Bookmark and Share

Recent Posts

Updating to the Latest AIX Technology Level

June 24, 2015

How about an update on the latest Technology Level on AIX?

Why bother updating to the latest TL? Well, hopefully you’re already using aixpert for your basic hardening. If you’re not, I recommend using -- as a starting point -- the CIS benchmark for AIX 6.1 or 7.1. The ease of applying the AIX 6.1 benchmark comes because CIS provides an XML file to implement that benchmark. FYI, the XML file - while not following the CIS AIX 7.1 benchmark exactly - can still be applied to AIX 7.1.

I would also like to note that the XML file CIS provides seems to use aixpert -l high as a starting point. I expect they toned down some items - so the result puts your system somewhere between levels medium and high.

If you haven’t updated to the latest TL, I recommend you do as it offers some nice features. After updating, aixpert adds two arguments that can be used with –c (check/verify). The first is –P (compare with Profile) and the second is –r or –R (R for report, I guess). The –R option gives you a CSV-formatted result in /etc/security/aixpert/check_report.csv, which has a nice PASS/FAIL column feature.

Posted June 24, 2015 | Permalink

Post a Comment

Note: Comments are moderated and will not appear until approved

comments powered by Disqus