The security settings supported by AIX Security Expert are defined via XML files. Each security setting is defined by a rule in the form of an XML element. In addition to the rule name and description, the XML element also defines dependencies on installed software (filesets) and other rules. Furthermore, a command to be executed is defined for each rule that sets or checks the security setting. If the command must be called with arguments, the arguments are also defined in the XML element. In most cases, the commands to be executed are shell scripts contained in the bos.aixpert.cmds fileset.

The currently applied security settings can be found in the XML file /etc/security/aixpert/core/appliedaixpert.xml. This file is typically created using one of the two commands “aixpert -l <level>” or “aixpert -f <filename>“. To implement the security settings, all rules in this XML file are processed by running the specified command, including the specified arguments. After all rules/commands have been successfully executed, the corresponding security level is applied.

The system check process is similar. All rules in the XML file appliedaixpert.xml are processed, with the specified commands being launched with the environment variable AIXPERT_CHECK_REPORT=1 set. The commands or scripts are written so that this variable is checked, and if the variable is set, only a check is performed.

The exact structure of the XML files and the processes for applying and checking security settings are described in more detail in the following sections.