To test the script, a corresponding rule is required. We create the XML file sshd.xml in the /etc/security/aixpert/custom directory with the following content:

# cat /etc/security/aixpert/custom/sshd.xml
<?xml version="1.0" encoding="UTF-8"?>
<AIXPertSecurityHardening>
  <AIXPertEntry name="test_permitrootlogin" function="permitrootlogin">
    <AIXPertRuleType type="TEST"/>
    <AIXPertDescription>Ensure that PermitRootLogin is False.</AIXPertDescription>
    <AIXPertPrereqList>openssh.base.server</AIXPertPrereqList>
    <AIXPertCommand>/etc/security/aixpert/bin/local_chsshdconf</AIXPertCommand>
    <AIXPertArgs></AIXPertArgs>
    <AIXPertGroup>SSH policy rules</AIXPertGroup>
  </AIXPertEntry>

</AIXPertSecurityHardening>
#

The XML file contains only one rule named test_permitrootlogin with the function permitrootlogin. We used TEST as the type (AIXPertRuleType). The description (AIXPertDescription) was “Ensure that PermitRootLogin is False“. Since the SSH daemon is installed with the openssh.base.server fileset, we specified this fileset as a prerequisite. We specified the absolute path to our script above (local_chsshdconf) as the command (AIXPertCommand). We omitted any arguments for now. Finally, we specified the new group “SSH policy rules” as the group (AIXPertGroup).