04-23-2012
No offense - maybe explain your boss what a Trusted AIX installation means.
Taken from
Help - AIX 7.1 Information Center
Quote:
...
Please note that once you choose this mode of installation, you will not be able to go back to a regular AIX environment without performing an overwrite install of regular AIX. Evaluate your need for a Trusted AIX environment before choosing this mode of install. More details about Trusted AIX can be found in the AIX publicly available documentation.
...
* login and password controlled system and network access
* user, group, and world file access permissions
* access control lists (ACLs)
* Audit subsystem
* Role Based Access Control (RBAC)
Trusted AIX builds upon these primary AIX operating system security features to further enhance and extend AIX security into the networking subsystems.
...
I had a colleague trying out Trusted AIX, it was so limited in options that the idea was just discarded.
Maybe there is a slight chance that there is an option how to turn off RBAC, but my assumption is, that it is not possible.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi all.
I have a log file that the operators monitor. This file is simply tailed -f on a screen in the ops room. I would like to know if there is anyway I can disable the keyboard from any input other than physically unpluging it. Something like a trap in the script.
The system is AIX 5.2.
... (2 Replies)
Discussion started by: jhansrod
2 Replies
2. UNIX for Dummies Questions & Answers
I am able to disable direct root login through telnet. But when I add the rlogin = false into the /etc/security/user file. I am unable to log in as root from ssh. I uncommented the "PermitRootLogin yes" in the sshd_config file. Still can't log in. Can anyone help? (0 Replies)
Discussion started by: james0125
0 Replies
3. AIX
Hi All,
How do I disable inbound mail for AIX 5.3 server? I just need the outbound mail. It's using the native sendmail program.
Thank you! (1 Reply)
Discussion started by: itik
1 Replies
4. AIX
Hello,
I have AIX machine communication to mainframe machine. From AIX machine, i have to use always SSH communication. For this, i have created SSH tunnel in AIX machine and using FTP with SSH.
Now both connections are working:
1) only FTP to mainframe machine
2) create SSH and do FTP... (3 Replies)
Discussion started by: balareddy
3 Replies
5. AIX
Can someone help me disable the banner printing in AIX 6
I am using HPjetDirect Drivers. SO whenever i print anything from Oracle application, a banner is printed. like the one below
######### User: alices@hostname
##### Title: /etc/release
##### Date: Fri 17:23 Mar 27, 2009
##### ... (2 Replies)
Discussion started by: filosophizer
2 Replies
6. Shell Programming and Scripting
Hi All,
I have bash script, so what is sintax script in bash for Enable and Disable Tab Key. Thanks for your help.:(
Thanks,
Rico (1 Reply)
Discussion started by: carnegiex
1 Replies
7. AIX
Hi Team,
I want to either disable C-shell permanently from my system.
since the package bos.rte.shell 5.3.9.2 APPLIED Shells (bsh, ksh, csh)
contains all 3 shells, please guide me how I can remove or permanently disable cshell from my box.
I know I can rename /usr/bin/csh and disable but... (2 Replies)
Discussion started by: falgun6666
2 Replies
8. AIX
I need to change the security on our AIX servers and disable telnet from all but certain IP addresses.
I have hashed the telnet line in /etc/inetd.conf and added filter rules for those IP adds to allow access on port 23, but this didn't work.
Does anyone have any ideas?
Thanks. (2 Replies)
Discussion started by: Alps
2 Replies
9. Red Hat
Hi all Expertise,
I have following issue to solve,
SSL / TLS Renegotiation DoS (low) 222.225.12.13
Ease of Exploitation Moderate
Port 443/tcp
Family Miscellaneous
Following is the problem description:------------------
Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies
10. AIX
I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account
I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies
LEARN ABOUT DEBIAN
bup-margin
bup-margin(1) General Commands Manual bup-margin(1)
NAME
bup-margin - figure out your deduplication safety margin
SYNOPSIS
bup margin [options...]
DESCRIPTION
bup margin iterates through all objects in your bup repository, calculating the largest number of prefix bits shared between any two
entries. This number, n, identifies the longest subset of SHA-1 you could use and still encounter a collision between your object ids.
For example, one system that was tested had a collection of 11 million objects (70 GB), and bup margin returned 45. That means a 46-bit
hash would be sufficient to avoid all collisions among that set of objects; each object in that repository could be uniquely identified by
its first 46 bits.
The number of bits needed seems to increase by about 1 or 2 for every doubling of the number of objects. Since SHA-1 hashes have 160 bits,
that leaves 115 bits of margin. Of course, because SHA-1 hashes are essentially random, it's theoretically possible to use many more bits
with far fewer objects.
If you're paranoid about the possibility of SHA-1 collisions, you can monitor your repository by running bup margin occasionally to see if
you're getting dangerously close to 160 bits.
OPTIONS
--predict
Guess the offset into each index file where a particular object will appear, and report the maximum deviation of the correct answer
from the guess. This is potentially useful for tuning an interpolation search algorithm.
--ignore-midx
don't use .midx files, use only .idx files. This is only really useful when used with --predict.
EXAMPLE
$ bup margin
Reading indexes: 100.00% (1612581/1612581), done.
40
40 matching prefix bits
1.94 bits per doubling
120 bits (61.86 doublings) remaining
4.19338e+18 times larger is possible
Everyone on earth could have 625878182 data sets
like yours, all in one repository, and we would
expect 1 object collision.
$ bup margin --predict
PackIdxList: using 1 index.
Reading indexes: 100.00% (1612581/1612581), done.
915 of 1612581 (0.057%)
SEE ALSO
bup-midx(1), bup-save(1)
BUP
Part of the bup(1) suite.
AUTHORS
Avery Pennarun <apenwarr@gmail.com>.
Bup unknown- bup-margin(1)