AIX Security Expert supports a variety of security settings by default. However, it’s possible that AIX Security Expert doesn’t provide a command/script for some security settings. In such a case, it’s relatively easy to implement your own script, which can then be called via a custom rule.

As an example, we’ll develop a script below, that sets and checks the PermitRootLogin attribute for the SSH daemon. After testing, the script will be extended to support any attributes.

When structuring the script, we’re following IBM’s existing scripts and trying to use the same style and variable names as much as possible. This should make the existing scripts easier to read.

Note: The development and testing of such a script should be done on a development system.