AIX7-00-001127 - AIX must prohibit password reuse for a minimum of five generations.

Information

Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password has exceeded its defined lifetime, the end result is a password that is not changed as per policy requirements.

Solution

From the command prompt, run the following command to set 'histsize=5' for the default stanza in '/etc/security/user':
# chsec -f /etc/security/user -s default -a histsize=5

For each user who has 'histsize' value less than '5', set its 'histsize' to '5' by running the following command from command prompt:
# chsec -f /etc/security/user -s [user_name] -a histsize=5

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_IBM_AIX_7-x_V2R9_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(e), CAT|II, CCI|CCI-000200, Rule-ID|SV-215224r508663_rule, STIG-ID|AIX7-00-001127, STIG-Legacy|SV-101411, STIG-Legacy|V-91313, Vuln-ID|V-215224

Plugin: Unix

Control ID: ee642921a17fc715dc5b315afd4dcf7fdc0d1c9218b0b065056c13320b568176