09-18-2008
AIX and TCB and AIXpert
HI
Thanx for the feedback, really appreciate it. I have done some checking on your recommended AIXpert. It looks good and is part of AIX from what I can see. It's also continued in AIX 6.1, so that's great, although AIX 6.1 now has a revised upgraded version of TCB. Now I just need to convince the client AIXpert a better way to go and find out how to use/config it.
As for TCB on AIX 5.3, the best info I could find was actually in the AIX 4.3
Elements of Security red book
http://www.redbooks.ibm.com/redbooks/pdfs/sg245962.pdf
And with speaking to IBM it seems like there is not much support/knowledge of/for TCB. This is understanable as not many systems like to be limited to a feature that would reaquire a re-install to disable. However if security is your top concern then there will be sacrifies.
AIX TCB details
- TCB must remain part of rootvg (thus make sure rootvg is on optimal disk for high I/O)
- Will only monitor static flat files, no database integration (Although it seems as AIX 6.1 has a feature that might provide some type of database monitoring?)
- Monitors files/devices/etc listed in /etc/secuirty/sysck.cfg
- Can possible be switched off and on with odm commands?
- Performance overhead would relate directly to how many alerts/checks are configured in /etc/security/sysck.cfg and how frequently they are monitored
regards
9 More Discussions You Might Find Interesting
1. AIX
I wanted to do an "Alternate Disk Migration" via my NIM server to update several clients (all LPARs in a p670) from 5.1 ML6 to 5.2 ML3. As a prerequisite the procedure says "if the system has the Trusted Computing Base enabled it has to be switched off before".
Well, i didn't give this too much... (3 Replies)
Discussion started by: bakunin
3 Replies
2. AIX
Is it necessary to put system into single user mode for applying aix 5.3 TL8 on a aix 5.3.5.0 system ?
Is the TL8 installation not totally safe ?
thank you. (6 Replies)
Discussion started by: astjen
6 Replies
3. AIX
Hi,
redbook documentation is telling that IY17981 fix is required for aix 4.3.3 to aix 5L migration. But there is no mention about that fix in any ML installation packages.
- My system is ML11 :
oslevel –r
4330-11
- But xlC.rte is on wrong version :
lslpp -L xlC.rte
xlC.rte ... (3 Replies)
Discussion started by: astjen
3 Replies
4. AIX
Steps to upgrade AIX TL ( technology Level ) / Maintenance Level in AIX ( including Firmware HMC VIOS )
This article or post covers upgrades for
- Hardware Management Console ( HMC )
- Firmware ( also known as microcode )
- VIO ( Virtual I/O Server = PowerVM )
- AIX Version, Technology... (2 Replies)
Discussion started by: filosophizer
2 Replies
5. AIX
Habe folgende Frage an der ich mich schwer tue,
Welche Möglichkeiten bietet IBM's Betriebssystem "AIX" hinsichtlich der Ausbildung einer TCB-Umgebung?
vielen Dank (6 Replies)
Discussion started by: Invisibleye86
6 Replies
6. AIX
Using nimadm:
nimadm -j nimadmvg -c sap024 -s spot_6100 -l lpp_6100 -d "hdisk1" -Y
Initializing the NIM master.
Initializing NIM client sap024.
0505-205 nimadm: The level of bos.alt_disk_install.rte installed in SPOT
spot_6100 (6.1.3.4) does not match the NIM master's level (7.1.1.2).... (2 Replies)
Discussion started by: sciacca75
2 Replies
7. AIX
Hi,
I've verified my AIX 7.1 LPAR , and TCB is disabled by default.
#odmget -q attribute=TCB_STATE PdAt
PdAt:
uniquetype = ""
attribute = "TCB_STATE"
deflt = "tcb_disabled"
values = ""
width = ""
type = ""
generic = ""
... (3 Replies)
Discussion started by: System Admin 77
3 Replies
8. AIX
Hello,
I've set up email alerts on AIX Servers. so that i can get email notifications (via mail relay server) when ever there is abnormal behavior.
for example
1) my script monitors CPU/disk/memory etc... when it reaches high water ark, it will send an email alert.
2) disk usage alerts
3)... (5 Replies)
Discussion started by: System Admin 77
5 Replies
9. AIX
I am running AIX 7.1 and currently we have samba 3.6.25 installed on the server. As it stands some AIX folders are shared that can be accessed by certain Windows users.
The problem is that since Windows 10 the guest feature no longer works so users have to manually type in their Windows login/pwd... (14 Replies)
Discussion started by: linuxsnake
14 Replies
LEARN ABOUT OPENDARWIN
audit_event
audit_event(4) File Formats audit_event(4)
NAME
audit_event - audit event definition and class mapping
SYNOPSIS
/etc/security/audit_event
DESCRIPTION
/etc/security/audit_event is a user-configurable ASCII system file that stores event definitions used in the audit system. As part of this
definition, each event is mapped to one or more of the audit classes defined in audit_class(4). See audit_control(4) and audit_user(4) for
information about changing the preselection of audit classes in the audit system. Programs can use the getauevent(3BSM) routines to access
audit event information.
The fields for each event entry are separated by colons. Each event is separated from the next by a <NEWLINE>.Each entry in the audit_event
file has the form:
number:name:description:flags
The fields are defined as follows:
number Event number.
Event number ranges are assigned as follows:
0 Reserved as an invalid event number.
1-2047 Reserved for the Solaris Kernel events.
2048-32767 Reserved for the Solaris TCB programs.
32768-65535 Available for third party TCB applications.
System administrators must not add, delete, or modify (except to change the class mapping), events with an
event number less than 32768. These events are reserved by the system.
name Event name.
description Event description.
flags Flags specifying classes to which the event is mapped. Classes are comma separated, without spaces.
Obsolete events are commonly assigned to the special class no (invalid) to indicate they are no longer generated. Obsolete
events are retained to process old audit trail files. Other events which are not obsolete may also be assigned to the no
class.
EXAMPLES
Example 1: Using the audit_event File
The following is an example of some audit_event file entries:
7:AUE_EXEC:exec(2):ps,ex
79:AUE_OPEN_WTC:open(2) - write,creat,trunc:fc,fd,fw
6152:AUE_login:login - local:lo
6153:AUE_logout:logout:lo
6154:AUE_telnet:login - telnet:lo
6155:AUE_rlogin:login - rlogin:lo
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability | See below |
+-----------------------------+-----------------------------+
The file format stability is evolving. The file content is unstable.
FILES
/etc/security/audit_event
SEE ALSO
bsmconv(1M), getauevent(3BSM), audit_class(4), audit_control(4), audit_user(4)
NOTES
This functionality is available only if the Basic Security Module (BSM) has been enabled. See bsmconv(1M) for more information.
SunOS 5.10 6 Jan 2003 audit_event(4)