Direct logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts.

An XCCDF Rule

Details
Profiles

Description

Shared accounts (accounts where two or more people log in with the same user identification) do not provide identification and authentication. There is no way to provide for non-repudiation or individual accountability.

ID: SV-215178r1009531_rule
Version: AIX7-00-001011
Severity: Medium
References: CCI-000770 CCI-004045
Updated: 3 days ago

Remediation Templates

Direct login to shared or application accounts can be prevented by setting the "rlogin=false" in the accounts stanza of the "/etc/security/user" file.

From the command prompt, run the following command to set "rlogin=false" for a shared account:

# chuser rlogin=false [shared_account]

Direct logins to the AIX system must not be permitted to shared accounts, default accounts, application accounts, and utility accounts.

Description

Remediation Templates

A Manual Procedure