Pau Lo
asked on
aixpert high security
Is it possible to run aixpert (on AIX 6.1) high security to just list whats compliant with that standard or not, rather than apply that policy? Can you give an idea of what kinds of issues and vulnerabilities it is testing for? And how many issues it checks for?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> does it do any checks to see for missing security patches? <<
No, it doesn't. That's a task for SUMA ("smitty suma").
This tool searches online for missing fixes (you can restrict this to "security" fixes) and downloads them, so you can apply them.
>> do you mean if youve applied a high/medium/low security policy before? <<
Yes.
>> upload appliedaixpert.xml on here? <<
Here it is: appliedaixpert.xml
No, it doesn't. That's a task for SUMA ("smitty suma").
This tool searches online for missing fixes (you can restrict this to "security" fixes) and downloads them, so you can apply them.
>> do you mean if youve applied a high/medium/low security policy before? <<
Yes.
>> upload appliedaixpert.xml on here? <<
Here it is: appliedaixpert.xml
ASKER
So you have to create a ruleset whether youve run aixpert before or not?
ASKER
Can SUMA do you a report, i..e here are all the security patches you are missing?
1) You can create the ruleset and apply it in one go. See "smitty aixpert"
2) SUMA downloads missing fixes. You'll get a listing what it did. See the lines starting with "Download SUCCEEDED:"
Note that you'll see not only security fixes but possibly also non-security but required (prerequisite) fixes.
2) SUMA downloads missing fixes. You'll get a listing what it did. See the lines starting with "Download SUCCEEDED:"
Note that you'll see not only security fixes but possibly also non-security but required (prerequisite) fixes.
ASKER
I dont want to apply any security settings though, I just want a report of current configuration - without it applying any security settings (which could brake anything!!), I just want... here is your current configuration, here is where certain settings deviate from the high security recommendations... ..do nothing.. i.e. consider applying the high security policy if you chose..
Same with SUMA I dont want it to automatically apply patches I would like a list of what is currently missing, i.e. audit report.
Same with SUMA I dont want it to automatically apply patches I would like a list of what is currently missing, i.e. audit report.
See my above posts.
I told you there how to create a report about non-compliant settings (it won't apply anything) and I also told you there that SUMA just downloads fixes but doesn't apply them.
So the answer to << So you have to create a ruleset whether youve run aixpert before or not? << is "Basically Yes, but if you already applied a ruleset you only need to create a new one if the desired level is different from the applied level."
I told you there how to create a report about non-compliant settings (it won't apply anything) and I also told you there that SUMA just downloads fixes but doesn't apply them.
So the answer to << So you have to create a ruleset whether youve run aixpert before or not? << is "Basically Yes, but if you already applied a ruleset you only need to create a new one if the desired level is different from the applied level."
ASKER
And secondly, when you say "if your already using aixpert" - do you mean if youve applied a high/medium/low security policy before?
Is there anychance you can upload appliedaixpert.xml on here?