Check: AIX7-00-001136
IBM AIX 7.x STIG:
AIX7-00-001136
(in versions v3 r1 through v1 r1)
Title
AIX must require passwords to contain no more than three consecutive repeating characters. (Cat II impact)
Discussion
Passwords with excessive repeating characters may be more vulnerable to password-guessing attacks.
Check Content
Check system default for "maxrepeats" attribute: # lssec -f /etc/security/user -s default -a maxrepeats default maxrepeats=3 If the default "maxrepeats" is greater than "3", or its value is not set, or its value is set to "0", this is a finding. Check the "maxrepeats" setting for all users using: # lsuser -a maxrepeats ALL The above command should yield the following output: root maxrepeats=3 daemon maxrepeats=3 bin maxrepeats=3 sys maxrepeats=3 If the "maxrepeats" setting for any user is greater than "3", or its value is set to "0", this is a finding.
Fix Text
Use the "chsec" command to set "maxrepeats" to "3" for the default stanza: # chsec -f /etc/security/user -s default -a maxrepeats=3 Use the "chsec" command to set "maxrepeats" to "3" for all the users who have "maxrepeats" values that are greater than "3", or its value is set to "0": # chuser maxrepeats=3 [user_name]
Additional Identifiers
Rule ID: SV-215232r991589_rule
Vulnerability ID: V-215232
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |