Login or Register to Ask a Question and Join Our Community


AIX

Disable RBAC - AIX

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Disable RBAC - AIX
# 1  
Old 04-23-2012
Disable RBAC - AIX
Hi all,
i have a little problem...
I have a Trusted AIX v. 6.1 installed on my system p.

I can't disable RBAC mode...

Code:
$ lsattr -El sys0 -a enhanced_RBAC
enhanced_RBAC true Enhanced RBAC Mode True

$ chdev -l sys0 -a enhanced_RBAC=false
Method error (/usr/lib/methods/chggen):
0514-018 The values specified for the following attributes
are not valid:
enhanced_RBAC Enhanced RBAC Mode

I have tried with user isso,sa,so (with swrole enable).

Any idea?

Thanks in advance.

Mario

Moderator's Comments:
Mod Comment Please use code tags, thanks!
Last edited by zaxxon; 04-23-2012 at 08:38 AM.. Reason: code tags
# 2  
Old 04-23-2012
Afaik Trusted AIX is very limited because of security needs (military standards etc... check the Redbook) and RBAC is a part of it to get the MLS (Multi Level Security) working.
I am not sure for Trusted AIX, but if you don't want to use it on a regular installation, you usually let it be "true" and just don't configure any roles, authorizations etc..

Maybe Trusted AIX is not what you are looking for? If you want to have a somewhat secure system and don't need MLS, RBAC etc., use the AIXpert maybe to secure your system as a start.
This User Gave Thanks to zaxxon For This Post:
Zio Bill
# 3  
Old 04-23-2012
sigh.. my boss want a Trusted Aix installation but i though that i can disable only RBAC Smilie

thanks.
# 4  
Old 04-23-2012
No offense - maybe explain your boss what a Trusted AIX installation means.
Taken from Help - AIX 7.1 Information Center
Quote:
...
Please note that once you choose this mode of installation, you will not be able to go back to a regular AIX environment without performing an overwrite install of regular AIX. Evaluate your need for a Trusted AIX environment before choosing this mode of install. More details about Trusted AIX can be found in the AIX publicly available documentation.
...
* login and password controlled system and network access
* user, group, and world file access permissions
* access control lists (ACLs)
* Audit subsystem
* Role Based Access Control (RBAC)

Trusted AIX builds upon these primary AIX operating system security features to further enhance and extend AIX security into the networking subsystems.
...
I had a colleague trying out Trusted AIX, it was so limited in options that the idea was just discarded.

Maybe there is a slight chance that there is an option how to turn off RBAC, but my assumption is, that it is not possible.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. AIX

AIX Disable direct root login problems

I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies

2. Red Hat

SSL/TLS renegotiation DoS -how to disable? Is it advisable to disable?

Hi all Expertise, I have following issue to solve, SSL / TLS Renegotiation DoS (low) 222.225.12.13 Ease of Exploitation Moderate Port 443/tcp Family Miscellaneous Following is the problem description:------------------ Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies

3. AIX

Allow telnet in AIX from specific IP adds, but disable for everyone else

I need to change the security on our AIX servers and disable telnet from all but certain IP addresses. I have hashed the telnet line in /etc/inetd.conf and added filter rules for those IP adds to allow access on port 23, but this didn't work. Does anyone have any ideas? Thanks. (2 Replies)
Discussion started by: Alps
2 Replies

4. AIX

How to disable/remove c-shell in aix?

Hi Team, I want to either disable C-shell permanently from my system. since the package bos.rte.shell 5.3.9.2 APPLIED Shells (bsh, ksh, csh) contains all 3 shells, please guide me how I can remove or permanently disable cshell from my box. I know I can rename /usr/bin/csh and disable but... (2 Replies)
Discussion started by: falgun6666
2 Replies

5. Shell Programming and Scripting

How to disable Enable/Disable Tab Key

Hi All, I have bash script, so what is sintax script in bash for Enable and Disable Tab Key. Thanks for your help.:( Thanks, Rico (1 Reply)
Discussion started by: carnegiex
1 Replies

6. AIX

Disable Banner Printing AIX ?

Can someone help me disable the banner printing in AIX 6 I am using HPjetDirect Drivers. SO whenever i print anything from Oracle application, a banner is printed. like the one below ######### User: alices@hostname ##### Title: /etc/release ##### Date: Fri 17:23 Mar 27, 2009 ##### ... (2 Replies)
Discussion started by: filosophizer
2 Replies

7. AIX

FTP access disable in AIX

Hello, I have AIX machine communication to mainframe machine. From AIX machine, i have to use always SSH communication. For this, i have created SSH tunnel in AIX machine and using FTP with SSH. Now both connections are working: 1) only FTP to mainframe machine 2) create SSH and do FTP... (3 Replies)
Discussion started by: balareddy
3 Replies

8. AIX

disable inbound mail for AIX 5.3

Hi All, How do I disable inbound mail for AIX 5.3 server? I just need the outbound mail. It's using the native sendmail program. Thank you! (1 Reply)
Discussion started by: itik
1 Replies

9. UNIX for Dummies Questions & Answers

Disable root for AIX 5.2

I am able to disable direct root login through telnet. But when I add the rlogin = false into the /etc/security/user file. I am unable to log in as root from ssh. I uncommented the "PermitRootLogin yes" in the sshd_config file. Still can't log in. Can anyone help? (0 Replies)
Discussion started by: james0125
0 Replies

10. UNIX for Advanced & Expert Users

Disable Keyboard in AIX 5.2

Hi all. I have a log file that the operators monitor. This file is simply tailed -f on a screen in the ops room. I would like to know if there is anyway I can disable the keyboard from any input other than physically unpluging it. Something like a trap in the script. The system is AIX 5.2. ... (2 Replies)
Discussion started by: jhansrod
2 Replies
Login or Register to Ask a Question