AIX > Administrator > Security

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems


System security is a multifaceted issue and requires different tools and frameworks to thwart threats. Some of the security mechanisms provide for protection against attacks and some provide active monitoring against any successful attacks and denying the attacker of powers, privileges and data access.

System administrators must be able to verify, at any point in time, that the system hasn’t been compromised. Additionally, a system-integrity mechanism is required to provide a means to spoil attacker attempts to compromise the baseline system-integrity information itself. It’s also a necessary for the security policies to be easily applied across various systems.

Guaranteeing System Integrity

System integrity involves capturing the good state of the system in a non-modifiable form and using it as a reference to check the state of the system periodically. The requirements of a good system-integrity tool can be listed as follows:

  • Integrity Measurement: Provide administrator tools to detect changes to the system. The changes are identified by comparing the current state to a well-known previous state (also called as the baseline).
  • Lockdown: Provide an administrator means to lock down the information established as baseline. This lockdown will prevent an intruder from modifying the state of the system and then recreate the baseline such that later the administrator won’t be able to detect the modifications.
  • Monitor and Protect: Provide a means to monitor executions of executables, libraries, kernel extensions etc.

One of the key security features introduced in AIX 6.1 is Trusted Execution (TE). TE meets all the above requirements and provides offline and runtime control mechanisms to keep the system secure.

TE Architecture Establishes Baseline

AIX 6.1 ships IBM-signed signatures for the important system files in the AIX OS. These signatures are populated into a database called Trusted Signature Database (TSD). This TSD forms one component of the baseline. On a fully installed AIX system, TSD is populated for most AIX files and is ready to be used for integrity checking. Administrators, while building their production system, can add entries into the TSD for their custom tools and as well for as any commercial middleware or application they plan to deploy. Once the production-level TSD is established, it could be used as a reference baseline for all similar systems in the environment. See Figure 1.

TE functions and policies on AIX are supported through a single command interface called trustchk. This command manages TE polices and the TSD database. It can also do the offline system-integrity verification and generate a report. For example, to get a report of system integrity, you can run command: trustchk -n ALL.

For any integrity verification to be successful, it’s necessary to establish a clear baseline for the system. It’s important that a baseline is established for a production-level server and thereafter any changes to baseline be carefully controlled. AIX by default stores the baseline-related information in TSD database file, /etc/security/tsd/tsd.dat.

TE provides excellent support in regards to establishing and managing the baseline information for the server.

  • AIX ships SHA256 hashes and signatures for various system files that are critical for system operation and hence need to be monitored. These hashes/signatures (and other file-security attributes) are automatically included during various package installations and are captured in the TSD, along with the signatures and corresponding digital certificates required for signature verification.
  • trustchk can be used to add/modify/delete entries to the TSD. For example, if administrators need to monitor a few files related an application or middleware, they can insert the entries into the TSD. While doing so, administrators can provide their own private key/certificate pair to sign the application/middleware files related hashes.
  • The administrator can choose to lock down the baseline file on a production system. This would mean no modifications to the baseline will be allowed in the system (even by root).
  • The TSD database has a limited set of entries, which are added based on the security attributes of each file. For example, if a file is has SUID bit set, it’ll have a TSD entry. Administrators will have to decide on an exact set of entries they want to have in the TSD. For example, the TSD can be configured such that it only allows a small set of DB2 applications to run on the system.
  • AIX provides a framework for ISVs to use to ship integrity information as part of their software packages. This properly formatted integrity information will be recognized by the installp command on AIX and the integrity information will be automatically populated in the baseline database.

 

George M Koikara is a senior programmer in AIX development and has worked across multiple technologies in AIX. He is an expert on security and in particular trusted computing and multilevel-based security. He led and developed many of the security features of AIX 6.1.

Pruthvi Panyam Nataraj is a senior programmer in AIX development and has worked across multiple components of the AIX OS. He is an expert on trusted platform architecture and was instrumental in the implementation of the Trusted Execution function in AIX 6,1. He also is an expert in IPSecurity and IKE2 protocols.

Ravi Shankar is an architect for AIX and PowerHA. He joined IBM 14 years ago and has specialized in wide set of technologies from reliability, availability and serviceability, to AIX security to business resiliency. With more than 19 years of experience in IT, he’s an expert in real-time systems, OS internals and overall system architecture.

Saurabh Desai is an architect for AIX. He has more than 20 years of experience in the IT industry, mostly with IBM. Saurabh has in-depth knowledge of OS internals and has worked across AIX and Linux. He is an expert in process management and security. He led and implemented many of the security features in AIX 6.1.


comments powered by Disqus

Advertisement

Advertisement

2016 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
AIX News Sign Up Today! Past News Letters