04-23-2012
No offense - maybe explain your boss what a Trusted AIX installation means.
Taken from
Help - AIX 7.1 Information Center
Quote:
...
Please note that once you choose this mode of installation, you will not be able to go back to a regular AIX environment without performing an overwrite install of regular AIX. Evaluate your need for a Trusted AIX environment before choosing this mode of install. More details about Trusted AIX can be found in the AIX publicly available documentation.
...
* login and password controlled system and network access
* user, group, and world file access permissions
* access control lists (ACLs)
* Audit subsystem
* Role Based Access Control (RBAC)
Trusted AIX builds upon these primary AIX operating system security features to further enhance and extend AIX security into the networking subsystems.
...
I had a colleague trying out Trusted AIX, it was so limited in options that the idea was just discarded.
Maybe there is a slight chance that there is an option how to turn off RBAC, but my assumption is, that it is not possible.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi all.
I have a log file that the operators monitor. This file is simply tailed -f on a screen in the ops room. I would like to know if there is anyway I can disable the keyboard from any input other than physically unpluging it. Something like a trap in the script.
The system is AIX 5.2.
... (2 Replies)
Discussion started by: jhansrod
2 Replies
2. UNIX for Dummies Questions & Answers
I am able to disable direct root login through telnet. But when I add the rlogin = false into the /etc/security/user file. I am unable to log in as root from ssh. I uncommented the "PermitRootLogin yes" in the sshd_config file. Still can't log in. Can anyone help? (0 Replies)
Discussion started by: james0125
0 Replies
3. AIX
Hi All,
How do I disable inbound mail for AIX 5.3 server? I just need the outbound mail. It's using the native sendmail program.
Thank you! (1 Reply)
Discussion started by: itik
1 Replies
4. AIX
Hello,
I have AIX machine communication to mainframe machine. From AIX machine, i have to use always SSH communication. For this, i have created SSH tunnel in AIX machine and using FTP with SSH.
Now both connections are working:
1) only FTP to mainframe machine
2) create SSH and do FTP... (3 Replies)
Discussion started by: balareddy
3 Replies
5. AIX
Can someone help me disable the banner printing in AIX 6
I am using HPjetDirect Drivers. SO whenever i print anything from Oracle application, a banner is printed. like the one below
######### User: alices@hostname
##### Title: /etc/release
##### Date: Fri 17:23 Mar 27, 2009
##### ... (2 Replies)
Discussion started by: filosophizer
2 Replies
6. Shell Programming and Scripting
Hi All,
I have bash script, so what is sintax script in bash for Enable and Disable Tab Key. Thanks for your help.:(
Thanks,
Rico (1 Reply)
Discussion started by: carnegiex
1 Replies
7. AIX
Hi Team,
I want to either disable C-shell permanently from my system.
since the package bos.rte.shell 5.3.9.2 APPLIED Shells (bsh, ksh, csh)
contains all 3 shells, please guide me how I can remove or permanently disable cshell from my box.
I know I can rename /usr/bin/csh and disable but... (2 Replies)
Discussion started by: falgun6666
2 Replies
8. AIX
I need to change the security on our AIX servers and disable telnet from all but certain IP addresses.
I have hashed the telnet line in /etc/inetd.conf and added filter rules for those IP adds to allow access on port 23, but this didn't work.
Does anyone have any ideas?
Thanks. (2 Replies)
Discussion started by: Alps
2 Replies
9. Red Hat
Hi all Expertise,
I have following issue to solve,
SSL / TLS Renegotiation DoS (low) 222.225.12.13
Ease of Exploitation Moderate
Port 443/tcp
Family Miscellaneous
Following is the problem description:------------------
Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies
10. AIX
I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account
I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies
LEARN ABOUT OSX
perlos4005.16
PERLOS400(1) Perl Programmers Reference Guide PERLOS400(1)
NAME
perlos400 - Perl version 5 on OS/400
DESCRIPTION
This document describes various features of IBM's OS/400 operating system that will affect how Perl version 5 (hereafter just Perl) is
compiled and/or runs.
By far the easiest way to build Perl for OS/400 is to use the PASE (Portable Application Solutions Environment), for more information see
<http://www.iseries.ibm.com/developer/factory/pase/index.html> This environment allows one to use AIX APIs while programming, and it
provides a runtime that allows AIX binaries to execute directly on the PowerPC iSeries.
Compiling Perl for OS/400 PASE
The recommended way to build Perl for the OS/400 PASE is to build the Perl 5 source code (release 5.8.1 or later) under AIX.
The trick is to give a special parameter to the Configure shell script when running it on AIX:
sh Configure -DPASE ...
The default installation directory of Perl under PASE is /QOpenSys/perl. This can be modified if needed with Configure parameter
-Dprefix=/some/dir.
Starting from OS/400 V5R2 the IBM Visual Age compiler is supported on OS/400 PASE, so it is possible to build Perl natively on OS/400. The
easier way, however, is to compile in AIX, as just described.
If you don't want to install the compiled Perl in AIX into /QOpenSys (for packaging it before copying it to PASE), you can use a Configure
parameter: -Dinstallprefix=/tmp/QOpenSys/perl. This will cause the "make install" to install everything into that directory, while the
installed files still think they are (will be) in /QOpenSys/perl.
If building natively on PASE, please do the build under the /QOpenSys directory, since Perl is happier when built on a case sensitive
filesystem.
Installing Perl in OS/400 PASE
If you are compiling on AIX, simply do a "make install" on the AIX box. Once the install finishes, tar up the /QOpenSys/perl directory.
Transfer the tarball to the OS/400 using FTP with the following commands:
> binary
> site namefmt 1
> put perl.tar /QOpenSys
Once you have it on, simply bring up a PASE shell and extract the tarball.
If you are compiling in PASE, then "make install" is the only thing you will need to do.
The default path for perl binary is /QOpenSys/perl/bin/perl. You'll want to symlink /QOpenSys/usr/bin/perl to this file so you don't have
to modify your path.
Using Perl in OS/400 PASE
Perl in PASE may be used in the same manner as you would use Perl on AIX.
Scripts starting with #!/usr/bin/perl should work if you have /QOpenSys/usr/bin/perl symlinked to your perl binary. This will not work if
you've done a setuid/setgid or have environment variable PASE_EXEC_QOPENSYS="N". If you have V5R1, you'll need to get the latest PTFs to
have this feature. Scripts starting with #!/QOpenSys/perl/bin/perl should always work.
Known Problems
When compiling in PASE, there is no "oslevel" command. Therefore, you may want to create a script called "oslevel" that echoes the level
of AIX that your version of PASE runtime supports. If you're unsure, consult your documentation or use "4.3.3.0".
If you have test cases that fail, check for the existence of spool files. The test case may be trying to use a syscall that is not
implemented in PASE. To avoid the SIGILL, try setting the PASE_SYSCALL_NOSIGILL environment variable or have a handler for the SIGILL. If
you can compile programs for PASE, run the config script and edit config.sh when it gives you the option. If you want to remove fchdir(),
which isn't implement in V5R1, simply change the line that says:
d_fchdir='define'
to
d_fchdir='undef'
and then compile Perl. The places where fchdir() is used have alternatives for systems that do not have fchdir() available.
Perl on ILE
There exists a port of Perl to the ILE environment. This port, however, is based quite an old release of Perl, Perl 5.00502 (August 1998).
(As of July 2002 the latest release of Perl is 5.8.0, and even 5.6.1 has been out since April 2001.) If you need to run Perl on ILE,
though, you may need this older port: <http://www.cpan.org/ports/#os400> Note that any Perl release later than 5.00502 has not been ported
to ILE.
If you need to use Perl in the ILE environment, you may want to consider using Qp2RunPase() to call the PASE version of Perl.
AUTHORS
Jarkko Hietaniemi <jhi@iki.fi> Bryan Logan <bryanlog@us.ibm.com> David Larson <larson1@us.ibm.com>
perl v5.16.2 2012-10-11 PERLOS400(1)