Quote:
Originally Posted by
blackrageous
You usually turn trusted aix on when you're doing an installation. Please refer to the documentation for additional information.
In fact this is the
only point in time where you can switch it on. TCB creates checksums for every file and because the status of a file can only be verified to be uncompromised during an original install this is the only place/time to switch it on. Further, switching on TCB will prevent any further update and/or alt_disk_install of the system because of exactly this fact. (You
can indeed do updates but these will disable TCB in the process.)
Best practice is to stay clear of TCB because it creates more problems than it solves, but this is
common sense - don't argue that way with managers, only with technical persons.
Quote:
we do not have any kind of anti-virus software and security scanner on my AIX LPARs.
Yes - and i do not have a wheel chair. Not, because i could not get one, but because i do not need one. There are no known viruses for AIX in existence and as long as you follow best practices for administrating AIX systems (for instance, using "root" only for administration, ...) there is no way a virus could affect them. Affording every system to have virus scanners is a plan usually hatched by managers who do not understand the difference between their Windoze-laptop and an AIX-LPAR.
Do not try to educate them (if they could be brought to thinking they wouldn't be in the position they are). The best way to deal with them is to silently ignore them.
I hope this helps.
bakunin