AIX must provide the lock command to let users retain their session lock until users are reauthenticated.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-215187 | AIX7-00-001028 | SV-215187r958400_rule | CCI-000056 | medium |
| Description | ||||
| All systems are vulnerable if terminals are left logged in and unattended. Leaving system terminals unsecure poses a potential security hazard. To lock the terminal, use the lock command. | ||||
| STIG | Date | |||
| IBM AIX 7.x Security Technical Implementation Guide | 2024-08-16 | |||
Details
Check Text (C-215187r958400_chk)
Check the system to determine if "bos.rte.security" is installed:
# lslpp -L bos.rte.security
Fileset Level State Type Description (Uninstaller)
----------------------------------------------------------------------------
bos.rte.security 7.2.1.1 C F Base Security Function
If the "bos.rte.security" fileset is not installed, this is a finding.
Check if lock command exist using the following command:
# ls /usr/bin/lock
The above command should display the following:
/usr/bin/lock
If the above command does not show that "/usr/bin/lock" exists, this is a finding.
Fix Text (F-16383r294013_fix)
Install "bos.rte.security" fileset from the AIX DVD Volume 1 using the following command (assuming that the DVD device is mounted to /dev/cd0):
# installp -aXYgd /dev/cd0 -e /tmp/install.log bos.rte.security