AIX /etc/security/mkuser.sys.custom file must not exist unless it is needed for customizing a new user account.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215169 | SRG-OS-000001-GPOS-00001 | AIX7-00-001000 | SV-215169r958362_rule | 2024-08-16 | 3 |
| Description |
|---|
| The "/etc/security/mkuser.sys.custom" is called by "/etc/security/mkuser.sys" to customize the new user account when a new user is created, or a user is logging into the system without a home directory. An improper "/etc/security/mkuser.sys.custom" script increases the risk that non-privileged users may obtain elevated privileges. It must not exist unless it is needed. |
| ℹ️ Check |
|---|
| Check if the "/etc/security/mkuser.sys.custom" file exists: # ls /etc/security/mkuser.sys.custom If the above command shows the file exists, this is a finding. |
| ✔️ Fix |
|---|
| Remove the "/etc/security/mkuser.sys.custom" file using the following command: # rm /etc/security/mkuser.sys.custom |