June 24, 2015
How about an update on the latest Technology Level on AIX?
Why bother updating to the latest TL? Well, hopefully you’re already using aixpert for your basic hardening. If you’re not, I recommend using -- as a starting point -- the CIS benchmark for AIX 6.1 or 7.1. The ease of applying the AIX 6.1 benchmark comes because CIS provides an XML file to implement that benchmark. FYI, the XML file - while not following the CIS AIX 7.1 benchmark exactly - can still be applied to AIX 7.1.
I would also like to note that the XML file CIS provides seems to use aixpert -l high as a starting point. I expect they toned down some items - so the result puts your system somewhere between levels medium and high.
If you haven’t updated to the latest TL, I recommend you do as it offers some nice features. After updating, aixpert adds two arguments that can be used with –c (check/verify). The first is –P (compare with Profile) and the second is –r or –R (R for report, I guess). The –R option gives you a CSV-formatted result in /etc/security/aixpert/check_report.csv, which has a nice PASS/FAIL column feature.
Posted June 24, 2015 | Permalink