejohn

If an interactive user is not assigned a home directory, this is a finding.

Verify that the interactive user home directories exist on the system:

# cut -d: -f6 /etc/passwd | xargs -n1 ls -ld

drwxr-xr-x 2 doejohn staff 256 Jan 25 13:18 /home/doejohn

drwxr-xr-x 2 sshd system 256 Aug 11 2017 /home/srvproxy

drwx------ 2 root system 256 Jan 30 12:54 /root

If any interactive user home directory does not exist, this is a finding.

Check Content Reference

M

Target Key

4012

Comments