Screen-friendly page
Printer-friendly pageAIX Security
This page contains links to information about how to secure AIX systems.
General Guidelines
When working on any UNIX based system, be sure to check the following:
- Patching is your first line of defence. Start by installing any patches that your vendor may have. For Solaris, WSG provides superglue.
- Only essential services should be started out of inetd.conf. This should be determined on a per-machine basis, but a good rule of thumb is to turn off anything you can and run everything else through tcp wrappers.
- OpenSSH should be installed to replace telnet and older versions of SSH as the preferred means of remote access.
- Sendmail can, and should be turned off if there is no need for it on a particular system.
- Avoid using the root account when you don't have to.
- SuperUser accounts should be created for everyone who needs to operate as root. The permissions are the same, but SU accounts create an extra record of who did what.
- Netstat is a useful tool in checking for unwanted daemons. Look mainly at the tcp and udp lines.