Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must restrict the ability to switch to the root user to members of a defined group.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-22308 | GEN000850 | SV-38680r1_rule | ECLP-1 | Low |
| Description |
|---|
| Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials. |
| STIG | Date |
|---|---|
| Draft AIX Security Technical Implementation Guide | 2011-08-17 |
Details
| Check Text ( C-36912r1_chk ) |
|---|
| Examine the sugroups of the root user. Generally only users in the adm group should have su – to root capacity, Procedure: #lsuser –a sugroups root If this is blank or ALL, this is a finding. |
| Fix Text (F-32099r1_fix) |
|---|
| Use the chsec command to only allow users in the adm group to su to root. #chsec –f /etc/security/user –s root –a sugroups=adm |