Check: AIX7-00-003202
IBM AIX 7.x STIG:
AIX7-00-003202
(in versions v3 r1 through v1 r1)
Title
The AIX operating system must be configured to use Multi Factor Authentication for remote connections. (Cat II impact)
Discussion
To assure accountability and prevent unauthenticated access, privileged and non-privileged users must utilize multifactor authentication to prevent potential misuse and compromise of the system. Multifactor authentication uses two or more factors to achieve authentication. Factors include: 1. Something you know (e.g., password/PIN); 2. Something you have (e.g., cryptographic identification device, token); and 3. Something you are (e.g., biometric). The DoD CAC with DoD-approved PKI is an example of multifactor authentication.
Check Content
Verify SSH is configured to use multi factor authentication: # grep ^sshd /etc/pam.conf | head -3 sshd auth required pam_ckfile sshd auth required pam_permission file=/etc/security/access.conf found=allow sshd auth required pam_pmfa /etc/security/pmfa/pam_pmfa.conf If the output does not match the above lines, any lines are missing, or commented out, this is a finding.
Fix Text
Add or update the following lines in the /etc/pam.conf file: sshd auth required pam_ckfile sshd auth required pam_permission file=/etc/security/access.conffound=allow sshd auth required pam_pmfa /etc/security/pmfa/pam_pmfa.conf
Additional Identifiers
Rule ID: SV-215438r991589_rule
Vulnerability ID: V-215438
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |