Under Control

The security settings AIX Security Expert can tune can be further categorized into the following groups:

• Password policy rules control the password restrictions imposed on the root and non-root user accounts.
• Login policy recommendations define the login policies for root and non-root users on the system.
• Audit policy recommendations contain rules to enable auditing for system events related to TCP/IP, mail, logical volume manager (LVM) and some general system events, such as /etc/* file accesses.
• User group system and password definitions check for consistency of user, group, system and password definitions. If any discrepancies are found the respective services will be disabled.
• Rules for /etc/inittab include rules to enable/disable services mentioned in /etc/inittab so they don’t start when the system boots.
• /etc/rc.tcpip settings contain the rules to enable/disable a few TCP/IP services, according to the security guidelines in various UNIX OS-hardening whitepapers.
• /etc/inetd.conf settings enable/disable network-related services.
• Disable SUID commands remove set user ID (SUID) and set group ID (SGID) from the attack-prone SUID/SGID programs.
• Disable remote services disable unsecured, remote-access services. For example, they stop rlogind and rshd daemons and tweak nfs-related configuration on the system.
• Remove unauthorized access disables remote access that doesn’t require passwords—for example removing .rhosts .netrc files.
• Tune network options tweak the network options to the proper values on the system. Setting a network attribute to 0 disables the option and setting the network attribute to 1 enables the option.
• IPSec filter rules turn on IPSec on the system and enable a few IPSec filter rules to avoid port scans.
• Miscellaneous includes various rules to tune user attributes like “core file size,” “umask,” “login herald” and more.

< Return to main article