The AIX Security Expert can be used to harden the security settings of an AIX system. Around 400 security settings are supported, ranging from password settings to network services and firewall rules (IPsec filters). A number of security levels are predefined (high, medium, low, default). Each of these security levels includes a more or less large list of security settings, each with concrete values. In the simplest case, the administrator can apply one of these predefined security levels to the system, and the associated security settings are then set to the values specified by the security level. A check of the currently set security settings against the applied security level is easily possible at any time.

The advantages of the AIX Security Expert compared to third-party solutions are as follows:

• • The AIX Security Expert is part of the AIX operating system (fileset bos.aixpert) and is therefore supported by IBM.
  • The AIX Security Expert has a number of preconfigured security levels that can be used.
  • Security levels can not only be checked, but also applied. This makes it easy to harden a system.
  • Preconfigured security levels are relatively easy to change and adapt to local needs.
  • The AIX Security Expert can be enhanced to include your own security settings.
  • Configuration and administration is done with just one command: aixpert.
  • The current security settings can be compared against the desired security settings at any time.