STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to IBM AIX 7.x Security Technical Implementation Guide

V-215187

CAT II (Medium)

AIX must provide the lock command to let users retain their session lock until users are reauthenticated.

Rule ID

SV-215187r958400_rule

STIG

IBM AIX 7.x Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000056

Discussion

All systems are vulnerable if terminals are left logged in and unattended. Leaving system terminals unsecure poses a potential security hazard. To lock the terminal, use the lock command.

Check Content

Check the system to determine if "bos.rte.security" is installed: 

# lslpp -L bos.rte.security
Fileset                      Level  State  Type  Description (Uninstaller)
  ----------------------------------------------------------------------------
 bos.rte.security           7.2.1.1    C     F    Base Security Function

If the "bos.rte.security" fileset is not installed, this is a finding. 

Check if lock command exist using the following command:
# ls  /usr/bin/lock

The above command should display the following:
/usr/bin/lock

If the above command does not show that "/usr/bin/lock" exists, this is a finding.

Fix Text

Install "bos.rte.security" fileset from the AIX DVD Volume 1 using the following command (assuming that the DVD device is mounted to /dev/cd0):

# installp -aXYgd /dev/cd0 -e /tmp/install.log bos.rte.security