CITES | University of Illinois

AIX Security

This page contains links to information about how to secure AIX systems.

General Guidelines

When working on any UNIX based system, be sure to check the following:

  • Patching is your first line of defence. Start by installing any patches that your vendor may have. For Solaris, WSG provides superglue.
  • Only essential services should be started out of inetd.conf. This should be determined on a per-machine basis, but a good rule of thumb is to turn off anything you can and run everything else through tcp wrappers.
  • OpenSSH should be installed to replace telnet and older versions of SSH as the preferred means of remote access.
  • Sendmail can, and should be turned off if there is no need for it on a particular system.
  • Avoid using the root account when you don't have to.
  • SuperUser accounts should be created for everyone who needs to operate as root. The permissions are the same, but SU accounts create an extra record of who did what.
  • Netstat is a useful tool in checking for unwanted daemons. Look mainly at the tcp and udp lines.