Differences

This shows you the differences between two versions of the page.

--- aix:powersc [2025/08/12 10:51]
manu
+++ aix:powersc [2025/08/21 17:43] (current)
manu [Check CIS policy]
@@ Line 139: / Line 139: @@
 ===== Register a new host (endpoint) on PowerSC Server UI =====
+=== On AIX ===
+Install the following packages using smit installp
+<cli prompt='>'>
+root@nim /var/log/powersc/uiAgent> lslpp -Lc | grep powersc
+powerscStd.ice:powerscStd.ice:2.3.0.0: : :C: :IBM PowerSC Standard Profile: : : : : : :0:0:/:
+powerscStd.license:powerscStd.license:7.1.3.0: : :C: :PowerSC Standard Edition: : : : : : :0:0:/:
+powerscStd.msg:powerscStd.msg.en_US:2.3.0.0: : :C: :PowerSC Standard Edition Messages - U.S. English: : : : : : :0:0:/:
+powerscStd.uiAgent:powerscStd.uiAgent.rte:2.3.0.0: : :C: :PowerSC User Interface Agent: : : : : : :0:0:/:
+</cli>
+From /etc/security/powersc/uiAgent remove endpointTruststore and endpointKeystore files if you have any other files Truststore/ KeyStore please remove it.
+Copy only **endpointTruststore.p12** from (server) /etc/security/powersc/uiServer to /etc/security/powersc/uiAgent\\
+Now restart the agent
+To start the Agent on AIX:
+<cli prompt='>'>
+root@nim /var/log/powersc/uiAgent> lssrc -s pscuiagent
+Subsystem         Group            PID          Status
+ pscuiagent                        12517660     active
+root@nim /var/log/powersc/uiAgent> stopsrc -s pscuiagent
+-044 The pscuiagent Subsystem was requested to stop.
+root@nim /var/log/powersc/uiAgent> startsrc -s pscuiagent
+-059 The pscuiagent Subsystem has been started. Subsystem PID is 12517662.
+</cli>
+For info logs are available in /var/log/powersc/uiAgent
+=== On PowerSC server ===
+On the UI go to Endpint Admin--> KeyStore Request, select it and generate new keystore\\
+Now you check whether the client is connected.
 {{:aix:powersc_gui01.png?600|}}
@@ Line 168: / Line 202: @@
   * Database – Provides general purpose database security hardening
   * additionnal like CIS, and predefined aixpert policies
+Consider the following recommendations, as specified in https://www.cisecurity.org/benchmark/ibm_aix/:
+  * Level 1 benchmark recommendations are intended to:
+<code>
+    Be practical and prudent
+    Provide a clear security benefit
+    Do not inhibit the utility of the technology beyond acceptable means
+</code>
+  * Level 2 benchmark recommendations exhibit one or more of the following characteristics:
+<code>
+    Are intended for environments or use cases where security is paramount
+    Acts as defense in depth measure
+    May negatively inhibit the utility or performance of the technology
+</code>
+**<color #ed1c24>Best practice for AIX is to use CISv3_Lev1.xml</color>**, it combine the best practice for AIX 7.2 and 7.3
 ==== Apply the accurate policy ====
@@ Line 176: / Line 225: @@
 # pscxpert -f /etc/security/aixpert/custom/CISv2_Lev1.xml 	CIS Security Benchmark for AIX 7.2
 # pscxpert -f /etc/security/aixpert/custom/CISv2_Lev2.xml 	CIS Security Benchmark for AIX 7.2
+# pscxpert -f /etc/security/aixpert/custom/CISv3_Lev1.xml 	CIS Security Benchmark for AIX 7
+# pscxpert -f /etc/security/aixpert/custom/CISv3_Lev2.xml 	CIS Security Benchmark for AIX 7
 # pscxpert -f /etc/security/aixpert/custom/GDPRv1.xml	General Data Protection Regulation (GDPR)
 </cli>
@@ Line 220: / Line 271: @@
 Compare current settings to CISv2 level 1
 <cli prompt='#'>
-root@nim ~# pscxpert -c -P /etc/security/aixpert/custom/CISv2_Lev1.xml -p -r
+root@nim ~# pscxpert -c -P /etc/security/aixpert/custom/CISv3_Lev1.xml -p -r
 Processing cisv2_sysintegrity : failed.
 Processing cisv2_brokenlinks : failed.

wiki

User Tools

Site Tools

Differences

Page Tools