diff --git a/oval-schemas/aix-definitions-schema.xsd b/oval-schemas/aix-definitions-schema.xsd index 97f8992..d8f375d 100644 --- a/oval-schemas/aix-definitions-schema.xsd +++ b/oval-schemas/aix-definitions-schema.xsd @@ -342,18 +342,24 @@ - + - + - The no test is used to check information related to the /usr/sbin/no command and the parameters it manages. The no command sets or displays current or next boot values for network tuning parameters. The information being tested is based off the /usr/sbin/no -o command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a no_object and the optional state element specifies the value to check for. + + The deviceattribute_test is used to hold information related to the execution of the + /usr/sbin/lsattr -EOl [device] -a [attribute] command. It extends the standard TestType + as defined in the oval-definitions-schema and one should refer to the TestType description + for more information. The required object element references a deviceattribute_object and + the optional state element specifies the value to check. + - - - - the object child element of a must reference a no_object + + + - the object child element of a must reference a deviceattribute_object - - - the state child element of a must reference a no_state + + - the state child element of a must reference a deviceattribute_state @@ -369,10 +375,15 @@ - + - The no_object element is used by a no_test to define the specific parameter to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema. - A no_object consists of a single tunable entity that identifies the parameter to be looked at. + + The deviceattribute_object element is used by a deviceattribute_test to determine the collection of + information related to the execution of the /usr/sbin/lsattr -EOl [device] -a [attribute] command. + Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the + ObjectType description for more information. The common set element allows complex objects to be created using filters + and set logic. Again, please refer to the description of the set element in the oval-definitions-schema. + @@ -381,9 +392,14 @@ - + - The tunable entity holds the name of the tunable parameter to be queried by the /usr/sbin/no command. Examples include ip_forwarding and tcp_keepalive_interval. + Specifies the device logical name in the Customized Devices object class whose attribute names or values you want displayed + + + + + The name of the attribute of a specific device or type of device. @@ -394,22 +410,31 @@ - + - The no_state element defines the different information associated with a specific call to /usr/sbin/no. Please refer to the individual elements in the schema for more details about what each represents. + + The deviceattribute_state element defines the different information associated with a specific call + to /usr/sbin/lsattr -EOl [device] -a [attribute]. Please refer to the individual elements in the schema + for more details about what each represents. + - + - The tunable entity is used to check the name of the tunable parameter that was used by the /usr/sbin/no command. Examples include ip_forwarding and tcp_keepalive_interval. + Specifies the device logical name in the Customized Devices object class whose attribute names or values you want displayed + + + + + The name of the attribute of a specific device or type of device. - The value entity defines the value to check against the tunable parameter being examined. + The value entity defines the value to check against the device attribute being examined. @@ -417,22 +442,29 @@ + - + - + - The oslevel test reveals information about the release and maintenance level of AIX operating system. This information can be retrieved by the /usr/bin/oslevel -r command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an oslevel_object and the optional state element specifies the metadata to check. - - - - - the object child element of a oslevel_test must reference a oslevel_object - - - - the state child element of a oslevel_test must reference a oslevel_state - - - + + The inittab_item is used to hold information related to the /usr/sbin/lsitab command and information stored in /etc/inittab. + Currently, /usr/sbin/lsitab is used to configure records in the /etc/inittab file which controls the initialization process. + It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description + for more information. The required object element references a inittab_object and the optional state element specifies the value + to check. + + + + + - the object child element of a must reference a inittab_object + + + - the state child element of a must reference a inittab_state + + + @@ -445,27 +477,70 @@ - + - The oslevel_object element is used by an oslevel test to define those objects to be evaluated based on a specified state. There is actually only one object relating to oslevel and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check oslevel will reference the same oslevel_object which is basically an empty object element. + + The inittab_object element is used by an inittab_test to determine the collection of entries in the /etc/inittab file. + Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the + ObjectType description for more information. The common set element allows complex objects to be created using filters + and set logic. Again, please refer to the description of the set element in the oval-definitions-schema. + - + + + + + + + + A string (one or more than one character) that uniquely identifies an object + + + + + + + - + - The oslevel_state element defines the information about maintenance level (system version). Please refer to the individual elements in the schema for more details about what each represents. + + The inittab_state element defines the different information associated with a specific call to /usr/bin/lsitab. + Please refer to the individual elements in the schema for more details about what each represents. + - + - This is the maintenance level (system version) of current AIX operating system. + A string (one or more than one character) that uniquely identifies an object + + + + + + The run level in which this entry can be processed. Run levels effectively correspond to a + configuration of processes in the system. Run levels are represented by the numbers 0 through 9. + There are three other values that appear in the runlevel field, even though they are not true + run levels: a, b, and c. Entries that have these characters in the runlevel field are processed + only when the telinit command requests them to be run (regardless of the current run level of the system). + + + + + + Tells the init command how to treat the process specified in the identifier field. + + + + + A shell command to execute. @@ -473,138 +548,1779 @@ + + - - + - The EntityStateFilesetStateType complex type defines the different values that are valid for the state entity of a fileset state. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the state entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. + + The securitystanza_test is used to check information related to the /usr/bin/lssec command and the parameters it manages. + The lssec command lists attributes stored in the security configuration stanza files. The following security configuration + files contain attributes that you can specify with the Attribute parameter. The information being tested is based off the + /usr/bin/lssec [ -f File ] [ -s Stanza ] [ -a Attribute ] command. It extends the standard TestType as defined in the + oval-definitions-schema and one should refer to the TestType description for more information. The required object + element references a securitystanza_object and the optional state element specifies the value to check. + + + + + - the object child element of a must reference a securitystanza_object + + + - the state child element of a must reference a securitystanza_state + + + - - - - - The specified fileset is installed on the system. The APPLIED state means that the fileset can be rejected with the installp command and the previous level of the fileset restored. This state is only valid for Version 4 fileset updates and 3.2 migrated filesets. - - - - - An attempt was made to apply the specified fileset, but it did not complete successfully, and cleanup was not performed. - - - - - The specified fileset or fileset update is broken and should be reinstalled before being used. - - - - - The specified fileset is installed on the system. The COMMITTED state means that a commitment has been made to this level of the software. A committed fileset update cannot be rejected, but a committed fileset base level and its updates (regardless of state) can be removed or deinstalled by the installp command. - - - - - An attempt was made to commit the specified fileset, but it did not complete successfully, and cleanup was not performed. - - - - - The specified fileset was installed sucessfully and locked by the interim fix (interim fix) manager. - - - - - The specified fileset was installed with an earlier version of the operating system but has been replaced by a repackaged (renamed) newer version. Some of the files that belonged to this fileset have been replaced by versions from the repackaged fileset. - - - - - An attempt was made to reject the specified fileset, but it did not complete successfully, and cleanup was not performed. - - - - - The empty string value is permitted here to allow for empty elements associated with variable references. - - - - - - + + + + + + + + + + + + - The EntityStateFixInstallationStatusType complex type defines the different values that are valid for the installation_status entity of a fix_state state. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the installation_status entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. + + The securitystanza_object element is used by a securitystanza_test to determine the + collection of attributes in the security stanza files. Each object extends the standard + ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType + description for more information. The common set element allows complex objects to be created + using filters and set logic. Again, please refer to the description of the set element in the + oval-definitions-schema. + - - - - - All filesets for XXXXXXX were found - - - - - Not all filesets for XXXXXXX were found - - - - - No filesets which have fixes for XXXXXXX are currently installed. - - - - - The empty string value is permitted here to allow for empty elements associated with variable references. - - - - - - + + + + + + + + + + The stanza_file entity is an enumeration of values representing the security configuration file containing the desired attributes. + + + + + Specifies the name of the stanza to list. + + + + + Specifies the attribute to list. + + + + + + + + + + + - The EntityStateInterimFixStateType complex type defines the different values that are valid for the state entity of a interim_fix_state state. Please refer to the AIX documentation of Emergency Fix States. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the state entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. + + The securitystanza_state element defines the different information associated with a specific + call to /usr/bin/lssec. Please refer to the individual elements in the schema for more details + about what each represents. + - - - - - The efix was installed with a standard installation, and successfully completed the last installation operation. - - - - - The efix was installed with a mount installation operation, and successfully completed the last installation or mount operation. - - - - - The efix was installed with a mount installation operation and one or more efix files were unmounted in a previous emgr command operation. - - - - - An unrecoverable error occurred during an installation or removal operation. The status of the efix is unreliable. - - - - - The efix is in the process of installing. - - - - - The efix was installed successfully and requires a reboot to fully integrate into the target system. - - - - - The efix is in the process of being removed. - - - - - The empty string value is permitted here to allow for empty elements associated with variable references. + + + + + + + The stanza_file entity is an enumeration of values representing the security configuration file containing the desired attributes. + + + + + Specifies the name of the stanza to list. + + + + + Specifies the attribute to list. + + + + + The value entity defines the value to check against the security parameter being examined. + + + + + + + + + + + + + + + The useraccount_test is used to assess information related to the /usr/sbin/lsuser command and the attributes it manages. + Currently, /usr/sbin/lsuser is used to display user account attributes. The /usr/sbin/lsuser command queries the named + attribute for the provided user account(s). It extends the standard TestType as defined in the + oval-definitions-schema and one should refer to the TestType description for more information. The required object + element references a useraccount_object and the optional state element specifies the value to check. + + + + + - the object child element of a must reference a useraccount_object + + + - the state child element of a must reference a useraccount_state + + + + + + + + + + + + + + + + + + + The useraccount_object is used to collect information related to the /usr/sbin/lsuser command and + the user account attributes it manages. Each object extends the standard ObjectType as defined + in the oval-definitions-schema and one should refer to the ObjectType description for more + information. The common set element allows complex objects to be created using filters and + set logic. Again, please refer to the description of the set element in the oval-definitions-schema. + + + + + + + + + + + + The name of the user to be queried by the /usr/sbin/lsuser command. + + + + + The name of the user attribute to be queried by the /usr/sbin/lsuser command. This value can include any attribute that is defined by the /usr/bin/chuser command. + + + + + + + + + + + + + + The useraccount_state element defines the different information associated with a specific call to /usr/sbin/lsuser. + Please refer to the individual elements in the schema for more details about what each represents. + + + + + + + + + The name of the user to be queried by the /usr/sbin/lsuser command. + + + + + The name of the user attribute to be queried by the /usr/sbin/lsuser command. This value can include any attribute that is defined by the /usr/bin/chuser command. + + + + + The value entity defines the value assigned to the user attribute being examined. + + + + + + + + + + + + + + + The nfso test is used to check information related to the /usr/sbin/nfso command and the parameters it manages. + The nfso command sets or displays current or next boot values for network file system (NFS) tuning parameters. + The information being tested is based off the /usr/sbin/nfso -o command. It extends the standard TestType as + defined in the oval-definitions-schema and one should refer to the TestType description for more information. + The required object element references a nfso_object and the optional state element specifies the value to check for. + + + + + - the object child element of a must reference a nfso_object + + + - the state child element of a must reference a nfso_state + + + + + + + + + + + + + + + + + + + The nfso_object element is used by a nfso_test to define the specific parameter to be evaluated. Each object extends + the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description + for more information. The common set element allows complex objects to be created using filters and set logic. Again, + please refer to the description of the set element in the oval-definitions-schema. + + A nfso_object consists of a single tunable entity that identifies the parameter to be looked at. + + + + + + + + + + + The tunable entity holds the name of the tunable parameter to be queried by the /usr/sbin/nfso command. Examples include nfs_max_read_size and nfs_max_write_size. + + + + + + + + + + + + + + The nfso_state element defines the different information associated with a specific call to /usr/sbin/nfso. + Please refer to the individual elements in the schema for more details about what each represents. + + + + + + + + + The tunable entity is used to check the name of the tunable parameter that was used by the /usr/sbin/nfso command. Examples include nfs_max_read_size and nfs_max_write_size. + + + + + The value entity defines the value to check against the tunable parameter being examined. + + + + + + + + + + + + + The no test is used to check information related to the /usr/sbin/no command and the parameters it manages. The no command sets or displays current or next boot values for network tuning parameters. The information being tested is based off the /usr/sbin/no -o command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references a no_object and the optional state element specifies the value to check for. + + + + - the object child element of a must reference a no_object + + + - the state child element of a must reference a no_state + + + + + + + + + + + + + + + + + + The no_object element is used by a no_test to define the specific parameter to be evaluated. Each object extends the standard ObjectType as defined in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema. + A no_object consists of a single tunable entity that identifies the parameter to be looked at. + + + + + + + + + + + The tunable entity holds the name of the tunable parameter to be queried by the /usr/sbin/no command. Examples include ip_forwarding and tcp_keepalive_interval. + + + + + + + + + + + + + The no_state element defines the different information associated with a specific call to /usr/sbin/no. Please refer to the individual elements in the schema for more details about what each represents. + + + + + + + + The tunable entity is used to check the name of the tunable parameter that was used by the /usr/sbin/no command. Examples include ip_forwarding and tcp_keepalive_interval. + + + + + The value entity defines the value to check against the tunable parameter being examined. + + + + + + + + + + + + + The oslevel test reveals information about the release and maintenance level of AIX operating system. This information can be retrieved by the /usr/bin/oslevel -r command. It extends the standard TestType as defined in the oval-definitions-schema and one should refer to the TestType description for more information. The required object element references an oslevel_object and the optional state element specifies the metadata to check. + + + + - the object child element of a oslevel_test must reference a oslevel_object + + + - the state child element of a oslevel_test must reference a oslevel_state + + + + + + + + + + + + + + + + + + The oslevel_object element is used by an oslevel test to define those objects to be evaluated based on a specified state. There is actually only one object relating to oslevel and this is the system as a whole. Therefore, there are no child entities defined. Any OVAL Test written to check oslevel will reference the same oslevel_object which is basically an empty object element. + + + + + + + + + + The oslevel_state element defines the information about maintenance level (system version). Please refer to the individual elements in the schema for more details about what each represents. + + + + + + + + This is the maintenance level (system version) of current AIX operating system. + + + + + + + + + + + + + The EntityStateFilesetStateType complex type defines the different values that are valid for the state entity of a fileset state. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the state entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. + + + + + + The specified fileset is installed on the system. The APPLIED state means that the fileset can be rejected with the installp command and the previous level of the fileset restored. This state is only valid for Version 4 fileset updates and 3.2 migrated filesets. + + + + + An attempt was made to apply the specified fileset, but it did not complete successfully, and cleanup was not performed. + + + + + The specified fileset or fileset update is broken and should be reinstalled before being used. + + + + + The specified fileset is installed on the system. The COMMITTED state means that a commitment has been made to this level of the software. A committed fileset update cannot be rejected, but a committed fileset base level and its updates (regardless of state) can be removed or deinstalled by the installp command. + + + + + An attempt was made to commit the specified fileset, but it did not complete successfully, and cleanup was not performed. + + + + + The specified fileset was installed sucessfully and locked by the interim fix (interim fix) manager. + + + + + The specified fileset was installed with an earlier version of the operating system but has been replaced by a repackaged (renamed) newer version. Some of the files that belonged to this fileset have been replaced by versions from the repackaged fileset. + + + + + An attempt was made to reject the specified fileset, but it did not complete successfully, and cleanup was not performed. + + + + + The empty string value is permitted here to allow for empty elements associated with variable references. + + + + + + + + The EntityStateFixInstallationStatusType complex type defines the different values that are valid for the installation_status entity of a fix_state state. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the installation_status entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. + + + + + + All filesets for XXXXXXX were found + + + + + Not all filesets for XXXXXXX were found + + + + + No filesets which have fixes for XXXXXXX are currently installed. + + + + + The empty string value is permitted here to allow for empty elements associated with variable references. + + + + + + + + The EntityStateInterimFixStateType complex type defines the different values that are valid for the state entity of a interim_fix_state state. Please refer to the AIX documentation of Emergency Fix States. The empty string is also allowed as a valid value to support an empty element that is found when a variable reference is used within the state entity. Note that when using pattern matches and variables care must be taken to ensure that the regular expression and variable values align with the enumerated values. + + + + + + The efix was installed with a standard installation, and successfully completed the last installation operation. + + + + + The efix was installed with a mount installation operation, and successfully completed the last installation or mount operation. + + + + + The efix was installed with a mount installation operation and one or more efix files were unmounted in a previous emgr command operation. + + + + + An unrecoverable error occurred during an installation or removal operation. The status of the efix is unreliable. + + + + + The efix is in the process of installing. + + + + + The efix was installed successfully and requires a reboot to fully integrate into the target system. + + + + + The efix is in the process of being removed. + + + + + The empty string value is permitted here to allow for empty elements associated with variable references. + + + + + + + + The lssec command lists attributes stored in the security configuration stanza files. The following security configuration files contain attributes that you can specify with the Attribute parameter. + + + + + + /etc/security/environ + + + + + /etc/security/group + + + + + /etc/security/audit/hosts + + + + + /etc/security/lastlog + + + + + /etc/security/limits + + + + + /etc/security/login.cfg + + + + + /usr/lib/security/mkuser.default + + + + + /etc/nscontrol.conf + + + + + /etc/security/passwd + + + + + /etc/security/portlog + + + + + /etc/security/pwdalg.cfg + + + + + /etc/security/roles + + + + + /etc/security/smitacl.user + + + + + /etc/security/smitacl.group + + + + + /etc/security/user + + + + + /etc/security/user.roles + + + + + /etc/security/rtc/rtcd_policy.conf + + + + + The empty string value is permitted here to allow for empty elements associated with variable references. + + + + + + + + The lssec command lists attributes stored in the security configuration stanza files. The following security configuration files contain attributes that you can specify with the Attribute parameter. + + + + + + /etc/security/environ + + + + + /etc/security/group + + + + + /etc/security/audit/hosts + + + + + /etc/security/lastlog + + + + + /etc/security/limits + + + + + /etc/security/login.cfg + + + + + /usr/lib/security/mkuser.default + + + + + /etc/nscontrol.conf + + + + + /etc/security/passwd + + + + + /etc/security/portlog + + + + + /etc/security/pwdalg.cfg + + + + + /etc/security/roles + + + + + /etc/security/smitacl.user + + + + + /etc/security/smitacl.group + + + + + /etc/security/user + + + + + /etc/security/user.roles + + + + + /etc/security/rtc/rtcd_policy.conf + + + + + The empty string value is permitted here to allow for empty elements associated with variable references. + + + + + + + + The name of the user attribute to be queried by the /usr/sbin/lsuser command. This value can include any attribute that is defined by the /usr/bin/chuser command. + + + + + + Indicates if the user account is locked + + + + + Defines the administrative status of the user. + + + + + Defines the groups that the user administrates + + + + + Defines the user's audit classes + + + + + Defines the primary methods for authenticating the user + + + + + Defines the secondary methods for authenticating the user + + + + + Defines the system privileges (capabilities) which are granted to a user by the login or su commands + + + + + Specifies the soft limit for the largest core file a user's process can create + + + + + Enables or disables core file compression + + + + + Specifies the largest core file a user's process can create + + + + + Selects a choice of core file naming strategies. Valid values for this attribute are On and Off + + + + + Enables or disables core file path specification + + + + + Specifies a location to be used to place core files, if the core_path attribute is set to On + + + + + Identifies the soft limit for the largest amount of system unit time (in seconds) that a user's process can use + + + + + Identifies the largest amount of system unit time (in seconds) that a user's process can use + + + + + Indicates whether the user specified by the Name parameter can run programs using the cron daemon or the src (system resource controller) daemon + + + + + Specifies the soft limit for the largest data segment for a user's process + + + + + Specifies the largest data segment for a user's process + + + + + Allows the DCE registry to overwrite the local user information with the DCE user information during a DCE export operation + + + + + Specifies the default roles for the user + + + + + Defines the password dictionaries used by the composition restrictions when checking new passwords + + + + + Defines the list of domains that the user belongs to + + + + + Identifies the expiration date of the account + + + + + Defines the soft limit for the largest file a user's process can create or extend + + + + + Defines the largest file a user's process can create or extend + + + + + Supplies general information about the user specified by the Name parameter + + + + + Identifies the groups to which user belongs + + + + + Defines the period of time (in weeks) that a user cannot reuse a password + + + + + Defines the number of previous passwords that a user cannot reuse + + + + + Identifies the home directory of the user specified by the Name parameter + + + + + Specifies the user ID + + + + + Indicates whether the user can log in to the system with the login command + + + + + Defines the number of unsuccessful login attempts allowed after the last successful login before the system locks the account + + + + + Defines the days and times that the user is allowed to access the system + + + + + Defines the maximum age (in weeks) of a password + + + + + Defines the maximum time (in weeks) beyond the maxage value that a user can change an expired password + + + + + Defines the maximum number of times a character can be repeated in a new password + + + + + Specifies the maximum number of concurrent logins per user + + + + + Defines the minimum age (in weeks) a password must be before it can be changed + + + + + Defines the minimum number of alphabetic characters that must be in a new password + + + + + Defines the minimum number of characters required in a new password that were not in the old password + + + + + Defines the minimum length of a password + + + + + Defines the minimum number of non-alphabetic characters that must be in a new password + + + + + Defines the soft limit for the number of file descriptors a user process may have open at one time + + + + + Defines the hard limit for the number of file descriptors a user process may have open at one time + + + + + Defines the soft limit on the number of processes a user can have running at one time + + + + + Defines the hard limit on the number of processes a user can have running at one time + + + + + Identifies the primary group of the user + + + + + Defines the list of projects to which the user's processes can be assigned + + + + + Defines the password restriction methods enforced on new passwords + + + + + Defines the number of days before the system issues a warning that a password change is required + + + + + Controls the remote execution of the r-commands (rsh, rexec, and rcp) + + + + + Permits access to the account from a remote location with the telnet orrlogin commands + + + + + Defines the administrative roles for this user + + + + + The soft limit for the largest amount of physical memory a user's process can allocate + + + + + The largest amount of physical memory a user's process can allocate + + + + + Defines the program run for the user at session initiation + + + + + Specifies the soft limit for the largest process stack segment for a user's process + + + + + Specifies the largest process stack segment of a user's process + + + + + Indicates whether another user can switch to the specified user account with the su command + + + + + Defines the groups that can use the su command to switch to the specified user account + + + + + Identifies the system-state (protected) environment + + + + + Specifies the soft limit for the largest number of threads that a user process can create + + + + + Specifies the largest possible number of threads that a user process can create + + + + + Indicates the user's trusted path status + + + + + Defines the terminals that can access the account specified by the Name parameter + + + + + Determines file permissions + + + + + Defines the user-state (unprotected) environment + + + + + Specifies the database type of the user keystore. The attribute is valid only when the system is EFS-enabled + + + + + Represents the database type for the efs_admin keystore. The attribute is valid only when the system is EFS-enabled + + + + + Specifies the initial mode of the user keystore. The attribute is valid only when the system is EFS-enabled + + + + + Specifies whether the mode can be changed. The attribute is valid only when the system is EFS-enabled + + + + + Specifies the algorithm that is used to generate the private key of the user during the keystore creation. The attribute is valid only when the system is EFS-enabled + + + + + Specifies the encryption algorithm for user files. The attribute is valid only when the system is EFS-enabled + + + + + Defines the minimum sensitivity-clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the maximum sensitivity-clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the default sensitivity level that the user is assigned during login. This attribute is valid only for Trusted AIX. + + + + + Defines the minimum integrity clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the maximum integrity clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the default integrity clearance level that the user is assigned during login. This attribute is valid only for Trusted AIX. + + + + + Defines the minimum number of lower case alphabetic characters that must be in a new password + + + + + Defines the minimum number of upper case alphabetic characters that must be in a new password + + + + + Defines the minimum number of digits that must be in a new password + + + + + Defines the minimum number of special characters that must be in a new password + + + + + + + + The name of the user attribute to be queried by the /usr/sbin/lsuser command. This value can include any attribute that is defined by the /usr/bin/chuser command. + + + + + + Indicates if the user account is locked + + + + + Defines the administrative status of the user. + + + + + Defines the groups that the user administrates + + + + + Defines the user's audit classes + + + + + Defines the primary methods for authenticating the user + + + + + Defines the secondary methods for authenticating the user + + + + + Defines the system privileges (capabilities) which are granted to a user by the login or su commands + + + + + Specifies the soft limit for the largest core file a user's process can create + + + + + Enables or disables core file compression + + + + + Specifies the largest core file a user's process can create + + + + + Selects a choice of core file naming strategies. Valid values for this attribute are On and Off + + + + + Enables or disables core file path specification + + + + + Specifies a location to be used to place core files, if the core_path attribute is set to On + + + + + Identifies the soft limit for the largest amount of system unit time (in seconds) that a user's process can use + + + + + Identifies the largest amount of system unit time (in seconds) that a user's process can use + + + + + Indicates whether the user specified by the Name parameter can run programs using the cron daemon or the src (system resource controller) daemon + + + + + Specifies the soft limit for the largest data segment for a user's process + + + + + Specifies the largest data segment for a user's process + + + + + Allows the DCE registry to overwrite the local user information with the DCE user information during a DCE export operation + + + + + Specifies the default roles for the user + + + + + Defines the password dictionaries used by the composition restrictions when checking new passwords + + + + + Defines the list of domains that the user belongs to + + + + + Identifies the expiration date of the account + + + + + Defines the soft limit for the largest file a user's process can create or extend + + + + + Defines the largest file a user's process can create or extend + + + + + Supplies general information about the user specified by the Name parameter + + + + + Identifies the groups to which user belongs + + + + + Defines the period of time (in weeks) that a user cannot reuse a password + + + + + Defines the number of previous passwords that a user cannot reuse + + + + + Identifies the home directory of the user specified by the Name parameter + + + + + Specifies the user ID + + + + + Indicates whether the user can log in to the system with the login command + + + + + Defines the number of unsuccessful login attempts allowed after the last successful login before the system locks the account + + + + + Defines the days and times that the user is allowed to access the system + + + + + Defines the maximum age (in weeks) of a password + + + + + Defines the maximum time (in weeks) beyond the maxage value that a user can change an expired password + + + + + Defines the maximum number of times a character can be repeated in a new password + + + + + Specifies the maximum number of concurrent logins per user + + + + + Defines the minimum age (in weeks) a password must be before it can be changed + + + + + Defines the minimum number of alphabetic characters that must be in a new password + + + + + Defines the minimum number of characters required in a new password that were not in the old password + + + + + Defines the minimum length of a password + + + + + Defines the minimum number of non-alphabetic characters that must be in a new password + + + + + Defines the soft limit for the number of file descriptors a user process may have open at one time + + + + + Defines the hard limit for the number of file descriptors a user process may have open at one time + + + + + Defines the soft limit on the number of processes a user can have running at one time + + + + + Defines the hard limit on the number of processes a user can have running at one time + + + + + Identifies the primary group of the user + + + + + Defines the list of projects to which the user's processes can be assigned + + + + + Defines the password restriction methods enforced on new passwords + + + + + Defines the number of days before the system issues a warning that a password change is required + + + + + Controls the remote execution of the r-commands (rsh, rexec, and rcp) + + + + + Permits access to the account from a remote location with the telnet orrlogin commands + + + + + Defines the administrative roles for this user + + + + + The soft limit for the largest amount of physical memory a user's process can allocate + + + + + The largest amount of physical memory a user's process can allocate + + + + + Defines the program run for the user at session initiation + + + + + Specifies the soft limit for the largest process stack segment for a user's process + + + + + Specifies the largest process stack segment of a user's process + + + + + Indicates whether another user can switch to the specified user account with the su command + + + + + Defines the groups that can use the su command to switch to the specified user account + + + + + Identifies the system-state (protected) environment + + + + + Specifies the soft limit for the largest number of threads that a user process can create + + + + + Specifies the largest possible number of threads that a user process can create + + + + + Indicates the user's trusted path status + + + + + Defines the terminals that can access the account specified by the Name parameter + + + + + Determines file permissions + + + + + Defines the user-state (unprotected) environment + + + + + Specifies the database type of the user keystore. The attribute is valid only when the system is EFS-enabled + + + + + Represents the database type for the efs_admin keystore. The attribute is valid only when the system is EFS-enabled + + + + + Specifies the initial mode of the user keystore. The attribute is valid only when the system is EFS-enabled + + + + + Specifies whether the mode can be changed. The attribute is valid only when the system is EFS-enabled + + + + + Specifies the algorithm that is used to generate the private key of the user during the keystore creation. The attribute is valid only when the system is EFS-enabled + + + + + Specifies the encryption algorithm for user files. The attribute is valid only when the system is EFS-enabled + + + + + Defines the minimum sensitivity-clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the maximum sensitivity-clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the default sensitivity level that the user is assigned during login. This attribute is valid only for Trusted AIX. + + + + + Defines the minimum integrity clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the maximum integrity clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the default integrity clearance level that the user is assigned during login. This attribute is valid only for Trusted AIX. + + + + + Defines the minimum number of lower case alphabetic characters that must be in a new password + + + + + Defines the minimum number of upper case alphabetic characters that must be in a new password + + + + + Defines the minimum number of digits that must be in a new password + + + + + Defines the minimum number of special characters that must be in a new password + + + + + + + + + The EntityStateInittabRunlevelType describes the enumeration of runlevel values present in /etc/inittab. + The empty string value is permitted here to allow for detailed error reporting and variable references. + + + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + There are three other values that appear in the runlevel field, even though they are not true run levels: a, b, and c. Entries that have these characters in the runlevel field are processed only when the telinit command requests them to be run (regardless of the current run level of the system). + + + + + There are three other values that appear in the runlevel field, even though they are not true run levels: a, b, and c. Entries that have these characters in the runlevel field are processed only when the telinit command requests them to be run (regardless of the current run level of the system). + + + + + There are three other values that appear in the runlevel field, even though they are not true run levels: a, b, and c. Entries that have these characters in the runlevel field are processed only when the telinit command requests them to be run (regardless of the current run level of the system). + + + + + The empty string is allowed for variable references + + + + + + + + The EntityStateInittabActionType indicates how to treat the process specified in the identifier field. The empty string value is permitted here to allow for detailed error reporting. + + + + + + If the process does not exist, start the process. Do not wait for its termination (continue scanning the /etc/inittab file). Restart the process when it dies. If the process exists, do nothing and continue scanning the /etc/inittab file. + + + + + When the init command enters the run level that matches the entry's run level, start the process and wait for its termination + + + + + When the init command enters a run level that matches the entry's run level, start the process, and do not wait for its termination + + + + + Process the entry only during system boot, which is when the init command reads the /etc/inittab file during system startup + + + + + Process the entry the first time that the init command goes from single-user to multi-user state after the system is booted + + + + + Execute the process associated with this entry only when the init command receives a power fail signal (SIGPWR) + + + + + Execute the process associated with this entry only when the init command receives a power fail signal (SIGPWR), and wait until it terminates + + + + + If the process associated with this entry is currently running, send the warning signal (SIGTERM), and wait 20 seconds before terminating the process with the kill signal (SIGKILL) + + + + + Functionally identical to respawn, except this action applies to the a, b, or c values, not to run levels + + + + + An entry with this action is only scanned when the init command is initially invoked + + + + + Entries of this type are executed before the init command tries to access the console before login + diff --git a/oval-schemas/aix-system-characteristics-schema.xsd b/oval-schemas/aix-system-characteristics-schema.xsd index a962b43..6296401 100644 --- a/oval-schemas/aix-system-characteristics-schema.xsd +++ b/oval-schemas/aix-system-characteristics-schema.xsd @@ -1,162 +1,342 @@ - - - - The following is a description of the elements, types, and attributes that compose the AIX specific system characteristic items found in Open Vulnerability and Assessment Language (OVAL). Each item is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here. - This schema was originally developed by Yuzheng Zhou and Todd Dolinsky at Hewlett-Packard. The OVAL Schema is maintained by the OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.cisecurity.org. - - AIX System Characteristics - 5.11.1:1.1 - 11/30/2016 09:00:00 AM - For the portion subject to the copyright in the United States: Copyright (c) 2016 United States Government. All Rights Reserved. Copyright (c) 2016, Center for Internet Security. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at https://oval.cisecurity.org/terms. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included. - - - - - - - - - - - From emgr -l -u VUID Command. See instfix manpage for specific fields. - - - - - - - - Virtually Unique ID. A combination of time and cpuid, this ID can be used to differentiate fixes that are otherwise identical. - - - - - Each efix that is installed on a given system has a unique efix label. - - - - - Describes the efix package. - - - - - The the emergency fix state. - - - - - - - - - - - - - Output of /usr/bin/lslpp -l FilesetName. See lslpp manpage for specific fields. - - - - - - - - Represents the name of the fileset being checked. - - - - - Maintenance level (also known as version in Solaris or Linux) of the fileset. For example, "5.3.0.10" is the level for 'bos.txt.tfs' fileset in one AIX machine. - - - - - This gives the state of the fileset being checked. The state can be 'APPLIED', 'APPLYING','BROKEN', 'COMMITTED', 'EFIX LOCKED', 'OBSOLETE', 'COMMITTING','REJECTING'. See the manpage of the 'lslpp' command more information. - - - - - Short description of the fileset being checked. - - - - - - - - - - - - - From /usr/sbin/instfix -iavk APARNum Command. See instfix manpage for specific fields. - - - - - - - - APAR is the short for 'Authorized Program Analysis Report'. APAR identifies and describes a software product defect. An APAR number can obtain a PTF (Program Temporary Fix) for the defect, if a PTF is available. An example of an apar_number is 'IY78751', it includes two alphabetic characters and a 5-digit integer. - - - - - The abstract of the APAR being checked. For instance, 'LL syas rXct are available even when not susea' is the abstract of APAR 'IY78751'. - - - - - The symptom text related to the APAR being checked. For example, the symptom text for 'IY75211' is 'Daylight savings change for year 2007 and beyond'. - - - - - The installation status of files associated with the APAR. - - - - - - - - - - - - - The no_item is used to hold information related to the /usr/sbin/no command and the tunable parameters it manages. Currently, /usr/sbin/no is used to configure network tuning parameters. The /usr/sbin/no command sets or displays current or next boot values for network tuning parameters. The /usr/sbin/no command queries the named parameter, retrieves the value associated with the specified parameter, and displays it. - - - - - - - - The name of the target parameter to be queried by the /usr/sbin/no command. Examples include ip_forwarding and tcp_keepalive_interval. - - - - - The value entity defines the value assigned to the tunable parameter being examined. - - - - - - - - - - - + + + + The following is a description of the elements, types, and attributes that compose the AIX specific system characteristic items found in Open Vulnerability and Assessment Language (OVAL). Each item is an extension of the standard test element defined in the Core Definition Schema. Through extension, each test inherits a set of elements and attributes that are shared amongst all OVAL tests. Each test is described in detail and should provide the information necessary to understand what each element and attribute represents. This document is intended for developers and assumes some familiarity with XML. A high level description of the interaction between the different tests and their relationship to the Core Definition Schema is not outlined here. + This schema was originally developed by Yuzheng Zhou and Todd Dolinsky at Hewlett-Packard. The OVAL Schema is maintained by the OVAL Community. For more information, including how to get involved in the project and how to submit change requests, please visit the OVAL website at http://oval.cisecurity.org. + + AIX System Characteristics + 5.11.1:1.1 + 11/30/2016 09:00:00 AM + For the portion subject to the copyright in the United States: Copyright (c) 2016 United States Government. All Rights Reserved. Copyright (c) 2016, Center for Internet Security. All rights reserved. The contents of this file are subject to the terms of the OVAL License located at https://oval.cisecurity.org/terms. See the OVAL License for the specific language governing permissions and limitations for use of this schema. When distributing copies of the OVAL Schema, this license header must be included. + + + + + + + + + + + From emgr -l -u VUID Command. See instfix manpage for specific fields. + + + + + + + + Virtually Unique ID. A combination of time and cpuid, this ID can be used to differentiate fixes that are otherwise identical. + + + + + Each efix that is installed on a given system has a unique efix label. + + + + + Describes the efix package. + + + + + The the emergency fix state. + + + + + + + + + + + + + Output of /usr/bin/lslpp -l FilesetName. See lslpp manpage for specific fields. + + + + + + + + Represents the name of the fileset being checked. + + + + + Maintenance level (also known as version in Solaris or Linux) of the fileset. For example, "5.3.0.10" is the level for 'bos.txt.tfs' fileset in one AIX machine. + + + + + This gives the state of the fileset being checked. The state can be 'APPLIED', 'APPLYING','BROKEN', 'COMMITTED', 'EFIX LOCKED', 'OBSOLETE', 'COMMITTING','REJECTING'. See the manpage of the 'lslpp' command more information. + + + + + Short description of the fileset being checked. + + + + + + + + + + + + + From /usr/sbin/instfix -iavk APARNum Command. See instfix manpage for specific fields. + + + + + + + + APAR is the short for 'Authorized Program Analysis Report'. APAR identifies and describes a software product defect. An APAR number can obtain a PTF (Program Temporary Fix) for the defect, if a PTF is available. An example of an apar_number is 'IY78751', it includes two alphabetic characters and a 5-digit integer. + + + + + The abstract of the APAR being checked. For instance, 'LL syas rXct are available even when not susea' is the abstract of APAR 'IY78751'. + + + + + The symptom text related to the APAR being checked. For example, the symptom text for 'IY75211' is 'Daylight savings change for year 2007 and beyond'. + + + + + The installation status of files associated with the APAR. + + + + + + + + + + + + + + The deviceattribute_item is used to hold information related to the execution of the + /usr/sbin/lsattr -EOl [device] -a [attribute] command. + + + + + + + + + Specifies the device logical name in the Customized Devices object class whose attribute names or values you want displayed + + + + + Displays information for the specified attributes of a specific device or type of device + + + + + The effective value of the attribute for a customized device. + + + + + + + + + + + + + + The inittab_item is used to hold information related to the /usr/sbin/lsitab command and information stored in /etc/inittab. + Currently, /usr/sbin/lsitab is used to configure records in the /etc/inittab file which controls the initialization process. + + + + + + + + + A string (one or more than one character) that uniquely identifies an object + + + + + + The run level in which this entry can be processed. Run levels effectively correspond to a + configuration of processes in the system. Run levels are represented by the numbers 0 through 9. + There are three other values that appear in the runlevel field, even though they are not true + run levels: a, b, and c. Entries that have these characters in the runlevel field are processed + only when the telinit command requests them to be run (regardless of the current run level of the system). + + + + + + Tells the init command how to treat the process specified in the identifier field. + + + + + A shell command to execute. + + + + + + + + + + + + + + The securitystanza_item element defines the different information associated with a specific call + to /usr/bin/lssec. Please refer to the individual elements in the schema for more details + about what each represents. + + + + + + + + + The stanza_file entity is an enumeration of values representing the security configuration file containing the desired attributes. + + + + + Specifies the name of the stanza to list. + + + + + Specifies the attribute to list. + + + + + The value entity defines the value to check against the security parameter being examined. + + + + + + + + + + + + + + The useraccount_item is used to hold information related to the /usr/sbin/lsuser command and the attributes it manages. + Currently, /usr/sbin/lsuser is used to display user account attributes. The /usr/sbin/lsuser command queries the named + attribute for the provided user account(s). + + + + + + + + + The name of the user to be queried by the /usr/sbin/lsuser command. + + + + + The name of the user attribute to be queried by the /usr/sbin/lsuser command. This value can include any attribute that is defined by the /usr/bin/chuser command. + + + + + The value entity defines the value assigned to the user attribute being examined. + + + + + + + + + + + + + + The nfso_item is used to hold information related to the /usr/sbin/nfso command and the tunable parameters it manages. + Currently, /usr/sbin/nfso is used to configure network file system (NFS) tuning parameters. The /usr/sbin/nfso command + sets or displays current or next boot values for network tuning parameters. The /usr/sbin/nfso command queries the named + parameter, retrieves the value associated with the specified parameter, and displays it. + + + + + + + + + The name of the target parameter to be queried by the /usr/sbin/nfso command. Examples include nfs_max_read_size and nfs_max_write_size. + + + + + The value entity defines the value assigned to the tunable parameter being examined. + + + + + + + + + + + + + The no_item is used to hold information related to the /usr/sbin/no command and the tunable parameters it manages. Currently, /usr/sbin/no is used to configure network tuning parameters. The /usr/sbin/no command sets or displays current or next boot values for network tuning parameters. The /usr/sbin/no command queries the named parameter, retrieves the value associated with the specified parameter, and displays it. + + + + + + + + The name of the target parameter to be queried by the /usr/sbin/no command. Examples include ip_forwarding and tcp_keepalive_interval. + + + + + The value entity defines the value assigned to the tunable parameter being examined. + + + + + + + + + + + Information about the release and maintenance level of AIX operating system. This information can be retrieved by the /usr/bin/oslevel -r command. @@ -179,7 +359,7 @@ - The EntityStateFilesetStateType complex type defines the different values that are valid for the state entity of a fileset state. The empty string value is permitted here to allow for detailed error reporting. + The EntityStateFilesetStateType complex type defines the different values that are valid for the state entity of a fileset state. The empty string value is permitted here to allow for detailed error reporting. @@ -229,7 +409,7 @@ - The EntityStateFixInstallationStatusType defines the different values that are valid for the installation_status entity of a fix_state item. The empty string is also allowed as a valid value to support empty emlements associated with error conditions. + The EntityStateFixInstallationStatusType defines the different values that are valid for the installation_status entity of a fix_state item. The empty string is also allowed as a valid value to support empty emlements associated with error conditions. @@ -248,61 +428,736 @@ No filesets which have fixes for XXXXXXX are currently installed. - - - The empty string value is permitted here to allow for detailed error reporting. - - + + + The empty string value is permitted here to allow for detailed error reporting. + + - - The EntityItemInterimFixStateType complex type defines the different values that are valid for the state entity of a interim_fix_state state. Please refer to the AIX documentation of Emergency Fix States. The empty string value is permitted here to allow for detailed error reporting. - - - - - - The efix was installed with a standard installation, and successfully completed the last installation operation. - - - - - The efix was installed with a mount installation operation, and successfully completed the last installation or mount operation. - - - - - The efix was installed with a mount installation operation and one or more efix files were unmounted in a previous emgr command operation. - - - - - An unrecoverable error occurred during an installation or removal operation. The status of the efix is unreliable. - - - - - The efix is in the process of installing. - - - - - The efix was installed successfully and requires a reboot to fully integrate into the target system. - - - - - The efix is in the process of being removed. - - - - - The empty string value is permitted here to allow for detailed error reporting. - - - - - + + The EntityItemInterimFixStateType complex type defines the different values that are valid for the state entity of a interim_fix_state state. Please refer to the AIX documentation of Emergency Fix States. The empty string value is permitted here to allow for detailed error reporting. + + + + + + The efix was installed with a standard installation, and successfully completed the last installation operation. + + + + + The efix was installed with a mount installation operation, and successfully completed the last installation or mount operation. + + + + + The efix was installed with a mount installation operation and one or more efix files were unmounted in a previous emgr command operation. + + + + + An unrecoverable error occurred during an installation or removal operation. The status of the efix is unreliable. + + + + + The efix is in the process of installing. + + + + + The efix was installed successfully and requires a reboot to fully integrate into the target system. + + + + + The efix is in the process of being removed. + + + + + The empty string value is permitted here to allow for detailed error reporting. + + + + + + + + The lssec command lists attributes stored in the security configuration stanza files. The following security configuration files contain attributes that you can specify with the Attribute parameter. + + + + + + /etc/security/environ + + + + + /etc/security/group + + + + + /etc/security/audit/hosts + + + + + /etc/security/lastlog + + + + + /etc/security/limits + + + + + /etc/security/login.cfg + + + + + /usr/lib/security/mkuser.default + + + + + /etc/nscontrol.conf + + + + + /etc/security/passwd + + + + + /etc/security/portlog + + + + + /etc/security/pwdalg.cfg + + + + + /etc/security/roles + + + + + /etc/security/smitacl.user + + + + + /etc/security/smitacl.group + + + + + /etc/security/user + + + + + /etc/security/user.roles + + + + + /etc/security/rtc/rtcd_policy.conf + + + + + The empty string value is permitted here to allow for empty elements associated with variable references. + + + + + + + + The name of the user attribute to be queried by the /usr/sbin/lsuser command. This value can include any attribute that is defined by the /usr/bin/chuser command. + + + + + + Indicates if the user account is locked + + + + + Defines the administrative status of the user. + + + + + Defines the groups that the user administrates + + + + + Defines the user's audit classes + + + + + Defines the primary methods for authenticating the user + + + + + Defines the secondary methods for authenticating the user + + + + + Defines the system privileges (capabilities) which are granted to a user by the login or su commands + + + + + Specifies the soft limit for the largest core file a user's process can create + + + + + Enables or disables core file compression + + + + + Specifies the largest core file a user's process can create + + + + + Selects a choice of core file naming strategies. Valid values for this attribute are On and Off + + + + + Enables or disables core file path specification + + + + + Specifies a location to be used to place core files, if the core_path attribute is set to On + + + + + Identifies the soft limit for the largest amount of system unit time (in seconds) that a user's process can use + + + + + Identifies the largest amount of system unit time (in seconds) that a user's process can use + + + + + Indicates whether the user specified by the Name parameter can run programs using the cron daemon or the src (system resource controller) daemon + + + + + Specifies the soft limit for the largest data segment for a user's process + + + + + Specifies the largest data segment for a user's process + + + + + Allows the DCE registry to overwrite the local user information with the DCE user information during a DCE export operation + + + + + Specifies the default roles for the user + + + + + Defines the password dictionaries used by the composition restrictions when checking new passwords + + + + + Defines the list of domains that the user belongs to + + + + + Identifies the expiration date of the account + + + + + Defines the soft limit for the largest file a user's process can create or extend + + + + + Defines the largest file a user's process can create or extend + + + + + Supplies general information about the user specified by the Name parameter + + + + + Identifies the groups to which user belongs + + + + + Defines the period of time (in weeks) that a user cannot reuse a password + + + + + Defines the number of previous passwords that a user cannot reuse + + + + + Identifies the home directory of the user specified by the Name parameter + + + + + Specifies the user ID + + + + + Indicates whether the user can log in to the system with the login command + + + + + Defines the number of unsuccessful login attempts allowed after the last successful login before the system locks the account + + + + + Defines the days and times that the user is allowed to access the system + + + + + Defines the maximum age (in weeks) of a password + + + + + Defines the maximum time (in weeks) beyond the maxage value that a user can change an expired password + + + + + Defines the maximum number of times a character can be repeated in a new password + + + + + Specifies the maximum number of concurrent logins per user + + + + + Defines the minimum age (in weeks) a password must be before it can be changed + + + + + Defines the minimum number of alphabetic characters that must be in a new password + + + + + Defines the minimum number of characters required in a new password that were not in the old password + + + + + Defines the minimum length of a password + + + + + Defines the minimum number of non-alphabetic characters that must be in a new password + + + + + Defines the soft limit for the number of file descriptors a user process may have open at one time + + + + + Defines the hard limit for the number of file descriptors a user process may have open at one time + + + + + Defines the soft limit on the number of processes a user can have running at one time + + + + + Defines the hard limit on the number of processes a user can have running at one time + + + + + Identifies the primary group of the user + + + + + Defines the list of projects to which the user's processes can be assigned + + + + + Defines the password restriction methods enforced on new passwords + + + + + Defines the number of days before the system issues a warning that a password change is required + + + + + Controls the remote execution of the r-commands (rsh, rexec, and rcp) + + + + + Permits access to the account from a remote location with the telnet orrlogin commands + + + + + Defines the administrative roles for this user + + + + + The soft limit for the largest amount of physical memory a user's process can allocate + + + + + The largest amount of physical memory a user's process can allocate + + + + + Defines the program run for the user at session initiation + + + + + Specifies the soft limit for the largest process stack segment for a user's process + + + + + Specifies the largest process stack segment of a user's process + + + + + Indicates whether another user can switch to the specified user account with the su command + + + + + Defines the groups that can use the su command to switch to the specified user account + + + + + Identifies the system-state (protected) environment + + + + + Specifies the soft limit for the largest number of threads that a user process can create + + + + + Specifies the largest possible number of threads that a user process can create + + + + + Indicates the user's trusted path status + + + + + Defines the terminals that can access the account specified by the Name parameter + + + + + Determines file permissions + + + + + Defines the user-state (unprotected) environment + + + + + Specifies the database type of the user keystore. The attribute is valid only when the system is EFS-enabled + + + + + Represents the database type for the efs_admin keystore. The attribute is valid only when the system is EFS-enabled + + + + + Specifies the initial mode of the user keystore. The attribute is valid only when the system is EFS-enabled + + + + + Specifies whether the mode can be changed. The attribute is valid only when the system is EFS-enabled + + + + + Specifies the algorithm that is used to generate the private key of the user during the keystore creation. The attribute is valid only when the system is EFS-enabled + + + + + Specifies the encryption algorithm for user files. The attribute is valid only when the system is EFS-enabled + + + + + Defines the minimum sensitivity-clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the maximum sensitivity-clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the default sensitivity level that the user is assigned during login. This attribute is valid only for Trusted AIX. + + + + + Defines the minimum integrity clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the maximum integrity clearance level that the user can have. This attribute is valid only for Trusted AIX. + + + + + Defines the default integrity clearance level that the user is assigned during login. This attribute is valid only for Trusted AIX. + + + + + Defines the minimum number of lower case alphabetic characters that must be in a new password + + + + + Defines the minimum number of upper case alphabetic characters that must be in a new password + + + + + Defines the minimum number of digits that must be in a new password + + + + + Defines the minimum number of special characters that must be in a new password + + + + + + + + + The EntityItemInittabRunlevelType describes the enumeration of runlevel values present in /etc/inittab. + The empty string value is permitted here to allow for detailed error reporting and variable references. + + + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + Run levels are represented by the numbers 0 through 9 + + + + + There are three other values that appear in the runlevel field, even though they are not true run levels: a, b, and c. Entries that have these characters in the runlevel field are processed only when the telinit command requests them to be run (regardless of the current run level of the system). + + + + + There are three other values that appear in the runlevel field, even though they are not true run levels: a, b, and c. Entries that have these characters in the runlevel field are processed only when the telinit command requests them to be run (regardless of the current run level of the system). + + + + + There are three other values that appear in the runlevel field, even though they are not true run levels: a, b, and c. Entries that have these characters in the runlevel field are processed only when the telinit command requests them to be run (regardless of the current run level of the system). + + + + + The empty string is allowed for variable references + + + + + + + + The EntityItemInittabActionType indicates how to treat the process specified in the identifier field. The empty string value is permitted here to allow for detailed error reporting. + + + + + + If the process does not exist, start the process. Do not wait for its termination (continue scanning the /etc/inittab file). Restart the process when it dies. If the process exists, do nothing and continue scanning the /etc/inittab file. + + + + + When the init command enters the run level that matches the entry's run level, start the process and wait for its termination + + + + + When the init command enters a run level that matches the entry's run level, start the process, and do not wait for its termination + + + + + Process the entry only during system boot, which is when the init command reads the /etc/inittab file during system startup + + + + + Process the entry the first time that the init command goes from single-user to multi-user state after the system is booted + + + + + Execute the process associated with this entry only when the init command receives a power fail signal (SIGPWR) + + + + + Execute the process associated with this entry only when the init command receives a power fail signal (SIGPWR), and wait until it terminates + + + + + If the process associated with this entry is currently running, send the warning signal (SIGTERM), and wait 20 seconds before terminating the process with the kill signal (SIGKILL) + + + + + Functionally identical to respawn, except this action applies to the a, b, or c values, not to run levels + + + + + An entry with this action is only scanned when the init command is initially invoked + + + + + Entries of this type are executed before the init command tries to access the console before login + + + + + +