Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Disable RBAC - AIX
Operating Systems AIX Disable RBAC - AIX Post 302628301 by zaxxon on Monday 23rd of April 2012 09:05:38 AM
Old 04-23-2012
No offense - maybe explain your boss what a Trusted AIX installation means.
Taken from Help - AIX 7.1 Information Center
Quote:
...
Please note that once you choose this mode of installation, you will not be able to go back to a regular AIX environment without performing an overwrite install of regular AIX. Evaluate your need for a Trusted AIX environment before choosing this mode of install. More details about Trusted AIX can be found in the AIX publicly available documentation.
...
* login and password controlled system and network access
* user, group, and world file access permissions
* access control lists (ACLs)
* Audit subsystem
* Role Based Access Control (RBAC)

Trusted AIX builds upon these primary AIX operating system security features to further enhance and extend AIX security into the networking subsystems.
...
I had a colleague trying out Trusted AIX, it was so limited in options that the idea was just discarded.

Maybe there is a slight chance that there is an option how to turn off RBAC, but my assumption is, that it is not possible.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Disable Keyboard in AIX 5.2

Hi all. I have a log file that the operators monitor. This file is simply tailed -f on a screen in the ops room. I would like to know if there is anyway I can disable the keyboard from any input other than physically unpluging it. Something like a trap in the script. The system is AIX 5.2. ... (2 Replies)
Discussion started by: jhansrod
2 Replies

2. UNIX for Dummies Questions & Answers

Disable root for AIX 5.2

I am able to disable direct root login through telnet. But when I add the rlogin = false into the /etc/security/user file. I am unable to log in as root from ssh. I uncommented the "PermitRootLogin yes" in the sshd_config file. Still can't log in. Can anyone help? (0 Replies)
Discussion started by: james0125
0 Replies

3. AIX

disable inbound mail for AIX 5.3

Hi All, How do I disable inbound mail for AIX 5.3 server? I just need the outbound mail. It's using the native sendmail program. Thank you! (1 Reply)
Discussion started by: itik
1 Replies

4. AIX

FTP access disable in AIX

Hello, I have AIX machine communication to mainframe machine. From AIX machine, i have to use always SSH communication. For this, i have created SSH tunnel in AIX machine and using FTP with SSH. Now both connections are working: 1) only FTP to mainframe machine 2) create SSH and do FTP... (3 Replies)
Discussion started by: balareddy
3 Replies

5. AIX

Disable Banner Printing AIX ?

Can someone help me disable the banner printing in AIX 6 I am using HPjetDirect Drivers. SO whenever i print anything from Oracle application, a banner is printed. like the one below ######### User: alices@hostname ##### Title: /etc/release ##### Date: Fri 17:23 Mar 27, 2009 ##### ... (2 Replies)
Discussion started by: filosophizer
2 Replies

6. Shell Programming and Scripting

How to disable Enable/Disable Tab Key

Hi All, I have bash script, so what is sintax script in bash for Enable and Disable Tab Key. Thanks for your help.:( Thanks, Rico (1 Reply)
Discussion started by: carnegiex
1 Replies

7. AIX

How to disable/remove c-shell in aix?

Hi Team, I want to either disable C-shell permanently from my system. since the package bos.rte.shell 5.3.9.2 APPLIED Shells (bsh, ksh, csh) contains all 3 shells, please guide me how I can remove or permanently disable cshell from my box. I know I can rename /usr/bin/csh and disable but... (2 Replies)
Discussion started by: falgun6666
2 Replies

8. AIX

Allow telnet in AIX from specific IP adds, but disable for everyone else

I need to change the security on our AIX servers and disable telnet from all but certain IP addresses. I have hashed the telnet line in /etc/inetd.conf and added filter rules for those IP adds to allow access on port 23, but this didn't work. Does anyone have any ideas? Thanks. (2 Replies)
Discussion started by: Alps
2 Replies

9. Red Hat

SSL/TLS renegotiation DoS -how to disable? Is it advisable to disable?

Hi all Expertise, I have following issue to solve, SSL / TLS Renegotiation DoS (low) 222.225.12.13 Ease of Exploitation Moderate Port 443/tcp Family Miscellaneous Following is the problem description:------------------ Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)
Discussion started by: manalisharmabe
2 Replies

10. AIX

AIX Disable direct root login problems

I have disabled rlogin for root successfully , but after that i could not login to root from console and could not su to root from other users as it responded as expired account I did not have any admin user but I have managed to recover the situation by accessing rootvg before mounting it, but... (5 Replies)
Discussion started by: majd_ece
5 Replies

LEARN ABOUT DEBIAN

gradm2

GRADM(8)						      System Manager's Manual							  GRADM(8)

NAME

       gradm - Administration program for the grsecurity RBAC system

SYNOPSIS

       gradm  [ -E ] [ -R ] [ -C ] [ -F ] [ -L <logfile> ] [ -O <filename|stream> ] [ -M <filename|uid> ] [ -D ] [ -P [rolename] ] [ -a <rolename>
       ] [ -n <rolename> ] [ -p <rolename> ] [ -u ] [ -V ] [ -h ] [ -v ]

DESCRIPTION

       gradm is the userspace RBAC parsing and authentication program for grsecurity

       grsecurity aims to be a complete security system for Linux 2.4.	gradm performs several tasks for the RBAC system  including  authenticated
       via a password to the kernel and parsing rules to be passed to the kernel.

OPTIONS

       All options to gradm are mutually exclusive, except for -L and -O.

       -E     Enable the RBAC system

       -R     Reload the RBAC system (only valid while in admin mode)

       -C     Perform a check of the RBAC policy, running the same analysis against it that is performed when enabling.

       -F     Toggle  full  learning  mode.   If  used only with -L, it enables the RBAC system in full learning mode.	If used with -L and -O, it
	      parses the full learning logs and generates a complete ruleset.

       -M <filename|uid>
	      Remove an execution ban on a given uid or filename that has been put in place by the RES_CRASH resource restriction of the RBAC sys-
	      tem.

       -L <logfile>
	      Parses  the  learning  logs.  Accepts an argument which specifies the logfile to scan for the learning logs.  If "-" is specified as
	      the logfile, stdin will be used as the learning log.  This option can be used with -E, -O, or -F.

       -O <filename|stream>
	      Specifies output mode.  Requires a single argument that can be "stdout", "stderr", or a regular file.  Only used with -L or -F.

       -D     Disable the RBAC system

       -P [rolename]
	      Without an argument, it sets the password for administering the RBAC system.  With a role name as an argument, it sets the  password
	      for that given special role.

       -a <rolename>
	      Authenticate to a special role that requires a password.

       -n <rolename>
	      Authenticate to a special role that does not require a password.

       -p <rolename>
	      Authenticate through PAM to a special role.

       -u     Removes yourself from your current special role, reverting back to the normal role selection.  To be used, for instance, for logging
	      out of an admin role without exiting your shell.

       -V     Displays verbose policy statistics when enabling the RBAC system or checking the RBAC policy.  Can only be used with -C, -E,  or	-F
	      -L <filename>

       -h     Display help information

       -v     Print version information and exit

REPORTING BUGS

       Please include as much information as possible(using any available debugging options) and send bug reports for gradm or the grsecurity RBAC
       system to spender@grsecurity.net.

AUTHOR

       grsecurity and gradm were created and are maintained by Brad Spengler <spender@grsecurity.net>

																	  GRADM(8)
All times are GMT -4. The time now is 09:00 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy