?
Solved

sensitive files/folders on AIX IBM

Posted on 2014-02-12
2
Medium Priority
?
639 Views
Last Modified: 2014-02-12
can anyone give any pointers on highly sensitive default files/folders on an AIX IBM folder that should be restricted from unauthorised access, for part of an audit review. Common areas on other OS or server apps include files thst hold password hashes etc. Be useful to get a similar list of those files for AIX IBM, and the content of those files/risk of unauthorised access.
0
Comment
Question by:pma111
2 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 2000 total points
ID: 39852908
The most "sensitive" folder in AIX is /etc/security.

It contains the password hashes, LDAP , AUDIT and IPSEC configuratons, the limits file, passwords history, the login configuration, user parameters (password policy per user) and much more.

Best walk through the files in that folder and you'll see.

By the way, the whole /etc tree is somewhat sensitive and should be protected.

While /etc/security contains configurations and actual data, /usr/lib/security contains security methods, e.g. the PAM, Kerberos, LDAP modules, ACL methods and the ciphers.

In a properly setup system there shouldn't be any other place to contain OS related security information, but of course you must always take good care to protect your binary repositories from unauthorized write access, namely /bin, /sbin, /usr/bin and /usr/sbin, as well as /usr/lib!

You can create an XML file by means of "aixpert" which contains (depending on the level chosen) all security hardening checks and measures which would be performed/taken by aixpert in a "real" run:

aixpert -l high -n -o /tmp/aixperthigh

It's hard to read (XML!) but rather informative nonetheless.
0
 
LVL 21

Expert Comment

by:tfewster
ID: 39852941
You can download the Center for Internet Security benchmarks for AIX from here:
https://benchmarks.cisecurity.org/downloads/multiform/index.cfm

For each potential issue, they describe the problem, how to check it and the resolution.  It's more than just files/folders permissions, but you can take out of it what you want.

To be fair, many of the defaults are secure already, so it's just a matter of checking they haven't been changed.

You can also use IBMs "aixpert" tool to audit and resolve many of the issues, though the CIS benchmark is more comprehensive.

More importantly though, check your systems are patched up to date and check the integrity of the installed software - if an attacker has replaced a valid suid program such as `passwd` with a bad one, they can bypass any restrictions.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question