Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Securing AIX - Hardening Lesson 101
Operating Systems AIX Securing AIX - Hardening Lesson 101 Post 302772774 by bakunin on Tuesday 26th of February 2013 07:38:43 PM
Old 02-26-2013
Here is my checklist of security-related things i do when i install a new system:
  • Create administrative FSes
    root needs some places to store things: system documentation, logs, scripts, etc.. In most cases there is "/usr/local/bin" and roots home. Create FSes for some or all of these directories so that the content doesn't land in "/". Full root-fses usually cause some headache for the admins.
  • Install ssh
    You need ssh itself and openssl for that. Get both from IBMs Linux Toolbox for AIX website and install with rpm.
  • Disable "classic" means of connection: telnet, ftp, rlogin, rexec, ....
    Notice that you might need rlogin in some cases, but as a rule of thumb all these non-securified services should be disabled. Make sure these will not be started at system start any more.
  • Disable/limit root-login
    The best way to become root is to log on with your regular user-ID and then switch to root. Therefore remote login for root can and should be disabled. Console login should be allowed, because there might be emergency situations where it is necessary. Someone able to get to the console is most probably also allowed to log on as root.
  • Set up sudo
    Download from the IBM site where you got ssh.
  • Set up ntp
    Especially when you use Kerberos you need consistent timekeeping throughout your environment, so connect your system to your local Stratum-2-server. Set the method to "slew" for database systems (i.e. Oracle is quite picky about duplicate timestamps when you set it to "step").
  • Edit /etc/motd and /etc/security/login.cfg
    Its a good idea to be able to immediately recognize at which system you are when you log on. If you put some distinct banners at the login screen chances are you notice them even in times of stress if you have mistyped the machines name. (It is really easy to type "ssh server3" instead of "ssh server2" or something such.)
I hope this helps.

bakunin
 

8 More Discussions You Might Find Interesting

1. Solaris

Hardening Solaris

What do we need to do to harden a freshly installed solaris OS? like disable telnet, no ftp for root etc...What all services you need to stop? How to check what ports are open? etc etc....please provide all tips that come to your mind...thanks:) (5 Replies)
Discussion started by: rcmrulzz
5 Replies

2. UNIX for Advanced & Expert Users

Lesson Learned: Dual boot XP and Fedora 9

This post captures my recent experience in getting my Dell XPS Gen 3 to support dual boot of Windows XP (Professional) and the Fedora 9 Linux distribution. I searched quite a bit on the internet and found, of course, a variety of opinions regarding how to setup this type (dual boot) of... (1 Reply)
Discussion started by: rlandon@usa.net
1 Replies

3. Shell Programming and Scripting

Rename multiple files lesson

Hi All, So I found a cool way to change extensions to multiple files with: for i in *.doc do mv $i ${i%.doc}.txt done However, what I want to do is move *.txt to *_0hr.txt but the following doesn't work: for i in *.txt do mv $i ${i%.txt}_0hr.txt done My questions are (1) Why... (2 Replies)
Discussion started by: ScKaSx
2 Replies

4. Shell Programming and Scripting

Textfile lesson

Tag allerseits Ich habe ein umfangreiches Script. Darin möchte ich zu Beginn ein textfile lesen. Den ersten Satz. Dann kommen mehrere Instruktionen und dann soll wieder gelesen werden. Den zweiten Satz. Etc. Ich kann also das herkömmliche while read xyz / do ... done nicht benützen. ... (0 Replies)
Discussion started by: lazybaer
0 Replies

5. Cybersecurity

securing AIX box

Guys, i want to securing AIX after install by scrath. Is anybody can inform about the standard port which used by AIX? (0 Replies)
Discussion started by: michlix
0 Replies

6. AIX

Securing AIX

Guys, i want to securing AIX after install by scratch. Is anybody can inform about the standard port which used by AIX? (4 Replies)
Discussion started by: michlix
4 Replies

7. AIX

AIX 101 : Sys Admin Pocket Survival Guide

HOW-TO AIX Admin 101 Sys Admin Pocket Survival Guide - AIX Worth checking it out and printing it. (1 Reply)
Discussion started by: filosophizer
1 Replies

8. Web Development

Oracle Jet - LP: 10. Lesson 1: Oracle JET 4.x - Lesson 1 - Part 4: Data Binding

Working on LP: 10. Lesson 1: Oracle JET 4.x - Lesson 1 - Part 4: Data Binding in this Oracle JET online course - Soar higher with Oracle JavaScript Extension Toolkit (JET), I have created this code for incidents.js I cannot get the load average data in this Oracle JET test to update the... (4 Replies)
Discussion started by: Neo
4 Replies

LEARN ABOUT DEBIAN

blaze-remove

BLAZE-REMOVE(1) 					    BlazeBlogger Documentation						   BLAZE-REMOVE(1)

NAME

       blaze-remove  - removes a post or page from the BlazeBlogger repository

SYNOPSIS

       blaze-remove [-fipqPV] [-b directory] id...

       blaze-remove -h|-v

DESCRIPTION

       blaze-remove removes a blog post or a page with the specified id from the BlazeBlogger repository.

OPTIONS

       -b directory, --blogdir directory
	   Allows you to specify a directory in which the BlazeBlogger repository is placed. The default option is a current working directory.

       -p, --page, --pages
	   Tells blaze-remove to remove a page or pages.

       -P, --post, --posts
	   Tells blaze-remove to remove a blog post or blog posts. This is the default option.

       -f, --force
	   Disables requiring manual confirmation of each blog post or page removal.  This is the default option.

       -i, --interactive
	   Enables requiring manual confirmation of each blog post or page removal.

       -q, --quiet
	   Disables displaying of unnecessary messages.

       -V, --verbose
	   Enables displaying of all messages. This is the default option.

       -h, --help
	   Displays usage information and exits.

       -v, --version
	   Displays version information and exits.

EXAMPLE USAGE

       Remove a blog post:

	 ~]$ blaze-remove 10
	 Successfully removed the post with ID 10.

       Remove a page:

	 ~]$ blaze-remove -p 4
	 Successfully removed the page with ID 4.

       Remove multiple blog posts:

	 ~]$ blaze-remove 10 4 6
	 Successfully removed the post with ID 10, 4 and 6.

       Remove multiple blog posts safely:

	 ~]$ blaze-remove -i 10 4 6
	 Remove the post with ID 10 titled `Debian and Fedora Packages'? y
	 Remove the post with ID 4 titled `BlazeBlogger 0.8.0 RC2'? y
	 Remove the post with ID 6 titled `BlazeBlogger 0.8.1'? y
	 Successfully removed the post with ID 10, 4 and 6.

SEE ALSO

       blaze-config(1), blaze-add(1), blaze-list(1)

BUGS

       To report a bug or to send a patch, please, add a new issue to the bug tracker at <http://code.google.com/p/blazeblogger/issues/>, or visit
       the discussion group at <http://groups.google.com/group/blazeblogger/>.

COPYRIGHT

       Copyright (C) 2008-2011 Jaromir Hradilek

       This program is free software; see the source for copying conditions. It is distributed in the hope that it will be useful, but WITHOUT ANY
       WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Version 1.2.0							    2012-03-05							   BLAZE-REMOVE(1)
All times are GMT -4. The time now is 05:14 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy