Security checklist the following is a checklist of security actions to perform on a newly installed or existing system although this list is not a complete security checklist, it can be used as a foundation to build a security checklist for your environment. Checklist where possible we have indicated the controls where the purpose of the server is necessary to determine the most secure configuration eg the purpose of the server is important to determine what services are to be commented out in the inetdconf file checklist no control 1. Aix checklist ix batch jobs security a scheduled jobs within the unix environment are setup in a file called the crontabs this file has a one line entry for each job to be executed at a given time this file, especially the one owned by root, should be reviewed to ensure that only valid entries and jobs are run b. Source -- ibm elements of aix security, rs6000 aix audit program (final) evaluation criteria aix control technique initialization files verify that only root can read and write to should only be readable /etc/inittab, /ect/rc and writeable by root.
Installation audit steps a review any design criteria for system security b determine whether the user access is controlled through the operating system, the database management system, or the application front-end menu system. The audit subsystem in aix technote (faq) question this document discusses the basic components and configuration of auditing on aix answer this document is intended to simplify the use of the auditing system provided in aix and applies to all versions of aix it includes information on what auditing offers, what its requirements are, and.
The move to an extensible configuration checklist description format (xccdf) formatted stig provides the ability for the consumption of the stigs by the various automated assessment tools, such as host based security system (hbss. Using the aix audit produces a lot of records that are triggered by the configured events on the system these events need to be kept for an external audit reviewer however, for day-to-day internal reports, a lot of these events can be filtered out, and the remaining records can be used to produce a more centered, daily audit report aix provides the auditselect utility to extract records. Unix/aix general controls audit program purpose: to help audit project teams evaluate the system of controls over unix/aix operating system installations background: this work plan applies to audits involving this platform aix is the ibm version of unix many versions of unix exist, and there are areasusing environments other than aix rs6000.
Check list project finance information required 1 brief description of every project sponsor: company history, establishment date, legal form, ownership, subsidiaries, core activities brief description of every project sponsor: company history, establishment date, legal form, ownership, subsidiaries, core activities. A list of audit events built into aix, along with a list of predefined audit objects, can be found in the file /etc/security/audit/events in general, auditing events are defined at the system call level a single operation at the command line would result in records of several events in the audit trail.
Checklist summary: to improve consistency, efficiency, accuracy, and automation of our stigs, we are moving towards the adoption of the security content automation protocol (scap. Aix security configuration audit – “i need a compliance report asap” november 20, 2013 simon culligan aix security compliance audit, technical, 0 how often does your it security team ask you to run a “quick” security compliance audit on your aix server infrastructure.
The diy aix system health checklist is for system administrators to give some pointers on things to look at and monitor on their systems it has been developed in my many years in aix support with much assistance from colleagues and reading (documentation, redbooks and whitepapers and much much more.
Aix checklist by:frank w - aix audit check list introduction lyons president of entellus technology group, inc 407-774-8397 [email protected] com i preliminary steps a obtain an organizational chart of the group responsible for the operating environment b obtain any existing security and control procedures c obtain a description of the network configuration d obtain a. Aix audit check list aix checklist by:frank w - aix audit check list introduction lyons president of entellus technology group, inc 407-774-8397 [email protected] com i preliminary steps a obtain an organizational chart of the group responsible for the operating environment b. What are the key unix (aix/hp/solaris & linux) audit checklist in a network environment software/hardware used: hardware and software. Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from techtarget experts don’t miss out on this exclusive content.