Detections
Analytics
4.8.5 Ensure administrative user accounts are locked
Information
Lock OS administrative accounts to further enhance security.Lock administrative user accounts. Generic OS administrative user accounts are targeted by hackers in an attempt to gain unauthorized access to a server.
Solution
Lock standard accounts using chuser:ACCOUNTS=daemon,bin,sys,adm,uucp,nobody,lpd,lp,invscout,ipsec,nuucp,sshd
lsuser -a account_locked ${ACCOUNTS} | grep -v account_locked=true | while read account attributes; do
chuser account_locked=true ${account}
done
See Also
Item Details
Audit Name: CIS IBM AIX 7 v1.0.0 L1
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5, CSCv7|16.8, CSCv7|16.9
Plugin: Unix
Control ID: 9de390e8bba387bc90cc9725a2bf46ed08a4e347e43e912d3f27e1826310b9bb