AIX Tools

Has anyone had any experience in doing security audits of Servers running AIX 6.1 O/S?

If so can you recommend any free vulnerability scanners/best practice analyzers in the mould of Microsoft Baseline Security Analyzer for computers running Windows Server?
LVL 3
pma111Asked:
Who is Participating?
 
Rick HobbsConnect With a Mentor RETIREDCommented:
Qualsys has one you can use as long as you have some Internet Browser installed:

http://www.qualys.com/forms/freescan/?leadsource=360598&kw=vulnerability%20scanners

You could try a free eval of Beyond Security's AVDS PEN tester:

http://www.beyondsecurity.com/vulnerability-assessment.html?ad=sec004

Or the LazySystemAdmin free vulnerability scanner:

http://www.lazysystemadmin.com/2010/05/nessus-vulnerability-and-port-scanner.html
0
 
pma111Author Commented:
I didnt think Nessus was free in corporate nevironments, is this a limited version?
0
 
woolmilkporcConnect With a Mentor Commented:
As a first approach you could use the native AIX tool "aixpert".

It is basically a tool designed for hardening your system, but can also be used to generate a first report.
Run the below commands only if you don't use "aixpert" yet. We don't want to overwrite an existing file!

1. Create a set of rules according to the desired security level and write it to a file.
Example for high level security ("-l h"):

aixpert -l h -n -o /etc/security/aixpert/core/appliedaixpert.xml

2. Run the check

aixpert -c -p

3. Review the report /etc/security/aixpert/check_report.txt

4. Remove the rulesetf file. It does not actually contain "applied" rules, and we don't want to confuse the aixpert.

rm /etc/security/aixpert/core/appliedaixpert.xml


As I wrote above, "aixpert" is in the first place a hardening tool.

Consult "man aixpert" and this article: http://www.ibm.com/developerworks/aix/library/au-aixsecurity/ if you want to use the tool for its original purpose.
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
pma111Author Commented:
Does AIX support samba like other *nix distrobutions? I always wonder the overall risk if you misconfigure the linux equivalent of a network "share", and whether theres opportunities for AD accounts to access an AIX share were its security lapse, like you could a share on a windows server.
0
 
woolmilkporcCommented:
There is Samba (server) for AIX, and there is CIFS (client) for AIX.

Samba: http://pware.hvcc.edu/download/aix61/pware61.samba.3.5.8.0.bff.gz (3.5.8, installp)
and http://www.perzl.org/aix/index.php?n=Main.Samba (3.6.15, rpm)
CIFS: Base install DVD, bost.cifs_fs.rte, bos.cifs_fs.smit
0
 
pma111Author Commented:
So in theory its possible for a naive admin to expose data on the servers (if samba or cifs enabled) to windows (AD) users?
0
 
woolmilkporcCommented:
That's what Samba can do, yes.
0
 
pma111Author Commented:
So (totally new to AIX and Linux) does an out the box installation of Linux not "share" directories to external users, do you have to enable CIFS or Samba if requried? Is it common for Linux servers to not have either CIFS or Samba enabled?
0
 
woolmilkporcCommented:
Neither Samba nor the cifs client come preinstalled with AIX.

Samba isn't even part of the AIX distribution.

Many Linux distributions contain Samba, but it's generally not installed/activated by default.
0
 
pma111Author Commented:
>>Many Linux distributions contain Samba, but it's generally not installed/activated by default.

Is that because due to the server role, theres nothing they need to share to users outside those with a local account to access the System?

Can you elaborate slightly on what CIFS is? What is the difference between CIFS and Samba, why would one enable CIFS and not Samba? Sorry for the basic questions just need a degree of knowledge in this area, not expert.
0
 
woolmilkporcCommented:
CIFS is just the name of the protocol (formerly: SMB), and under AIX the pure client fileset is called bos.cifs_fs.

Samba is the name of a free CIFS protocol implementation on Unix/Linux providing server and client functionality.

Under Unix/Linux Samba (CIFS) is just one way to share files (and not the one native to these OSes).

The common file sharing method is NFS (Network File System) which is part of each and every Linux/Unix distribution.

Because NFS is ubiquitous file sharing between Unix servers is mostly done using this protocol, and because Windows did not have NFS in the early years one had to port the native Windows file sharing protocol (SMB/CIFS) to Unix - that's Samba.
0
 
pma111Author Commented:
Ah.... so modern Windows OS ship with NFS "compatibility", do you know if client Windows OS do as well, or just Server grade windows OS?
0
 
woolmilkporcCommented:
NFS server comes with the Windows server versions.

NFS client comes with SFU. For Windows 7 and up only in Ultimate or Business.

There are free NFS ports for Windows. Search the web for "NFS Server Windows"
0
 
pma111Author Commented:
Ok thanks, but I am struggling to see how a windows client essentially maps to a linux share via NFS, do they have to supply a linux username/password pair? I appreciate on Linux Samba share you probably assign an ACL with domain groups, but on an NFS share, what aside from knowing the full path, does the windows user need to supply before they can access the data on the NFS share (I assume its a password and usernmae of a local linux account). Where on the NFS Share do they (the admin) define which users can access these files remotely.
0
 
woolmilkporcCommented:
I think these new questions are far away from the original subject.

Try to get familiar with the concepts of NFS and CIFS by reading the appropriate literature or by asking new questions here at EE.

Thanks!
0
 
btanConnect With a Mentor Exec ConsultantCommented:
AIX Security Toolkit @ http://ps-2.kev009.com/rootvg/downloadssec.html

Something which may be of interest -  It provides assistance in five areas: Basic security issues, Software patch (apar) and efix management, Enhanced user management and Security audit requirements.

The old forum may have something but not much http://archive.rootvg.net/aixsecurity/index.html

However, I do think nist will have something as below (e.g. AIX 6.1 STIG ) - XCCDF is supported by SCAP scanner tool and it helps for automated checks with OVAL code. Download the xsl, xml then double click the xml to see the list of rule as form of config checklist

http://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=427

Another "long" list is from IBM Tivoli Endpoint Manager Security Configuration Management - sort of like "Windows" check

https://www.ibm.com/developerworks/community/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/SCM%20Checklists
0
 
Rick HobbsRETIREDCommented:
BTW,from the original part of your question,
the LazySystemAdmin free vulnerability scanner at:

http://www.lazysystemadmin.com/2010/05/nessus-vulnerability-and-port-scanner.html
 
says nothing about not being free in any environment.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.