Solved

sensitive files/folders on AIX IBM

Posted on 2014-02-12
2
583 Views
Last Modified: 2014-02-12
can anyone give any pointers on highly sensitive default files/folders on an AIX IBM folder that should be restricted from unauthorised access, for part of an audit review. Common areas on other OS or server apps include files thst hold password hashes etc. Be useful to get a similar list of those files for AIX IBM, and the content of those files/risk of unauthorised access.
0
Comment
Question by:pma111
2 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39852908
The most "sensitive" folder in AIX is /etc/security.

It contains the password hashes, LDAP , AUDIT and IPSEC configuratons, the limits file, passwords history, the login configuration, user parameters (password policy per user) and much more.

Best walk through the files in that folder and you'll see.

By the way, the whole /etc tree is somewhat sensitive and should be protected.

While /etc/security contains configurations and actual data, /usr/lib/security contains security methods, e.g. the PAM, Kerberos, LDAP modules, ACL methods and the ciphers.

In a properly setup system there shouldn't be any other place to contain OS related security information, but of course you must always take good care to protect your binary repositories from unauthorized write access, namely /bin, /sbin, /usr/bin and /usr/sbin, as well as /usr/lib!

You can create an XML file by means of "aixpert" which contains (depending on the level chosen) all security hardening checks and measures which would be performed/taken by aixpert in a "real" run:

aixpert -l high -n -o /tmp/aixperthigh

It's hard to read (XML!) but rather informative nonetheless.
0
 
LVL 20

Expert Comment

by:tfewster
ID: 39852941
You can download the Center for Internet Security benchmarks for AIX from here:
https://benchmarks.cisecurity.org/downloads/multiform/index.cfm

For each potential issue, they describe the problem, how to check it and the resolution.  It's more than just files/folders permissions, but you can take out of it what you want.

To be fair, many of the defaults are secure already, so it's just a matter of checking they haven't been changed.

You can also use IBMs "aixpert" tool to audit and resolve many of the issues, though the CIS benchmark is more comprehensive.

More importantly though, check your systems are patched up to date and check the integrity of the installed software - if an attacker has replaced a valid suid program such as `passwd` with a bad one, they can bypass any restrictions.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now