This is an old revision of the document!
Table of Contents
AIX Security PowerSC centralized (CIS...)
https://issuu.com/realbjornroden/docs/ibm_powersc___aix_security_compliance
Requirement for AIX
installing **powerscStd** package (included in AIX 7.2 / 7.3 Entreprise edition)
Provides security and compliance profiles for:
- DoD – Department of Defense STIG
- HIPAA – Health Insurance Portability and Accountability Act
- NERC – North American Electric Reliability Corporation compliance
- PCIv3 – The Payment Card Industry – Data Security Standard
- SOX-COBIT – Sarbanes-Oxley Act and COBIT compliance
- Database – Provides general purpose database security hardening
- additionnal like CIS, and predefined aixpert policies
Apply the accurate policy
Alternative is to use a client PowerSC (apply the right security level) (package: powerscStd.ice)
# pscxpert -f /etc/security/aixpert/custom/CISv1.xml CIS Security Benchmark for AIX 7.1 # pscxpert -f /etc/security/aixpert/custom/CISv2_Lev1.xml CIS Security Benchmark for AIX 7.2 # pscxpert -f /etc/security/aixpert/custom/CISv2_Lev2.xml CIS Security Benchmark for AIX 7.2 # pscxpert -f /etc/security/aixpert/custom/GDPRv1.xml General Data Protection Regulation (GDPR)
Or apply a predefined level (-p verbose mode)
# pscxpert -l medium -p
Dump an aixpert default level, in order to modify it and apply then using PowerSC
# pscxpert -l high -n /etc/security/aixpert/custom/mycustomfile.xml
Now you are able to change some parameters for example maxage and then apply it using -f option
Check compliance to applied policy
Alternative is to use a client PowerSC (apply the right security level) (/etc/security/aixpert/core/appliedaixpert.xml)
# pscxpert -c
Report is produced in /etc/security/aixpert/check_report.txt
To display the security profile applied:
# pscxpert -t
Compare to a custom security level with a specific Profile
# pscxpert -c -P /etc/security/aixpert/custom/mysecurity.xml
Add the option at end -p -r to generate a CSV report
Undo security settings (-p verbose mode)
# pscxpert -u -p
