Solved

sensitive files/folders on AIX IBM

Posted on 2014-02-12
2
581 Views
Last Modified: 2014-02-12
can anyone give any pointers on highly sensitive default files/folders on an AIX IBM folder that should be restricted from unauthorised access, for part of an audit review. Common areas on other OS or server apps include files thst hold password hashes etc. Be useful to get a similar list of those files for AIX IBM, and the content of those files/risk of unauthorised access.
0
Comment
Question by:pma111
2 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
Comment Utility
The most "sensitive" folder in AIX is /etc/security.

It contains the password hashes, LDAP , AUDIT and IPSEC configuratons, the limits file, passwords history, the login configuration, user parameters (password policy per user) and much more.

Best walk through the files in that folder and you'll see.

By the way, the whole /etc tree is somewhat sensitive and should be protected.

While /etc/security contains configurations and actual data, /usr/lib/security contains security methods, e.g. the PAM, Kerberos, LDAP modules, ACL methods and the ciphers.

In a properly setup system there shouldn't be any other place to contain OS related security information, but of course you must always take good care to protect your binary repositories from unauthorized write access, namely /bin, /sbin, /usr/bin and /usr/sbin, as well as /usr/lib!

You can create an XML file by means of "aixpert" which contains (depending on the level chosen) all security hardening checks and measures which would be performed/taken by aixpert in a "real" run:

aixpert -l high -n -o /tmp/aixperthigh

It's hard to read (XML!) but rather informative nonetheless.
0
 
LVL 20

Expert Comment

by:tfewster
Comment Utility
You can download the Center for Internet Security benchmarks for AIX from here:
https://benchmarks.cisecurity.org/downloads/multiform/index.cfm

For each potential issue, they describe the problem, how to check it and the resolution.  It's more than just files/folders permissions, but you can take out of it what you want.

To be fair, many of the defaults are secure already, so it's just a matter of checking they haven't been changed.

You can also use IBMs "aixpert" tool to audit and resolve many of the issues, though the CIS benchmark is more comprehensive.

More importantly though, check your systems are patched up to date and check the integrity of the installed software - if an attacker has replaced a valid suid program such as `passwd` with a bad one, they can bypass any restrictions.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now