Solved

aixpert and /etc/shadow

Posted on 2013-06-12
3
1,549 Views
Last Modified: 2013-06-12
We are running some security tools over an AIX IBM System. When you have run the AIX IBM aixpert report, any idea where the actual report ends up? And in what format?

Also my admin is telling me there is no \etc\shadow file on the System? Is that even possible? Or could it be that due to the permissions they are logged onto the System that they cant see the \etc\shadow file?
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39240687
Hi,

aixpert writes all the successfully applied rules to

/etc/security/aixpert/core/appliedaixpert.xml

and the corresponding "undo" action rules to

/etc/security/aixpert/core/undo.xml

The format is XML.

You must use the "-o" flag of aixpert to set name and location of the file containing the security output.

If the AUDIT subsystem is enabled you can use the "-p" flag of aixpert to log the rules
processed into the audit subsystem.

And indeed, there is no /etc/shadow file on AIX.

The shadow file equivalent on AIX is /etc/security/passwd
0
 
LVL 3

Author Comment

by:pma111
ID: 39240707
If you have run AIXPERT as an audit type report as opposed to an "apply" these rules, does that show you what is non-compliant, is that saved to the same directory as mentioned above? Is the xml file a user freindly readable format (or do you need an accompanied style sheet to view the results)?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39240777
A  log of the comparison of the current settings against

/etc/security/aixpert/core/appliedaixpert.xml

(the only file you can use for comparison) is displayed in in simple text format on the terminal, like

...
Processing hls_ttdbserver :done.
Processing hls_cmsd :done.
Processing hls_rmsuidfrmrcmds : failed.
...
etc.

To create a file use redirection:

aixpert -c -p > /path/to/reportfile

Additionally, a verbose report (non-XML!) is created: /etc/security/aixpert/ check_report.txt

XML user friendly? Well, the opinions are divided, I assume.

Anyway, you can display the Document Type Description with

aixpert -d
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Guacamole and browser performance 1 62
Which Linux flavors will this run on? 6 76
Log File Creation with Header and Footer 17 53
Choosing CentOS 16 45
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now