Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Securing AIX - Hardening Lesson 101
Operating Systems AIX Securing AIX - Hardening Lesson 101 Post 302772339 by MichaelFelt on Monday 25th of February 2013 06:25:56 AM
Old 02-25-2013
IBM Securing AIX - Hardening Lesson 101
Every now and then I google: SecuringAIX (I write a blog by that name, so I am curious where it stands - and to my dismay I did not make the top5 today from my current location.

However, this unix.com/aix thread did make the top5- and, imho, it is lacking in clarity and ease. So, I thought I would post a refresher - AIX Hardening 101.

Since AIX 5.3, ML05 I believe (so we are anno 2005 I believe) - AIX intradiced a tool known as AIX Security Expert, or aixpert. This is meant to be pretty much - push button security - from it's start at least as much more has been added.

For a test drive - let it tell you what it finds wrong (note, wrong means different. If the level you choose thinks 4 is the right number and you have a different number (e.g., 3 or 5) it will say it is failed.).

So, test drive - no configuration changes made to your system with:

Code:
# [[ -e /etc/security/aixpert/core/appliedaixpert.xml ]] && mv /etc/security/aixpert/core/appliedaixpert.xml /etc/security/aixpert/core/appliedaixpert.xml.save
# aixpert -l high|medium|low|default|sox-cobit -n -o /etc/security/aixpert/core/appliedaixpert.xml
# aixpert -c
# [[ -e /etc/security/aixpert/core/appliedaixpert.xml.save ]] && mv  /etc/security/aixpert/core/appliedaixpert.xml.save  /etc/security/aixpert/core/appliedaixpert.xml
# more /etc/security/aixpert/check_report.txt

Note: you must choose a level to test against - one of high|medium|low|default|sox-cobit

This is part of bos.security.rte so it is always installed. Up to you to use it!
 

8 More Discussions You Might Find Interesting

1. Solaris

Hardening Solaris

What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:) (5 Replies)
Discussion started by: rcmrulzz
5 Replies

2. UNIX for Advanced & Expert Users

Lesson Learned: Dual boot XP and Fedora 9

This post captures my recent experience in getting my Dell XPS Gen 3 to support dual boot of Windows XP (Professional) and the Fedora 9 Linux distribution. I searched quite a bit on the internet and found, of course, a variety of opinions regarding how to setup this type (dual boot) of... (1 Reply)
Discussion started by: rlandon@usa.net
1 Replies

3. Shell Programming and Scripting

Rename multiple files lesson

Hi All, So I found a cool way to change extensions to multiple files with: for i in *.doc do mv $i ${i%.doc}.txt done However, what I want to do is move *.txt to *_0hr.txt but the following doesn't work: for i in *.txt do mv $i ${i%.txt}_0hr.txt done My questions are (1) Why... (2 Replies)
Discussion started by: ScKaSx
2 Replies

4. Shell Programming and Scripting

Textfile lesson

Tag allerseits Ich habe ein umfangreiches Script. Darin möchte ich zu Beginn ein textfile lesen. Den ersten Satz. Dann kommen mehrere Instruktionen und dann soll wieder gelesen werden. Den zweiten Satz. Etc. Ich kann also das herkömmliche while read xyz / do ... done nicht benützen. ... (0 Replies)
Discussion started by: lazybaer
0 Replies

5. Cybersecurity

securing AIX box

Guys, i want to securing AIX after install by scrath. Is anybody can inform about the standard port which used by AIX? (0 Replies)
Discussion started by: michlix
0 Replies

6. AIX

Securing AIX

Guys, i want to securing AIX after install by scratch. Is anybody can inform about the standard port which used by AIX? (4 Replies)
Discussion started by: michlix
4 Replies

7. AIX

AIX 101 : Sys Admin Pocket Survival Guide

HOW-TO AIX Admin 101 Sys Admin Pocket Survival Guide - AIX Worth checking it out and printing it. (1 Reply)
Discussion started by: filosophizer
1 Replies

8. Web Development

Oracle Jet - LP: 10. Lesson 1: Oracle JET 4.x - Lesson 1 - Part 4: Data Binding

Working on LP: 10. Lesson 1: Oracle JET 4.x - Lesson 1 - Part 4: Data Binding in this Oracle JET online course - Soar higher with Oracle JavaScript Extension Toolkit (JET), I have created this code for incidents.js I cannot get the load average data in this Oracle JET test to update the... (4 Replies)
Discussion started by: Neo
4 Replies

LEARN ABOUT DEBIAN

blaze-config

BLAZE-CONFIG(1) 					    BlazeBlogger Documentation						   BLAZE-CONFIG(1)

NAME

       blaze-config - displays or sets BlazeBlogger configuration options

SYNOPSIS

       blaze-config [-qV] [-b directory] [-E editor] option [value...]

       blaze-config -e [-b directory]

       blaze-config -h|-v

DESCRIPTION

       blaze-config either sets BlazeBlogger configuration options, or displays their current value. Additionally, it can also open a
       configuration file in an external text editor.

OPTIONS

   Command Line Options
       -b directory, --blogdir directory
	   Allows you to specify a directory in which the BlazeBlogger repository is placed. The default option is a current working directory.

       -E editor, --editor editor
	   Allows you to specify an external text editor. When supplied, this option overrides the relevant configuration option.

       -e, --edit
	   Allows you to edit the configuration in a text editor.

       -q, --quiet
	   Disables displaying of unnecessary messages.

       -V, --verbose
	   Enables displaying of all messages. This is the default option.

       -h, --help
	   Displays usage information and exits.

       -v, --version
	   Displays version information and exits.

   Configuration Options
       blog.title=string
	   A title of your blog.

       blog.subtitle=string
	   A subtitle of your blog.

       blog.description=string
	   A brief description of your blog.

       blog.keywords=list
	   A comma-separated list of keywords.

       blog.theme=string
	   A theme for your blog. Note that it must point to an existing file in the ".blaze/theme/" directory. The default option is
	   "default.html".

       blog.style=string
	   A style sheet for your blog. Note that it must point to an existing file in the ".blaze/style/" directory. The default option is
	   "default.css".

       blog.lang=string
	   A translation of your blog. Note that it must point to an existing file in the ".blaze/lang/" directory. The default option is "en_US".

       blog.posts=integer
	   A number of blog posts to be listed on a single page. The default option is 10.

       color.list=boolean
	   A boolean to enable ("true") or disable ("false") colors in the blaze-list output. The default option is "false".

       color.log=boolean
	   A boolean to enable ("true") or disable ("false") colors in the blaze-log output. The default option is "false".

       core.doctype=string
	   A document type. It can be either "html" for HTML, or "xhtml" for the XHTML standard. The default option is "html".

       core.extension=string
	   A file extension. The default option is "html".

       core.encoding=string
	   A character encoding. Note that it has to be in a form that is recognized by W3C standards. The default option is "UTF-8".

       core.editor=string
	   An external text editor. When supplied, this option overrides the system-wide settings.

       core.processor=string
	   An external application to be used to process newly added or edited blog posts and pages. Note that you must supply "%in%" and "%out%"
	   in place of an input and output file name respectively. This option is disabled by default.

       feed.baseurl=string
	   A URL of your blog, for example "http://example.com".

       feed.posts=integer
	   A number of blog posts to be listed in the feed. The default option is 10.

       feed.fullposts=boolean
	   A boolean to enable ("true") or disable ("false") inclusion of the whole content of a blog post in the feed, even though the <!-- break
	   --> form is used. The default option is "false".

       post.author=string
	   A location of a blog post author name. It can be placed above the post ("top"), below it ("bottom"), or nowhere on the page ("none").
	   The default option is "top".

       post.date=string
	   A location of a date of publishing. It can be placed above the post ("top"), below it ("bottom"), or nowhere on the page ("none"). The
	   default option is top.

       post.tags=string
	   A location of post tags. They can be placed above the post ("top"), below it ("bottom"), or nowhere on the page ("none"). The default
	   option is "top".

       user.name=string
	   Your full name to be used in the copyright notice, and as the default post author. The default option is "admin".

       user.nickname=string
	   Your nickname to be used as the default post author. When supplied, it overrides the user.name setting. This option is disabled by
	   default.

       user.email=string
	   Your email address. The default option is "admin@localhost".

ENVIRONMENT

       EDITOR
	   Unless the core.editor option is set, BlazeBlogger tries to use system-wide settings to decide which editor to use.

FILES

       .blaze/config
	   A file containing the configuration.

       .blaze/theme/
	   A directory containing blog themes.

       .blaze/style/
	   A directory containing style sheets.

       .blaze/lang/
	   A directory containing language files.

EXAMPLE USAGE

       Configure the default text editor:

	 ~]$ blaze-config core.editor nano
	 The option has been successfully saved.

       Configure the user information:

	 ~]$ blaze-config user.name Jaromir Hradilek
	 The option has been successfully saved.
	 ~]$ blaze-config user.email jhradilek@gmail.com
	 The option has been successfully saved.

       Configure the blog appearance:

	 ~]$ blaze-config blog.title BlazeBlogger
	 The option has been successfully saved.
	 ~]$ blaze-config blog.subtitle a CMS without boundaries
	 The option has been successfully saved.
	 ~]$ blaze-config blog.theme keepitsimple.html
	 The option has been successfully saved.
	 ~]$ blaze-config blog.style keepitsimple.css
	 The option has been successfully saved.

       Configure the RSS feed:

	 ~]$ blaze-config feed.fullposts true
	 The option has been successfully saved.
	 ~]$ blaze-config feed.posts 10
	 The option has been successfully saved.
	 ~]$ blaze-config feed.baseurl http://blaze.blackened.cz/
	 The option has been successfully saved.

       Open the configuration in a text editor:

	 ~]$ blaze-config -e

SEE ALSO

       blaze-init(1)

BUGS

       To report a bug or to send a patch, please, add a new issue to the bug tracker at <http://code.google.com/p/blazeblogger/issues/>, or visit
       the discussion group at <http://groups.google.com/group/blazeblogger/>.

COPYRIGHT

       Copyright (C) 2008-2011 Jaromir Hradilek

       This program is free software; see the source for copying conditions. It is distributed in the hope that it will be useful, but WITHOUT ANY
       WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Version 1.2.0							    2012-03-05							   BLAZE-CONFIG(1)
All times are GMT -4. The time now is 12:40 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy