?
Solved

AIX Tools

Posted on 2013-05-21
17
Medium Priority
?
929 Views
Last Modified: 2013-06-06
Has anyone had any experience in doing security audits of Servers running AIX 6.1 O/S?

If so can you recommend any free vulnerability scanners/best practice analyzers in the mould of Microsoft Baseline Security Analyzer for computers running Windows Server?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 7
  • 2
  • +1
17 Comments
 
LVL 22

Accepted Solution

by:
Rick Hobbs earned 668 total points
ID: 39186336
Qualsys has one you can use as long as you have some Internet Browser installed:

http://www.qualys.com/forms/freescan/?leadsource=360598&kw=vulnerability%20scanners

You could try a free eval of Beyond Security's AVDS PEN tester:

http://www.beyondsecurity.com/vulnerability-assessment.html?ad=sec004

Or the LazySystemAdmin free vulnerability scanner:

http://www.lazysystemadmin.com/2010/05/nessus-vulnerability-and-port-scanner.html
0
 
LVL 3

Author Comment

by:pma111
ID: 39186706
I didnt think Nessus was free in corporate nevironments, is this a limited version?
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 668 total points
ID: 39186923
As a first approach you could use the native AIX tool "aixpert".

It is basically a tool designed for hardening your system, but can also be used to generate a first report.
Run the below commands only if you don't use "aixpert" yet. We don't want to overwrite an existing file!

1. Create a set of rules according to the desired security level and write it to a file.
Example for high level security ("-l h"):

aixpert -l h -n -o /etc/security/aixpert/core/appliedaixpert.xml

2. Run the check

aixpert -c -p

3. Review the report /etc/security/aixpert/check_report.txt

4. Remove the rulesetf file. It does not actually contain "applied" rules, and we don't want to confuse the aixpert.

rm /etc/security/aixpert/core/appliedaixpert.xml


As I wrote above, "aixpert" is in the first place a hardening tool.

Consult "man aixpert" and this article: http://www.ibm.com/developerworks/aix/library/au-aixsecurity/ if you want to use the tool for its original purpose.
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 3

Author Comment

by:pma111
ID: 39187017
Does AIX support samba like other *nix distrobutions? I always wonder the overall risk if you misconfigure the linux equivalent of a network "share", and whether theres opportunities for AD accounts to access an AIX share were its security lapse, like you could a share on a windows server.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39187034
There is Samba (server) for AIX, and there is CIFS (client) for AIX.

Samba: http://pware.hvcc.edu/download/aix61/pware61.samba.3.5.8.0.bff.gz (3.5.8, installp)
and http://www.perzl.org/aix/index.php?n=Main.Samba (3.6.15, rpm)
CIFS: Base install DVD, bost.cifs_fs.rte, bos.cifs_fs.smit
0
 
LVL 3

Author Comment

by:pma111
ID: 39187042
So in theory its possible for a naive admin to expose data on the servers (if samba or cifs enabled) to windows (AD) users?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39187046
That's what Samba can do, yes.
0
 
LVL 3

Author Comment

by:pma111
ID: 39187061
So (totally new to AIX and Linux) does an out the box installation of Linux not "share" directories to external users, do you have to enable CIFS or Samba if requried? Is it common for Linux servers to not have either CIFS or Samba enabled?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39187080
Neither Samba nor the cifs client come preinstalled with AIX.

Samba isn't even part of the AIX distribution.

Many Linux distributions contain Samba, but it's generally not installed/activated by default.
0
 
LVL 3

Author Comment

by:pma111
ID: 39187088
>>Many Linux distributions contain Samba, but it's generally not installed/activated by default.

Is that because due to the server role, theres nothing they need to share to users outside those with a local account to access the System?

Can you elaborate slightly on what CIFS is? What is the difference between CIFS and Samba, why would one enable CIFS and not Samba? Sorry for the basic questions just need a degree of knowledge in this area, not expert.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39187113
CIFS is just the name of the protocol (formerly: SMB), and under AIX the pure client fileset is called bos.cifs_fs.

Samba is the name of a free CIFS protocol implementation on Unix/Linux providing server and client functionality.

Under Unix/Linux Samba (CIFS) is just one way to share files (and not the one native to these OSes).

The common file sharing method is NFS (Network File System) which is part of each and every Linux/Unix distribution.

Because NFS is ubiquitous file sharing between Unix servers is mostly done using this protocol, and because Windows did not have NFS in the early years one had to port the native Windows file sharing protocol (SMB/CIFS) to Unix - that's Samba.
0
 
LVL 3

Author Comment

by:pma111
ID: 39187125
Ah.... so modern Windows OS ship with NFS "compatibility", do you know if client Windows OS do as well, or just Server grade windows OS?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39187146
NFS server comes with the Windows server versions.

NFS client comes with SFU. For Windows 7 and up only in Ultimate or Business.

There are free NFS ports for Windows. Search the web for "NFS Server Windows"
0
 
LVL 3

Author Comment

by:pma111
ID: 39187182
Ok thanks, but I am struggling to see how a windows client essentially maps to a linux share via NFS, do they have to supply a linux username/password pair? I appreciate on Linux Samba share you probably assign an ACL with domain groups, but on an NFS share, what aside from knowing the full path, does the windows user need to supply before they can access the data on the NFS share (I assume its a password and usernmae of a local linux account). Where on the NFS Share do they (the admin) define which users can access these files remotely.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39187198
I think these new questions are far away from the original subject.

Try to get familiar with the concepts of NFS and CIFS by reading the appropriate literature or by asking new questions here at EE.

Thanks!
0
 
LVL 64

Assisted Solution

by:btan
btan earned 664 total points
ID: 39187457
AIX Security Toolkit @ http://ps-2.kev009.com/rootvg/downloadssec.html

Something which may be of interest -  It provides assistance in five areas: Basic security issues, Software patch (apar) and efix management, Enhanced user management and Security audit requirements.

The old forum may have something but not much http://archive.rootvg.net/aixsecurity/index.html

However, I do think nist will have something as below (e.g. AIX 6.1 STIG ) - XCCDF is supported by SCAP scanner tool and it helps for automated checks with OVAL code. Download the xsl, xml then double click the xml to see the list of rule as form of config checklist

http://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=427

Another "long" list is from IBM Tivoli Endpoint Manager Security Configuration Management - sort of like "Windows" check

https://www.ibm.com/developerworks/community/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Checklists
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 39189671
BTW,from the original part of your question,
the LazySystemAdmin free vulnerability scanner at:

http://www.lazysystemadmin.com/2010/05/nessus-vulnerability-and-port-scanner.html
 
says nothing about not being free in any environment.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
What we learned in Webroot's webinar on multi-vector protection.
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question