Check: AIX7-00-002127
IBM AIX 7.x STIG:
AIX7-00-002127
(in versions v2 r9 through v1 r1)
Title
AIX system must require authentication upon booting into single-user and maintenance modes. (Cat II impact)
Discussion
This prevents attackers with physical access from trivially bypassing security on the machine and gaining root access. Such accesses are further prevented by configuring the bootloader password.
Check Content
Verify that the "root" account has a password assigned: # cut -d: -f1,2 /etc/passwd | grep root root:! If the "root" account is not listed with an "!", this is a finding.
Fix Text
Assign the "root" account a password using passwd command while logged on as "root": # passwd
Additional Identifiers
Rule ID: SV-215308r508663_rule
Vulnerability ID: V-215308
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000366 |
The organization implements the security configuration settings. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| CM-6 |
Configuration Settings |