Skip to content

The /etc/shells file must exist on AIX systems.

An XCCDF Rule

Description

<VulnDiscussion>The shells file (or equivalent) lists approved default shells. It helps provide layered defense to the security approach by ensuring users cannot change their default shell to an unauthorized unsecure shell.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-215408r508663_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Run the following command to set shells attribute for stanza usw in "/etc/security/login.cfg": 
# chsec -f /etc/security/login.cfg -s usw -a shells=<list of approved shells separated by comma> 

Create the "/etc/shells" file and add all approved shells there, one shell per line: 
# vi /etc/shells