AIX must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.

An XCCDF Rule

Description

Setting the most restrictive default permissions ensures that when new accounts are created they do not have unnecessary access.

ID: SV-215431r991590_rule
Version: AIX7-00-003137
Severity: Medium
References: CCI-000366
Updated: 24 days ago

Remediation Templates

Add the following line to "/etc/security/.profile":
umask 077

Run the following command to set "umask=077" for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a umask=077