Sponsored Content
Operating Systems AIX Securing AIX - Hardening Lesson 101 Post 302772833 by MichaelFelt on Wednesday 27th of February 2013 01:58:40 AM
Old 02-27-2013
Now is a good time to look at so-called Role Based Access Control solutions - aka RBAC, rather than sudo. IT audit requirements are moving in this direction.
If you go sudo - it is not enough to install it and let everyone just sudo su -.

And be sure and define a seperate group, no files in it, only admins, with are allowed to su to root (sugroups setting for root is the name of this group, default is keyword ALL - meaning any group is accepted)

AIX supplies ssh on the DVD with AIX 6.1 and AIX 7.1, no additional download needed.

Big plus on suggestion to setup non-rootvg filesystems (i.e., not just a seperate filesystem, but have an additional volume group for these items, so that "rootvg" can be replaced (e.g., fresh install) and you will not lose any vital configuration information by accident. Not saying the steps to "replace" rootvg are simple, but this is much simplier than losing the info, or having to extract outdated information from an "ancient" mksysb backup file.

edit motd: yes, but a standard message for all systems - best practice seems to be to mention that only authorized users are permitted, and actions may be logged. Proceding implies consent and other "legal stuff".

Important change: change the pwd_algorithm setting (none set, so crypt by default) in /etc/security/login.cfg

All the other edits, disabling programs, root login, etc. - just use
# aixpert -l h (or #aixpert -l high)
 

8 More Discussions You Might Find Interesting

1. Solaris

Hardening Solaris

What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:) (5 Replies)
Discussion started by: rcmrulzz
5 Replies

2. UNIX for Advanced & Expert Users

Lesson Learned: Dual boot XP and Fedora 9

This post captures my recent experience in getting my Dell XPS Gen 3 to support dual boot of Windows XP (Professional) and the Fedora 9 Linux distribution. I searched quite a bit on the internet and found, of course, a variety of opinions regarding how to setup this type (dual boot) of... (1 Reply)
Discussion started by: rlandon@usa.net
1 Replies

3. Shell Programming and Scripting

Rename multiple files lesson

Hi All, So I found a cool way to change extensions to multiple files with: for i in *.doc do mv $i ${i%.doc}.txt done However, what I want to do is move *.txt to *_0hr.txt but the following doesn't work: for i in *.txt do mv $i ${i%.txt}_0hr.txt done My questions are (1) Why... (2 Replies)
Discussion started by: ScKaSx
2 Replies

4. Shell Programming and Scripting

Textfile lesson

Tag allerseits Ich habe ein umfangreiches Script. Darin möchte ich zu Beginn ein textfile lesen. Den ersten Satz. Dann kommen mehrere Instruktionen und dann soll wieder gelesen werden. Den zweiten Satz. Etc. Ich kann also das herkömmliche while read xyz / do ... done nicht benützen. ... (0 Replies)
Discussion started by: lazybaer
0 Replies

5. Cybersecurity

securing AIX box

Guys, i want to securing AIX after install by scrath. Is anybody can inform about the standard port which used by AIX? (0 Replies)
Discussion started by: michlix
0 Replies

6. AIX

Securing AIX

Guys, i want to securing AIX after install by scratch. Is anybody can inform about the standard port which used by AIX? (4 Replies)
Discussion started by: michlix
4 Replies

7. AIX

AIX 101 : Sys Admin Pocket Survival Guide

HOW-TO AIX Admin 101 Sys Admin Pocket Survival Guide - AIX Worth checking it out and printing it. (1 Reply)
Discussion started by: filosophizer
1 Replies

8. Web Development

Oracle Jet - LP: 10. Lesson 1: Oracle JET 4.x - Lesson 1 - Part 4: Data Binding

Working on LP: 10. Lesson 1: Oracle JET 4.x - Lesson 1 - Part 4: Data Binding in this Oracle JET online course - Soar higher with Oracle JavaScript Extension Toolkit (JET), I have created this code for incidents.js I cannot get the load average data in this Oracle JET test to update the... (4 Replies)
Discussion started by: Neo
4 Replies
BLAZE-LIST(1)						    BlazeBlogger Documentation						     BLAZE-LIST(1)

NAME
blaze-list - lists blog posts or pages in the BlazeBlogger repository SYNOPSIS
blaze-list [-cpqrsCPSV] [-b directory] [-I id] [-a author] [-t title] [-T tag] [-d day] [-m month] [-y year] [-n number] blaze-list -h|-v DESCRIPTION
blaze-list lists existing blog posts or pages in the BlazeBlogger repository. Additionally, it can also display basic repository statistics. OPTIONS
-b directory, --blogdir directory Allows you to specify a directory in which the BlazeBlogger repository is placed. The default option is a current working directory. -I id, --id id Allows you to display a single blog post or a page with the specified id. -a author, --author author Allows you to list blog posts or pages by the selected author. -t title, --title title Allows you to list blog posts or pages with matching title. -T tag, --tag tag Allows you to list blog posts or pages with matching tag. -d day, --day day Allows you to list blog posts or pages from the specified day of a month. The value has to be in the "DD" form. -m month, --month month Allows you to list blog posts or pages from the specified month. The value has to be in the "MM" form. -y year, --year year Allows you to list blog posts or pages from the specified year. The value has to be in the "YYYY" form. -n number, --number number Allows you to specify a number of blog posts or pages to be listed. -p, --page Tells blaze-list to list pages. -P, --post Tells blaze-list to list blog posts. This is the default option. -S, --stats Tells blaze-list to display statistics. -s, --short Tells blaze-list to display each blog post or page information on a single line. -r, --reverse Tells blaze-list to display blog posts or pages in reverse order. -c, --color Enables colored output. When supplied, this option overrides the relevant configuration option. -C, --no-color Disables colored output. When supplied, this option overrides the relevant configuration option. -q, --quiet Disables displaying of unnecessary messages. -V, --verbose Enables displaying of all messages. This is the default option. -h, --help Displays usage information and exits. -v, --version Displays version information and exits. EXAMPLE USAGE
List all blog post: ~]$ blaze-list ID: 11 | 2010-07-05 | Jaromir Hradilek Title: Join #blazeblogger on IRC Tags: announcement ID: 10 | 2009-12-16 | Jaromir Hradilek Title: Debian and Fedora Packages Tags: announcement etc. List all blog post in reverse order: ~]$ blaze-list -r ID: 1 | 2009-02-10 | Jaromir Hradilek Title: BlazeBlogger 0.7.0 Tags: release ID: 2 | 2009-02-11 | Jaromir Hradilek Title: BlazeBlogger 0.7.1 Tags: release etc. List all pages: ~]$ blaze-list -p ID: 5 | 2009-02-10 | Jaromir Hradilek Title: Downloads ID: 4 | 2009-02-10 | Jaromir Hradilek Title: Themes etc. List each blog post on a single line: ~]$ blaze-list -s ID: 11 | 2010-07-05 | Join #blazeblogger on IRC ID: 10 | 2009-12-16 | Debian and Fedora Packages etc. Display a short version of blog statistics: ~]$ blaze-list -Ss There is a total number of 11 blog posts and 5 pages in the repository. SEE ALSO
blaze-config(1), blaze-add(1) BUGS
To report a bug or to send a patch, please, add a new issue to the bug tracker at <http://code.google.com/p/blazeblogger/issues/>, or visit the discussion group at <http://groups.google.com/group/blazeblogger/>. COPYRIGHT
Copyright (C) 2009-2011 Jaromir Hradilek This program is free software; see the source for copying conditions. It is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Version 1.2.0 2012-03-05 BLAZE-LIST(1)
All times are GMT -4. The time now is 09:51 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy