aix:powersc
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
aix:powersc [2025/08/19 12:04] manu [Register a new host (endpoint) on PowerSC Server UI] |
aix:powersc [2025/08/21 17:43] (current) manu [Check CIS policy] |
||
|---|---|---|---|
| Line 202: | Line 202: | ||
| * Database – Provides general purpose database security hardening | * Database – Provides general purpose database security hardening | ||
| * additionnal like CIS, and predefined aixpert policies | * additionnal like CIS, and predefined aixpert policies | ||
| - | | + | |
| + | Consider the following recommendations, as specified in https://www.cisecurity.org/benchmark/ibm_aix/: | ||
| + | * Level 1 benchmark recommendations are intended to: | ||
| + | <code> | ||
| + | Be practical and prudent | ||
| + | Provide a clear security benefit | ||
| + | Do not inhibit the utility of the technology beyond acceptable means | ||
| + | </code> | ||
| + | * Level 2 benchmark recommendations exhibit one or more of the following characteristics: | ||
| + | <code> | ||
| + | Are intended for environments or use cases where security is paramount | ||
| + | Acts as defense in depth measure | ||
| + | May negatively inhibit the utility or performance of the technology | ||
| + | </code> | ||
| + | |||
| + | **<color #ed1c24>Best practice for AIX is to use CISv3_Lev1.xml</color>**, it combine the best practice for AIX 7.2 and 7.3 | ||
| ==== Apply the accurate policy ==== | ==== Apply the accurate policy ==== | ||
| Line 210: | Line 225: | ||
| # pscxpert -f /etc/security/aixpert/custom/CISv2_Lev1.xml CIS Security Benchmark for AIX 7.2 | # pscxpert -f /etc/security/aixpert/custom/CISv2_Lev1.xml CIS Security Benchmark for AIX 7.2 | ||
| # pscxpert -f /etc/security/aixpert/custom/CISv2_Lev2.xml CIS Security Benchmark for AIX 7.2 | # pscxpert -f /etc/security/aixpert/custom/CISv2_Lev2.xml CIS Security Benchmark for AIX 7.2 | ||
| + | # pscxpert -f /etc/security/aixpert/custom/CISv3_Lev1.xml CIS Security Benchmark for AIX 7 | ||
| + | # pscxpert -f /etc/security/aixpert/custom/CISv3_Lev2.xml CIS Security Benchmark for AIX 7 | ||
| # pscxpert -f /etc/security/aixpert/custom/GDPRv1.xml General Data Protection Regulation (GDPR) | # pscxpert -f /etc/security/aixpert/custom/GDPRv1.xml General Data Protection Regulation (GDPR) | ||
| </cli> | </cli> | ||
| Line 254: | Line 271: | ||
| Compare current settings to CISv2 level 1 | Compare current settings to CISv2 level 1 | ||
| <cli prompt='#'> | <cli prompt='#'> | ||
| - | root@nim ~# pscxpert -c -P /etc/security/aixpert/custom/CISv2_Lev1.xml -p -r | + | root@nim ~# pscxpert -c -P /etc/security/aixpert/custom/CISv3_Lev1.xml -p -r |
| Processing cisv2_sysintegrity : failed. | Processing cisv2_sysintegrity : failed. | ||
| Processing cisv2_brokenlinks : failed. | Processing cisv2_brokenlinks : failed. | ||
aix/powersc.1755597862.txt.gz · Last modified: 2025/08/19 12:04 by manu
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
