Inactive accounts (UNIX)

Module: Login Parameters

This check reports accounts that have never been logged into, as well as accounts that have not been logged into for the number of days specified. Use the check's name list to include or exclude users.

The following table lists the error messages for the check.

Table: Error messages for Inactive accounts

Message String ID and Category	Platform and Message Numeric ID	Message Title and Description	Additional Information
String ID: STKU_LASTLOG Category: Policy Compliance	UNIX (5232)	Title: Inactive account Description:The listed users have not logged into their accounts for the specified number of days. Inactive accounts can become easy targets for intruders trying to break into your system. You should remove or disable inactive accounts.	Severity: yellow-1 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_CANNOT_LOGIN Category: Policy Compliance	UNIX (5233)	Title: Cannot login Description:The listed users do not have any access to their accounts. AIX allows system administrators to apply restrictions to accounts. All of the AIX restrictions have been applied to these accounts. You should review the restrictions for the listed users to ensure that they are current and accurate.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]
String ID: STKU_LOGIN_RESTRICTIONS Category: Policy Compliance	UNIX (5234)	Title: Login restrictions Description:The listed users have restricted logins. This message provides information but may not require any action on your part. These users do not have complete access to their accounts. This can be beneficial in systems that do not allow rlogin or telnet sessions. It can also be beneficial in systems that do not allow access to certain accounts through the su command. You should review the restrictions for the listed users to ensure that they are current and accurate.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [Login types disallowed: %s]
String ID: STKU_NO_LOGIN_RESTRICT Category: Policy Compliance	UNIX (5235)	Title: No login restrictions Description:The listed account does not have any login restrictions. AIX allows a system administrator to apply certain restrictions to accounts. There are three types of AIX login restrictions: su, local, and remote. You should apply these restrictions as your security needs demand. Read the man pages for more information about these restrictions.	Severity: green-0 Correctable: false Snapshot Updatable: false Template Updatable: false Information Field Format: [%s]

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_LASTLOG

Category: Policy Compliance

UNIX (5232)

Title: Inactive account

Description:The listed users have not logged into their accounts for the specified number of days. Inactive accounts can become easy targets for intruders trying to break into your system. You should remove or disable inactive accounts.

Severity: yellow-1

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_CANNOT_LOGIN

Category: Policy Compliance

UNIX (5233)

Title: Cannot login

Description:The listed users do not have any access to their accounts. AIX allows system administrators to apply restrictions to accounts. All of the AIX restrictions have been applied to these accounts. You should review the restrictions for the listed users to ensure that they are current and accurate.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]

String ID: STKU_LOGIN_RESTRICTIONS

Category: Policy Compliance

UNIX (5234)

Title: Login restrictions

Description:The listed users have restricted logins. This message provides information but may not require any action on your part. These users do not have complete access to their accounts. This can be beneficial in systems that do not allow rlogin or telnet sessions. It can also be beneficial in systems that do not allow access to certain accounts through the su command. You should review the restrictions for the listed users to ensure that they are current and accurate.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [Login types disallowed: %s]

String ID: STKU_NO_LOGIN_RESTRICT

Category: Policy Compliance

UNIX (5235)

Title: No login restrictions

Description:The listed account does not have any login restrictions. AIX allows a system administrator to apply certain restrictions to accounts. There are three types of AIX login restrictions: su, local, and remote. You should apply these restrictions as your security needs demand. Read the man pages for more information about these restrictions.

Severity: green-0

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]