AIX must configure the ttys value for all interactive users.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215186 | SRG-OS-000114-GPOS-00059 | AIX7-00-001025 | SV-215186r958498_rule | 2024-08-16 | 3 |
| Description |
|---|
| A user's "ttys" attribute controls from which device(s) the user can authenticate and log in. If the "ttys" attribute is not specified, all terminals can access the user account. |
| ℹ️ Check |
|---|
| Verify that the default "ttys" value is set for all users: # lssec -f /etc/security/user -s default -a ttys default ttys=ALL If the value returned is not "ttys=ALL", this is a finding. From the command prompt, run the following command to check "ttys" attribute value for all accounts: # lsuser -a ttys ALL The above command should yield the following output: root ttys=ALL user1 ttys=ALL user2 ttys=ALL user3 ttys=ALL If any interactive user account does not have "ttys=ALL", this is a finding. |
| ✔️ Fix |
|---|
| From the command prompt, run the following command to set "ttys=ALL" for the default stanza in "/etc/security/user": # chsec -f /etc/security/user -s default -a ttys=ALL Run the following command to recheck "ttys" values for all users: # lsuser -a ttys ALL For each interactive user who does not have "ttys=ALL", set the value of "ttys" to "ALL" by running the following command from command prompt: # chsec -f /etc/security/user -s [user_name] -a ttys=ALL |