AIX7-00-001011 - Direct logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts.

Information

Shared accounts (accounts where two or more people log in with the same user identification) do not provide identification and authentication. There is no way to provide for non-repudiation or individual accountability.

Solution

Direct login to shared or application accounts can be prevented by setting the 'rlogin=false' in the accounts stanza of the '/etc/security/user' file.

From the command prompt, run the following command to set 'rlogin=false' for a shared account:

# chuser rlogin=false [shared_account]

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V2R6_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(5), CAT|II, CCI|CCI-000770, Rule-ID|SV-215178r508663_rule, STIG-ID|AIX7-00-001011, STIG-Legacy|SV-101525, STIG-Legacy|V-91427, Vuln-ID|V-215178

Plugin: Unix

Control ID: f13cce5806fbd93f3cf060421a3061908bb53f7260b3f42b379369b43b71cea7