hardening to VIOSERVERS


We have some VIOSERVERS running AIX5.3 without any hardening. Question:

Is any official DOC about how to hardening VIOSERVERS?
Is just the same as any AIX server?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi again,
with "AIX 5.3" you probably mean IOS 1.x (which runs indeed under AIX 5.x).
OK, first step should be upgrading your VIOS to IOS 2.1.x, which contains AIX 6.1
IOS 2.1 has "viosecure" (not sure whether it existed in IOS 1.3).
With this tool (in parts it's somewhat comparable to aixpert) you can apply low/high/medium security levels, create own rules based on existing ones, and you can configure the firewall built into VIOS.
Enter "viosecure -view" to display all security setting along with a description. Use "viosecure -level [default|low|medium|high] -outfile filename" to get an XML file containing the selected rules, which you can use as a basis to create your own ones.
"viosecure -view firewall" displays the current firewall settings
"man viosecure" has a lot of additional info.
Please don't use standard AIX methods, like RBAC. VIOS is kind of an appliance, and you should use only IOSCLI commands, if feasible at all.
This is the IBM Infocenter (5.3) part about VIOS security - http://publib.boulder.ibm.com/infocenter/powersys/v3r1m5/topic/iphb1_p5/securingthevirtualioserver.htm

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Most of the IBM official publications discuss the concept, planning and implementation. Most probably because the IBM VIO is an appliance by itself with a restricted shell so they did not pay much attention to hardening or security.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.