Question : implementing aixpert on aix

Good morning..

As part of security hardening to our AIX servers, RBAC, AUDIT, Accounting, mysupoerscript-for-inactiveusers we want to setup aixpert. Question:

Which is the best-practice, steps, or any idea of how to implement this to our servers?

Thanks.

Answer : implementing aixpert on aix

Hi again,

first hint - don't run aixpert unhesitatingly in confidence that it will do the right things - aixpert certainly can do a good job, but be prepared that your system could not be the same as it was before, particularly with high-level security.

Further, I'd recommend using the WSM or systems director GUI for aixpert, if possible at all. I'm a real friend of the command line, but in case of aixpert ...

The GUI will show you which actions aixpert is going to take and give you the opportunity to make changes. There is no 'smitty' menu item for this. You would have to use the commandline to create an .xml file containing the projected changes, to then edit directly in XML. No real fun.

Get familiar with all changes aixpert is going to perform for the respective security levels, and think twice about possible implications.

Start from this place - http://publib.boulder.ibm.com/infocenter/pseries/v5r3/topic/com.ibm.aix.security/doc/security/aix_sec_expert.htm

and walk through the whole material (honestly!)

I'll be on vacation from Saturday on for ~ two weeks, so you'll have a lot of time to read ...  :-)

wmp

Random Solutions  
 
programming4us programming4us