AIX must configure the ttys value for all interactive users.
An XCCDF Rule
Description
<VulnDiscussion>A user's "ttys" attribute controls from which device(s) the user can authenticate and log in. If the "ttys" attribute is not specified, all terminals can access the user account.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-215186r958498_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
From the command prompt, run the following command to set "ttys=ALL" for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a ttys=ALL
Run the following command to recheck "ttys" values for all users:
# lsuser -a ttys ALL