Detections
Analytics
3.13 Lock historical users
Information
Lock OS administrative accounts to further enhance security.Rationale:
Lock administrative user accounts. Generic OS administrative user accounts are targeted by hackers in an attempt to gain unauthorized access to a server.
Solution
Lock standard accounts using chuser:ACCOUNTS=daemon,bin,sys,adm,uucp,nobody,lpd,lp,invscout,ipsec,nuucp,sshd
lsuser -a account_locked ${ACCOUNTS} | grep -v account_locked=true | while read account attributes; do
chuser account_locked=true ${account}
done
Default Value:
N/A
See Also
Item Details
Audit Name: CIS IBM AIX 7.1 L1 v2.1.0
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5, CSCv7|16.8
Plugin: Unix
Control ID: 2c4ce3d7f50c254a4cde2869236f3cd640b2bc10305de809134c7f2f1a81ff0d