[ Previous | Next | Table of Contents | Index | Library Home |
System Management Guide: Operating System and Devices
The following guidelines are for system administrators who need to
implement and to maintain basic system security.
Attention: Any operating environment might have unique
security requirements that are not addressed in these guidelines. To
establish a secure system, system administrators might need to implement
additional security measures not discussed here.
These guidelines do not include the following security
- Extended accounting
- Trusted Computing Base (TCB)
- Extended access control list functions
See Auditing Overview and Trusted Computing Base for information on these security subjects.
When installing the system, set the Install Trusted Computing
Base option to yes on the Installation and Settings menu. Leaving
the value at no during installation requires you to reinstall if you later
decide that you want a more secure system. Selecting yes enables
trusted path, trusted shell, and system integrity checking. After you
have installed the operating system and any major software packages, perform
the following actions:
- If your system is running TCP/IP, see TCP/IP Security
in AIX 5L Version 5.1 System Management Guide:
Communications and Networks for recommendations.
- Change the root password as soon as you log in to the new system.
- Activate minimal accounting by using the procedure in Setting Up an Accounting System
. However, consider not activating disk accounting and printing
accounting as specified in the procedure. Both of these functions
produce a large amount of data, and neither is vital to system
- If necessary, change the default user attributes by using the chsec command to edit the /usr/lib/security/mkuser.default
file. If you are not going to use the STAFF group as the system
default, set the pgrp variable to the name of the default group for
your system. Set your default to the group with the least privileges to
sensitive data on your system.
- Set the minimum password criteria by using the chsec command to
edit the default stanza of the /etc/security/user file, or by using the
chuser command to set password restrictions on specific users in
the /etc/security/user file. Set the password criteria to
the ones specified in the table of Recommended, Default, and
Maximum Password Attribute Values .
- Define the TMOUT and TIMEOUT values in the /etc/ profile file.
- Run the tcbck command to establish a
baseline of the Trusted Computing Base (TCB). Print the /etc/security/sysck.cfg configuration
file. Fix any problems now, and store the printout of the configuration
file in a secure place.
- Run the errpt command now. The
errpt command reports software and hardware errors logged by the
- If you are going to configure the skulker
command, modify the default cron job in the
/usr/spool/cron/crontabs/root file to send the output of the
skulker command to a file for review.
Note: Unless you have special system requirements, it is not
generally recommended that you configure the skulker
- Create a list of all directories and files in the system at this
point. Change to the / (root) directory with the cd command, and then use the su command
to gain root privilege. Type the following command:
ls -Ra -l -a > listofallfiles
If possible, print the listofallfiles file (it is several
thousand lines long). Store the printout in a secure place to refer to
later if your system develops problems.
- Turn the system key (if present) to the Normal position. Remove the
key, and store it in a secure location. In the Normal position the
system can be rebooted, but not into Service mode, thus preventing anyone from
resetting the root password. Single-user systems can leave the key in
the Normal position.
If you also want to prevent users from rebooting the machine at all, set
the key to the Secure position. This is recommended for multiuser
- Create the initial user IDs for the system.
- Decide if your system is to run continuously or is to be shut down every
Most multiuser systems should run continuously, although display terminals
are shut off when not in use.
If the system is shut down in the evenings, reschedule those
cron jobs that the system sets to run at 3 a.m. every
morning. These jobs include tasks such as daily accounting and the
removal of unnecessary files, both of which have an impact on system
security. Use the at command to check the cron
jobs schedule for when your machine is off, and reschedule them for other
If your system is going to run 24 hours a day, consider disabling all
remote or dial-in terminals at the end of the day (or whenever no authorized
users would be using them). You might want to set a cron job
to do this automatically.
Ensure that all the system-scheduled cron jobs, such as
accounting and auditing report generation, do not start at the same
time. If you have directed the output of these operations to a single
file, the output for these reports could be interleaved, making them hard to
Performed the following tasks periodically.
Perform the following tasks when adding users:
- Assign users to appropriate groups.
- Set initial passwords.
- Explain to users how to create acceptable passwords. Ensure that
users change their initial passwords when they first log in, and ensure they
follow the password guidelines.
- Give a written statement of your security policies to new users.
The statement should include:
- The policy on unattended terminals
- The password policy
- Directories users can safely use to store their own data
When a user is removed from the system, perform the following tasks:
- If the user is only being removed temporarily, consider just removing the
ability of the user ID to log in to the system. For more information,
see Chapter 4, Users and Groups .
- If the user is being removed permanently, remove all the user
information. See Chapter 4, Users and Groups for more information.
- Recover the system key (if present) from the user.
- Remove or reassign all the user's files on the system. You can
use the find command to produce a list of all
files owned by a user.
- Remove any at jobs the user has
scheduled. A user can schedule potentially damaging programs to run
long after the user is removed from the system by using the at
[ Previous | Next | Table of Contents | Index |
Library Home |