Under Construction

Working with AIX > AIX Security > AIX Security Expert (AIXPert)

Introduction to AIX Security Expert

AIX Security Expert can be installed on a system using the bos.aixpert.cmds fileset. In addition to the included aixpert command for configuring and administering AIX Security Expert, it also contains a number of additional files and scripts that are installed on the system under /etc/security/aixpert. This directory includes the following directories:

    • bin – Scripts and binaries to modify and check security settings
    • core – Contains the XML file aixpertall.xml with the definitions of all supported security settings for all security levels defined by IBM.
    • custom – This directory is intended for your own security profiles.
    • dictionary – Dictionary for password verification.
    • ldap – Used for files downloaded from the LDAP server.
    • log – Contains log files of AIX Security Expert runs.
    • tmp – Used by AIX Security Expert for temporary files.
    • undo – Contains files needed to undo changes to security settings.

The XML file aixpertall.xml, located in the /etc/security/aixpert/core directory, contains all security levels defined by IBM. These are the following:

    • High Level Security (HLS): high security level, services such as telnet, rlogin or ftp are not allowed.
    • Medium Level Security (MLS): medium security level, services such as telnet and ftp are allowed.
    • Low Level Security (LLS): lowest security level.
    • Default Level Security (DLS): corresponds to the security level of a system after installation.
    • SOX-COBIT Security (SCBPS):

In addition to these predefined security levels, administrators can define their own security levels.

Whether a security level has been applied to a system can be checked with the command “aixpert -t“. For example, if the security level MLS (medium) has been applied, the following output is obtained:

# aixpert -t
Applied Profiles:MLS   
#

If no security level was applied, the command displays one of the following two messages:

# aixpert -t
There are no security rules are applied in file /etc/security/aixpert/core/appliedaixpert.xml
#
# aixpert -t
File /etc/security/aixpert/core/appliedaixpert.xml does not exist
#

Checking a System against any XML Security Profile

Applying a Security Level

Prereq Requirements are not met

Implementing a Rule fails

Checking the current Security Settings of a System

Resetting Security Settings (undo)

Applying the Default Security Level