UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

AIX system must restrict the ability to switch to the root user to members of a defined group.


Overview

Finding ID Version Rule ID IA Controls Severity
V-215338 AIX7-00-003030 SV-215338r508663_rule Medium
Description
Configuring a supplemental group for users permitted to switch to the root user prevents unauthorized users from accessing the root account, even with knowledge of the root credentials.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2023-08-23

Details

Check Text ( C-16536r294465_chk )
Examine the "sugroups" of the root user. Generally only users in the adm group should have su to root capacity.

Run the following command:

# lsuser -a sugroups root
root sugroups=system,staff,security

If "sugroups" is blank or "ALL", this is a finding.
Fix Text (F-16534r294466_fix)
Use the "chsec" command to only allow users in the adm group to su to root:

# chsec -f /etc/security/user -s root -a sugroups=adm