STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The AIX operating system must be configured to authenticate using Multi Factor Authentication.

DISA Rule

SV-215437r508663_rule

Vulnerability Number

V-215437

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-003201

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Run the following command to set the global and user stanza "auth_type":

# chsec -f /etc/security/login.cfg -susw -a auth_type=PAM_AUTH

Check Contents

Verify the global "auth_type" is configured to use PAM:

# grep auth_type /etc/security/login.cfg |grep AUTH

auth_type = PAM_AUTH

If "auth_type" is not set to "PAM_AUTH", this is a finding.


Verify that the user stanza is configured to use PAM:

# lssec -f /etc/security/login.cfg -susw -a auth_type

usw auth_type=PAM_AUTH

If "auth_type" is not set to "PAM_AUTH", this is a finding.

Vulnerability Number

V-215437

Documentable

False

Rule Version

AIX7-00-003201

Severity Override Guidance

Verify the global "auth_type" is configured to use PAM:

# grep auth_type /etc/security/login.cfg |grep AUTH

auth_type = PAM_AUTH

If "auth_type" is not set to "PAM_AUTH", this is a finding.


Verify that the user stanza is configured to use PAM:

# lssec -f /etc/security/login.cfg -susw -a auth_type

usw auth_type=PAM_AUTH

If "auth_type" is not set to "PAM_AUTH", this is a finding.

Check Content Reference

M

Target Key

4012

Comments