The /etc/shells file must exist on AIX systems.

An XCCDF Rule

Description

<VulnDiscussion>The shells file (or equivalent) lists approved default shells. It helps provide layered defense to the security approach by ensuring users cannot change their default shell to an unauthorized unsecure shell.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-215408r991589_rule
Severity: Medium
References: CCI-000366
Updated: 17 days ago

Run the following command to set shells attribute for stanza usw in "/etc/security/login.cfg": 
# chsec -f /etc/security/login.cfg -s usw -a shells=<list of approved shells separated by comma> 

Create the "/etc/shells" file and add all approved shells there, one shell per line: 
# vi /etc/shells
Change the ownership and mode-bit of "/etc/shells":
# chown bin.bin /etc/shells
# chmod 644 /etc/shells

The /etc/shells file must exist on AIX systems.

Description

Remediation - Manual Procedure