STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215186

CAT II (Medium)

AIX must configure the ttys value for all interactive users.

Rule ID

SV-215186r958498_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000778

Discussion

A user's "ttys" attribute controls from which device(s) the user can authenticate and log in. If the "ttys" attribute is not specified, all terminals can access the user account.

Check Content

Verify that the default "ttys" value is set for all users:

# lssec -f /etc/security/user -s default -a ttys
default ttys=ALL

If the value returned is not "ttys=ALL", this is a finding.

From the command prompt, run the following command to check "ttys" attribute value for all accounts:
# lsuser -a ttys ALL

The above command should yield the following output:
root ttys=ALL
user1 ttys=ALL
user2 ttys=ALL
user3 ttys=ALL

If any interactive user account does not have "ttys=ALL", this is a finding.

Fix Text

From the command prompt, run the following command to set "ttys=ALL" for the default stanza in "/etc/security/user":
# chsec -f /etc/security/user -s default -a ttys=ALL

Run the following command to recheck "ttys" values for all users:
# lsuser -a ttys ALL

For each interactive user who does not have "ttys=ALL", set the value of "ttys" to "ALL" by running the following command from command prompt:
# chsec -f /etc/security/user -s [user_name] -a ttys=ALL