Solved

sensitive files/folders on AIX IBM

Posted on 2014-02-12
2
608 Views
Last Modified: 2014-02-12
can anyone give any pointers on highly sensitive default files/folders on an AIX IBM folder that should be restricted from unauthorised access, for part of an audit review. Common areas on other OS or server apps include files thst hold password hashes etc. Be useful to get a similar list of those files for AIX IBM, and the content of those files/risk of unauthorised access.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 39852908
The most "sensitive" folder in AIX is /etc/security.

It contains the password hashes, LDAP , AUDIT and IPSEC configuratons, the limits file, passwords history, the login configuration, user parameters (password policy per user) and much more.

Best walk through the files in that folder and you'll see.

By the way, the whole /etc tree is somewhat sensitive and should be protected.

While /etc/security contains configurations and actual data, /usr/lib/security contains security methods, e.g. the PAM, Kerberos, LDAP modules, ACL methods and the ciphers.

In a properly setup system there shouldn't be any other place to contain OS related security information, but of course you must always take good care to protect your binary repositories from unauthorized write access, namely /bin, /sbin, /usr/bin and /usr/sbin, as well as /usr/lib!

You can create an XML file by means of "aixpert" which contains (depending on the level chosen) all security hardening checks and measures which would be performed/taken by aixpert in a "real" run:

aixpert -l high -n -o /tmp/aixperthigh

It's hard to read (XML!) but rather informative nonetheless.
0
 
LVL 21

Expert Comment

by:tfewster
ID: 39852941
You can download the Center for Internet Security benchmarks for AIX from here:
https://benchmarks.cisecurity.org/downloads/multiform/index.cfm

For each potential issue, they describe the problem, how to check it and the resolution.  It's more than just files/folders permissions, but you can take out of it what you want.

To be fair, many of the defaults are secure already, so it's just a matter of checking they haven't been changed.

You can also use IBMs "aixpert" tool to audit and resolve many of the issues, though the CIS benchmark is more comprehensive.

More importantly though, check your systems are patched up to date and check the integrity of the installed software - if an attacker has replaced a valid suid program such as `passwd` with a bad one, they can bypass any restrictions.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to check for shares on aix 1 113
auto mounter on hp-ux 2 66
Execute multiple curl cmds with sleep and send output to file 10 121
How to check the PVU´s on AIX TSM servers? 3 134
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question