STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215221

CAT I (High)

AIX root passwords must never be passed over a network in clear text form.

Rule ID

SV-215221r987796_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000197

Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.

Check Content

Determine if root has logged in over an unencrypted network connection: 

# last | grep "root " | egrep -v "reboot|console" | more 
root      pts/1        10.74.17.76           Jul 4 16:44 - 17:39  (00:54)

Next, determine if the SSH daemon is running: 

# ps -ef |grep sshd 
root  3670408  6029762   0   Jan 24      -  0:00 /usr/sbin/sshd

If root has logged in over the network and SSHD is not running, this is a finding.

Fix Text

If OpenSSH server is not installed, install it from the from AIX DVD Volume 1 using the following command (assuming that the DVD device is /dev/cd0):
# installp -aXYgd /dev/cd0 -e /tmp/install.log openssh.base.server

Start SSH server if it is not started:
# startsrc -s sshd

Enable SSH on the system and use it for all remote connections used to attain root access. 

Disable direct root remote login:
# chsec -f /etc/security/user -s root -a rlogin=false