Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: AIX and TCB
Operating Systems AIX AIX and TCB Post 302237631 by kimyo on Thursday 18th of September 2008 04:02:49 AM
Old 09-18-2008
Power AIX and TCB and AIXpert
HI

Thanx for the feedback, really appreciate it. I have done some checking on your recommended AIXpert. It looks good and is part of AIX from what I can see. It's also continued in AIX 6.1, so that's great, although AIX 6.1 now has a revised upgraded version of TCB. Now I just need to convince the client AIXpert a better way to go and find out how to use/config it.

As for TCB on AIX 5.3, the best info I could find was actually in the AIX 4.3 Elements of Security red book
http://www.redbooks.ibm.com/redbooks/pdfs/sg245962.pdf
And with speaking to IBM it seems like there is not much support/knowledge of/for TCB. This is understanable as not many systems like to be limited to a feature that would reaquire a re-install to disable. However if security is your top concern then there will be sacrifies.

AIX TCB details
  1. TCB must remain part of rootvg (thus make sure rootvg is on optimal disk for high I/O)
  2. Will only monitor static flat files, no database integration (Although it seems as AIX 6.1 has a feature that might provide some type of database monitoring?)
  3. Monitors files/devices/etc listed in /etc/secuirty/sysck.cfg
  4. Can possible be switched off and on with odm commands?
  5. Performance overhead would relate directly to how many alerts/checks are configured in /etc/security/sysck.cfg and how frequently they are monitored
regards
 

9 More Discussions You Might Find Interesting

1. AIX

Switch off TCB (Trusted Computing Base)

I wanted to do an "Alternate Disk Migration" via my NIM server to update several clients (all LPARs in a p670) from 5.1 ML6 to 5.2 ML3. As a prerequisite the procedure says "if the system has the Trusted Computing Base enabled it has to be switched off before". Well, i didn't give this too much... (3 Replies)
Discussion started by: bakunin
3 Replies

2. AIX

How to apply aix 5.3 TL8 properly on ML5 aix system ?

Is it necessary to put system into single user mode for applying aix 5.3 TL8 on a aix 5.3.5.0 system ? Is the TL8 installation not totally safe ? thank you. (6 Replies)
Discussion started by: astjen
6 Replies

3. AIX

IY17981 fix required for aix 4.3.3 to aix 5L migration but not found

Hi, redbook documentation is telling that IY17981 fix is required for aix 4.3.3 to aix 5L migration. But there is no mention about that fix in any ML installation packages. - My system is ML11 : oslevel –r 4330-11 - But xlC.rte is on wrong version : lslpp -L xlC.rte xlC.rte ... (3 Replies)
Discussion started by: astjen
3 Replies

4. AIX

How to upgrade AIX Firmware & TL Maintenance Level in AIX

Steps to upgrade AIX TL ( technology Level ) / Maintenance Level in AIX ( including Firmware HMC VIOS ) This article or post covers upgrades for - Hardware Management Console ( HMC ) - Firmware ( also known as microcode ) - VIO ( Virtual I/O Server = PowerVM ) - AIX Version, Technology... (2 Replies)
Discussion started by: filosophizer
2 Replies

5. AIX

Implementing a TCB-Environment in AIX

Habe folgende Frage an der ich mich schwer tue, Welche Möglichkeiten bietet IBM's Betriebssystem "AIX" hinsichtlich der Ausbildung einer TCB-Umgebung? vielen Dank (6 Replies)
Discussion started by: Invisibleye86
6 Replies

6. AIX

Nim on AIX 7.1 used to migrate AIX 5.3 to AIX 6.1...is possible?

Using nimadm: nimadm -j nimadmvg -c sap024 -s spot_6100 -l lpp_6100 -d "hdisk1" -Y Initializing the NIM master. Initializing NIM client sap024. 0505-205 nimadm: The level of bos.alt_disk_install.rte installed in SPOT spot_6100 (6.1.3.4) does not match the NIM master's level (7.1.1.2).... (2 Replies)
Discussion started by: sciacca75
2 Replies

7. AIX

Is it must to enable TCB on AIX LPARs ?

Hi, I've verified my AIX 7.1 LPAR , and TCB is disabled by default. #odmget -q attribute=TCB_STATE PdAt PdAt: uniquetype = "" attribute = "TCB_STATE" deflt = "tcb_disabled" values = "" width = "" type = "" generic = "" ... (3 Replies)
Discussion started by: System Admin 77
3 Replies

8. AIX

Will it affect my AIX LPAR security, when i set up email alerts on AIX server.

Hello, I've set up email alerts on AIX Servers. so that i can get email notifications (via mail relay server) when ever there is abnormal behavior. for example 1) my script monitors CPU/disk/memory etc... when it reaches high water ark, it will send an email alert. 2) disk usage alerts 3)... (5 Replies)
Discussion started by: System Admin 77
5 Replies

9. AIX

Samba 3.6 on AIX 7.1 - Windows 10 Access to AIX file shares using Active Directory authentication

I am running AIX 7.1 and currently we have samba 3.6.25 installed on the server. As it stands some AIX folders are shared that can be accessed by certain Windows users. The problem is that since Windows 10 the guest feature no longer works so users have to manually type in their Windows login/pwd... (14 Replies)
Discussion started by: linuxsnake
14 Replies

LEARN ABOUT OSX

perlos4005.16

PERLOS400(1)						 Perl Programmers Reference Guide					      PERLOS400(1)

NAME

       perlos400 - Perl version 5 on OS/400

DESCRIPTION

       This document describes various features of IBM's OS/400 operating system that will affect how Perl version 5 (hereafter just Perl) is
       compiled and/or runs.

       By far the easiest way to build Perl for OS/400 is to use the PASE (Portable Application Solutions Environment), for more information see
       <http://www.iseries.ibm.com/developer/factory/pase/index.html> This environment allows one to use AIX APIs while programming, and it
       provides a runtime that allows AIX binaries to execute directly on the PowerPC iSeries.

   Compiling Perl for OS/400 PASE
       The recommended way to build Perl for the OS/400 PASE is to build the Perl 5 source code (release 5.8.1 or later) under AIX.

       The trick is to give a special parameter to the Configure shell script when running it on AIX:

	 sh Configure -DPASE ...

       The default installation directory of Perl under PASE is /QOpenSys/perl.  This can be modified if needed with Configure parameter
       -Dprefix=/some/dir.

       Starting from OS/400 V5R2 the IBM Visual Age compiler is supported on OS/400 PASE, so it is possible to build Perl natively on OS/400.  The
       easier way, however, is to compile in AIX, as just described.

       If you don't want to install the compiled Perl in AIX into /QOpenSys (for packaging it before copying it to PASE), you can use a Configure
       parameter: -Dinstallprefix=/tmp/QOpenSys/perl.  This will cause the "make install" to install everything into that directory, while the
       installed files still think they are (will be) in /QOpenSys/perl.

       If building natively on PASE, please do the build under the /QOpenSys directory, since Perl is happier when built on a case sensitive
       filesystem.

   Installing Perl in OS/400 PASE
       If you are compiling on AIX, simply do a "make install" on the AIX box.	Once the install finishes, tar up the /QOpenSys/perl directory.
       Transfer the tarball to the OS/400 using FTP with the following commands:

	 > binary
	 > site namefmt 1
	 > put perl.tar /QOpenSys

       Once you have it on, simply bring up a PASE shell and extract the tarball.

       If you are compiling in PASE, then "make install" is the only thing you will need to do.

       The default path for perl binary is /QOpenSys/perl/bin/perl.  You'll want to symlink /QOpenSys/usr/bin/perl to this file so you don't have
       to modify your path.

   Using Perl in OS/400 PASE
       Perl in PASE may be used in the same manner as you would use Perl on AIX.

       Scripts starting with #!/usr/bin/perl should work if you have /QOpenSys/usr/bin/perl symlinked to your perl binary.  This will not work if
       you've done a setuid/setgid or have environment variable PASE_EXEC_QOPENSYS="N".  If you have V5R1, you'll need to get the latest PTFs to
       have this feature.  Scripts starting with #!/QOpenSys/perl/bin/perl should always work.

   Known Problems
       When compiling in PASE, there is no "oslevel" command.  Therefore, you may want to create a script called "oslevel" that echoes the level
       of AIX that your version of PASE runtime supports.  If you're unsure, consult your documentation or use "4.3.3.0".

       If you have test cases that fail, check for the existence of spool files.  The test case may be trying to use a syscall that is not
       implemented in PASE.  To avoid the SIGILL, try setting the PASE_SYSCALL_NOSIGILL environment variable or have a handler for the SIGILL.	If
       you can compile programs for PASE, run the config script and edit config.sh when it gives you the option.  If you want to remove fchdir(),
       which isn't implement in V5R1, simply change the line that says:

       d_fchdir='define'

       to

       d_fchdir='undef'

       and then compile Perl.  The places where fchdir() is used have alternatives for systems that do not have fchdir() available.

   Perl on ILE
       There exists a port of Perl to the ILE environment.  This port, however, is based quite an old release of Perl, Perl 5.00502 (August 1998).
       (As of July 2002 the latest release of Perl is 5.8.0, and even 5.6.1 has been out since April 2001.)  If you need to run Perl on ILE,
       though, you may need this older port: <http://www.cpan.org/ports/#os400> Note that any Perl release later than 5.00502 has not been ported
       to ILE.

       If you need to use Perl in the ILE environment, you may want to consider using Qp2RunPase() to call the PASE version of Perl.

AUTHORS

       Jarkko Hietaniemi <jhi@iki.fi> Bryan Logan <bryanlog@us.ibm.com> David Larson <larson1@us.ibm.com>

perl v5.16.2							    2012-10-11							      PERLOS400(1)
All times are GMT -4. The time now is 09:12 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy