AIX must configure the ttys value for all interactive users.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-215186 | SRG-OS-000114-GPOS-00059 | AIX7-00-001025 | SV-215186r958498_rule | 2026-02-06 | 3 |
Description
A user's "ttys" attribute controls from which device(s) the user can authenticate and log in. If the "ttys" attribute is not specified, all terminals can access the user account.
ℹ️ Check
Verify that the default "ttys" value is set for all users:
# lssec -f /etc/security/user -s default -a ttys
default ttys=ALL
If the value returned is not "ttys=ALL", this is a finding.
From the command prompt, run the following command to check "ttys" attribute value for all accounts:
# lsuser -a ttys ALL
The above command should yield the following output:
root ttys=ALL
user1 ttys=ALL
user2 ttys=ALL
user3 ttys=ALL
If any interactive user account does not have "ttys=ALL", this is a finding.
✔️ Fix
From the command prompt, run the following command to set "ttys=ALL" for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a ttys=ALL
Run the following command to recheck "ttys" values for all users:
# lsuser -a ttys ALL
For each interactive user who does not have "ttys=ALL", set the value of "ttys" to "ALL" by running the following command from command prompt:
# chsec -f /etc/security/user -s [user_name] -a ttys=ALL