AIX Security Expert (howto)
AIX expert is a set of xml files which applies security settings at different level. You can find some samples into the directory /etc/security/aixpert/core depending on predefined security level needed: low, medium, high, SOX-COBIT…
All settings available can be found in the following file: /etc/security/aixpert/core/aixpertall.xml
Take a snapshot of the current security settings applied to your environment
# aixpert -f appliedaixpert.xml
To reverse the settings applied from a previous activation:
# aixpert - u undo.xml
Logs for applied settings can be found into /etc/security/aixpert/log/aixpert.log
When you use auditing, the file etc/security/aixpert/check_report.txt, will keep a trace of all changes outsite aixpert.
root@aixtest /etc/security/aixpert> aixpert -l l -n -o /etc/security/aixpert/custom/my_low.xml -a -o /etc/security/aixpert/custom/my_shortinfo.xml
Custom rules
Create a custom security rule
# aixpert –l high –n –o /tmp/high_security.xml
Now you can edit the file /tmp/high_security.xml and remove the security settings which are not required to you environments. The security settings under the xml file will have the description and the script it will use to implement the security setting.
Once you have completed the editing you can consider it as a baseline security for your system.
Now apply the security setting to your system by
# aixpert –f /tmp/high_security.xml
If you find something gone wrong, you could undo all the changes by
# aixpert –u
Now to put a check every day to find the security is not compromised you can use
# aixpert –c
