Differences

This shows you the differences between two versions of the page.

--- aix:powersc [2025/08/19 12:04]
manu [Register a new host (endpoint) on PowerSC Server UI]
+++ aix:powersc [2025/10/01 15:40] (current)
manu [Server installation]
@@ Line 109: / Line 109: @@
 powersc:x:10000:qualysagent
-[root@lnxpwrsc01 powersc]# pscuiserverctl set logonGroupList powersc
+[root@lnxpwrsc01 powersc]# pscuiserverctl set logonGroupList powersc,root
-logonGroupList=powersc
+logonGroupList=powersc,root
-[root@lnxpwrsc01 powersc]# pscuiserverctl set administratorGroupList powersc
+[root@lnxpwrsc01 powersc]# pscuiserverctl set administratorGroupList powersc,root
-administratorGroupList=powersc
+administratorGroupList=powersc,root
 </cli>
@@ Line 121: / Line 121: @@
 [root@lnxpwrsc01 powersc]# cat /etc/security/powersc/uiServer/uiServer.conf.properties
-logonGroupList=powersc
+logonGroupList=powersc,root
 httpPort=80
 httpsPort=443
-administratorGroupList=powersc
+administratorGroupList=powersc,root
 bindAddress=192.168.1.2
+powervcKeystoneUrl=https://lnxpwrsc01.test.lu/
+</cli>
+<cli prompt='#'>
+[root@lnxpwrsc01 powersc]# cat /etc/security/powersc/uiServer/groups.txt
+security=*
+pscadm=*
+powersc=*
 </cli>
@@ Line 202: / Line 210: @@
   * Database – Provides general purpose database security hardening
   * additionnal like CIS, and predefined aixpert policies
+Consider the following recommendations, as specified in https://www.cisecurity.org/benchmark/ibm_aix/:
+  * Level 1 benchmark recommendations are intended to:
+<code>
+    Be practical and prudent
+    Provide a clear security benefit
+    Do not inhibit the utility of the technology beyond acceptable means
+</code>
+  * Level 2 benchmark recommendations exhibit one or more of the following characteristics:
+<code>
+    Are intended for environments or use cases where security is paramount
+    Acts as defense in depth measure
+    May negatively inhibit the utility or performance of the technology
+</code>
+**<color #ed1c24>Best practice for AIX is to use CISv3_Lev1.xml</color>**, it combine the best practice for AIX 7.2 and 7.3
 ==== Apply the accurate policy ====
@@ Line 210: / Line 233: @@
 # pscxpert -f /etc/security/aixpert/custom/CISv2_Lev1.xml 	CIS Security Benchmark for AIX 7.2
 # pscxpert -f /etc/security/aixpert/custom/CISv2_Lev2.xml 	CIS Security Benchmark for AIX 7.2
+# pscxpert -f /etc/security/aixpert/custom/CISv3_Lev1.xml 	CIS Security Benchmark for AIX 7
+# pscxpert -f /etc/security/aixpert/custom/CISv3_Lev2.xml 	CIS Security Benchmark for AIX 7
 # pscxpert -f /etc/security/aixpert/custom/GDPRv1.xml	General Data Protection Regulation (GDPR)
 </cli>
@@ Line 254: / Line 279: @@
 Compare current settings to CISv2 level 1
 <cli prompt='#'>
-root@nim ~# pscxpert -c -P /etc/security/aixpert/custom/CISv2_Lev1.xml -p -r
+root@nim ~# pscxpert -c -P /etc/security/aixpert/custom/CISv3_Lev1.xml -p -r
 Processing cisv2_sysintegrity : failed.
 Processing cisv2_brokenlinks : failed.

wiki

User Tools

Site Tools

Differences

Page Tools