aixpert high security

Is it possible to run aixpert (on AIX 6.1) high security to just list whats compliant with that standard or not, rather than apply that policy? Can you give an idea of what kinds of issues and vulnerabilities it is testing for? And how many issues it checks for?
LVL 4
pma111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

woolmilkporcCommented:
Hi,

0. If you're already using aixpert copy the file /etc/security/aixpert/core/appliedaixpert.xml to a safe location.

cp -p /etc/security/aixpert/core/appliedaixpert.xml /tmp

 1. Create a set of rules according to the desired security level and write it to the appropriate file.
Example for the requested high level security ("-l h"):

aixpert -l h -n -o /etc/security/aixpert/core/appliedaixpert.xml

2. Run the check

aixpert -c -p

3. Review the report /etc/security/aixpert/check_report.txt. It will show you where your system is not compliant to the requested level.

4. If you don't use aixpert yet remove the just created ruleset file. It does not actually contain "applied" rules, and we don't want to confuse the aixpert in the future.

rm /etc/security/aixpert/core/appliedaixpert.xml

If you're already using aixpert copy the file appliedaixpert.xml back to /etc/security/aixpert/core from the safe location (see (0) above).

cp -p /tmp/appliedaixpert.xml /etc/security/aixpert/core

>> Can you give an idea ... <<

The file "appliedaixpert.xml" is a human-readable XML file. It contains descriptions of the rules under the "<AIXPertDescription>" tag.

wmp
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
Thanks, does it do any checks to see for missing security patches?

And secondly, when you say "if your already using aixpert" - do you mean if youve applied a high/medium/low security policy before?

Is there anychance you can upload appliedaixpert.xml on here?
0
woolmilkporcCommented:
>> does it do any checks to see for missing security patches? <<

No, it doesn't. That's a task for SUMA ("smitty suma").
This tool searches online for missing fixes (you can restrict this to "security" fixes) and downloads them, so you can apply them.

>> do you mean if youve applied a high/medium/low security policy before? <<

Yes.

>> upload appliedaixpert.xml on here? <<

Here it is: appliedaixpert.xml
0
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

pma111Author Commented:
So you have to create a ruleset whether youve run aixpert before or not?
0
pma111Author Commented:
Can SUMA do you a report, i..e here are all the security patches you are missing?
0
woolmilkporcCommented:
1) You can create the ruleset and apply it in one go. See "smitty aixpert"

2) SUMA downloads missing fixes. You'll get a listing what it did. See the lines starting with "Download SUCCEEDED:"
Note that you'll see not only security fixes but possibly also non-security but required (prerequisite) fixes.
0
pma111Author Commented:
I dont want to apply any security settings though, I just want a report of current configuration - without it applying any security settings (which could brake anything!!), I just want... here is your current configuration, here is where certain settings deviate from the high security recommendations... ..do nothing.. i.e. consider applying the high security policy if you chose..

Same with SUMA I dont want it to automatically apply patches I would like a list of what is currently missing, i.e. audit report.
0
woolmilkporcCommented:
See my above posts.

I told you there how to create a report about non-compliant settings (it won't apply anything) and I also told you there that SUMA just downloads fixes but doesn't apply them.

So the answer to << So you have to create a ruleset whether youve run aixpert before or not? << is "Basically Yes, but if you already applied a ruleset you only need to create a new one if the desired level is different from the applied level."
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.