STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215187

CAT II (Medium)

AIX must provide the lock command to let users retain their session lock until users are reauthenticated.

Rule ID

SV-215187r958400_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000056

Discussion

All systems are vulnerable if terminals are left logged in and unattended. Leaving system terminals unsecure poses a potential security hazard. To lock the terminal, use the lock command.

Check Content

Check the system to determine if "bos.rte.security" is installed: 

# lslpp -L bos.rte.security
Fileset                      Level  State  Type  Description (Uninstaller)
  ----------------------------------------------------------------------------
 bos.rte.security           7.2.1.1    C     F    Base Security Function

If the "bos.rte.security" fileset is not installed, this is a finding. 

Check if lock command exist using the following command:
# ls  /usr/bin/lock

The above command should display the following:
/usr/bin/lock

If the above command does not show that "/usr/bin/lock" exists, this is a finding.

Fix Text

Install "bos.rte.security" fileset from the AIX DVD Volume 1 using the following command (assuming that the DVD device is mounted to /dev/cd0):

# installp -aXYgd /dev/cd0 -e /tmp/install.log bos.rte.security