[ Previous | Next | Contents | Glossary | Home | Search ]
AIX Version 4.3 System Management Guide: Operating System and Devices

Setting Up and Maintaining System Security

The following guidelines are for system administrators who need to implement and to maintain basic system security.

Attention: Any operating environment may have unique security requirements that are not addressed in these guidelines. To establish a secure system, system administrators may need to implement additional security measures not discussed here.

These guidelines do not include the following security subjects:

See "Auditing Overview", and "Trusted Computing Base Overview" for information on these security subjects.

Setting Up Security at Installation

When installing the system, set the Install Trusted Computing Base option to yes on the Installation and Settings menu. Leaving the value at no during installation will require you to reinstall if you later decide that you want a more secure system. Selecting yes enables trusted path, trusted shell, and system integrity checking. After you have installed the operating system and any major software packages, perform the following actions:

  1. If your system is running TCP/IP, see "TCP/IP Security" in AIX Version 4.3 System Management Guide: Communications and Networks for recommendations.
  2. Change the root password as soon as you log on to the new system.
  3. Activate minimal accounting by using the procedure in "Setting Up an Accounting System". However, you should consider not activating disk accounting and printing accounting as specified in the procedure. Both of these functions produce a large amount of data, and neither is vital to system security.
  4. If necessary, change the default user attributes by using the chsec command to edit the /usr/lib/security/mkuser.default file. If you are not going to use the STAFF group as the system default, set the pgrp variable to the name of the default group for your system. You should set your default to the group with the least privileges to sensitive data on your system.
  5. Set the minimum password criteria by using the chsec command to edit the default stanza of the /etc/security/user file, or by using the chuser command to set password restrictions on specific users in the /etc/security/user file. Set the password criteria to the ones specified in the table of Recommended, Default, and Maximum Password Attribute Values.
  6. Define the TMOUT and TIMEOUT values in the /etc/profile file.
  7. Run the tcbck command to establish a baseline of the Trusted Computing Base (TCB). Print the /etc/security/sysck.cfg configuration file. Fix any problems now, and store the printout of the configuration file in a secure place.
  8. Run the errpt command now. The errpt command reports software and hardware errors logged by the system.
  9. If you are going to configure the skulker command, modify the default cron job in the /usr/spool/cron/crontabs/root file to send the output of the skulker command to a file for review.
    Note: Unless you have special system requirements, it is not generally recommended that you configure the skulker command.
  10. Create a list of all directories and files in the system at this point. Change to the / (root) directory with the cd command, and then use the su command to gain root privilege. Enter the following command:
    li -Ra -l -a > listofallfiles
    If possible, you should print the listofallfiles file (it will be several thousand lines long). Store the printout in a secure place to refer to later if your system develops problems.
  11. Turn the system key (if present) to the Normal position. Remove the key, and store it in a secure location. In the Normal position the system can be rebooted, but not into Service mode, thus preventing anyone from resetting the root password. Single-user systems can leave the key in the Normal position.

    If you also want to prevent users from rebooting the machine at all, set the key to the Secure position. This is recommended for multiuser systems.

  12. Create the initial user IDs for the system.
  13. Decide if your system will run continuously or be shut down every evening.

    Most multiuser systems should be left running continuously, although display terminals should be shut off when not in use.

    If the system will be shut down in the evenings, you should reschedule those cron jobs that the system sets to run at 3 a.m. every morning. These jobs include tasks such as daily accounting and the removal of unnecessary files, both of which have an impact on system security. Use the at command to check the cron jobs schedule for when your machine will be off, and reschedule them for other times.

    If your system is going to run 24 hours a day, consider disabling all remote or dial-in terminals at the end of the day (or whenever no authorized users would be using them). You may want to set a cron job to do this automatically.

    You should also ensure that all the system-scheduled cron jobs, such as accounting and auditing report generation, do not start at the same time. If you have directed the output of these operations to a single file, the output for these reports could be interleaved, making them hard to read.

Periodic Tasks for Maintaining System Security

The following tasks should be performed periodically.

Security Tasks for Adding Users

You should perform the following tasks when adding users:

  1. Assign users to appropriate groups.
  2. Set initial passwords.
  3. Explain to users how to create acceptable passwords. Ensure that users change their initial passwords when they first log in, and ensure they follow the password guidelines.
  4. Give a written statement of your security policies to new users. The statement should include:

Security Tasks for Removing Users

When a user is removed from the system, perform the following tasks:

  1. If the user is only being removed temporarily, consider just removing the ability of the user ID to log in to the system. For more information, see "Managing Users and Group".
  2. If the user is being removed permanently, remove all the user information. See "Managing Users and Group" for more information.
  3. Recover the system key (if present) from the user.
  4. Remove or reassign all the user's files on the system. You can use the find command to produce a list of all files owned by a user.
  5. Remove any at jobs the user has scheduled. A user can schedule potentially damaging programs to run long after the user is removed from the system by using the at command.

[ Previous | Next | Contents | Glossary | Home | Search ]