The /etc/shells file must exist on AIX systems.

An XCCDF Rule

Details
Profiles

Description

The shells file (or equivalent) lists approved default shells. It helps provide layered defense to the security approach by ensuring users cannot change their default shell to an unauthorized unsecure shell.

ID: SV-215408r991589_rule
Version: AIX7-00-003110
Severity: Medium
References: CCI-000366
Updated: 24 days ago

Remediation Templates

Run the following command to set shells attribute for stanza usw in "/etc/security/login.cfg": 
# chsec -f /etc/security/login.cfg -s usw -a shells=<list of approved shells separated by comma> 

Create the "/etc/shells" file and add all approved shells there, one shell per line: 
# vi /etc/shells
Change the ownership and mode-bit of "/etc/shells":
# chown bin.bin /etc/shells
# chmod 644 /etc/shells

The /etc/shells file must exist on AIX systems.

Description

Remediation Templates

A Manual Procedure