System Management Guide: Operating System and Devices

Setting Up and Maintaining System Security

The following guidelines are for system administrators who need to implement and to maintain basic system security.

Attention: Any operating environment might have unique security requirements that are not addressed in these guidelines. To establish a secure system, system administrators might need to implement additional security measures not discussed here.

• Setting Up Security at Installation
• Periodic Tasks for Maintaining System Security
• Security Tasks for Adding Users
• Security Tasks for Removing Users

These guidelines do not include the following security subjects:

• Extended accounting
• Auditing
• Trusted Computing Base (TCB)
• Extended access control list functions

See Auditing Overview and Trusted Computing Base for information on these security subjects.

Setting Up Security at Installation

When installing the system, set the Install Trusted Computing Base option to yes on the Installation and Settings menu. Leaving the value at no during installation requires you to reinstall if you later decide that you want a more secure system. Selecting yes enables trusted path, trusted shell, and system integrity checking. After you have installed the operating system and any major software packages, perform the following actions:

1. If your system is running TCP/IP, see TCP/IP Security in AIX 5L Version 5.1 System Management Guide: Communications and Networks for recommendations.
2. Change the root password as soon as you log in to the new system.
3. Activate minimal accounting by using the procedure in Setting Up an Accounting System . However, consider not activating disk accounting and printing accounting as specified in the procedure. Both of these functions produce a large amount of data, and neither is vital to system security.
4. If necessary, change the default user attributes by using the chsec command to edit the /usr/lib/security/mkuser.default file. If you are not going to use the STAFF group as the system default, set the pgrp variable to the name of the default group for your system. Set your default to the group with the least privileges to sensitive data on your system.
5. Set the minimum password criteria by using the chsec command to edit the default stanza of the /etc/security/user file, or by using the chuser command to set password restrictions on specific users in the /etc/security/user file. Set the password criteria to the ones specified in the table of Recommended, Default, and Maximum Password Attribute Values .
6. Define the TMOUT and TIMEOUT values in the /etc/ profile file.
7. Run the tcbck command to establish a baseline of the Trusted Computing Base (TCB). Print the /etc/security/sysck.cfg configuration file. Fix any problems now, and store the printout of the configuration file in a secure place.
8. Run the errpt command now. The errpt command reports software and hardware errors logged by the system.
9. If you are going to configure the skulker command, modify the default cron job in the /usr/spool/cron/crontabs/root file to send the output of the skulker command to a file for review.

   Note: Unless you have special system requirements, it is not generally recommended that you configure the skulker command.

10. Create a list of all directories and files in the system at this point. Change to the / (root) directory with the cd command, and then use the su command to gain root privilege. Type the following command:

    ls -Ra -l -a > listofallfiles
    

    If possible, print the listofallfiles file (it is several thousand lines long). Store the printout in a secure place to refer to later if your system develops problems.

11. Turn the system key (if present) to the Normal position. Remove the key, and store it in a secure location. In the Normal position the system can be rebooted, but not into Service mode, thus preventing anyone from resetting the root password. Single-user systems can leave the key in the Normal position.

    If you also want to prevent users from rebooting the machine at all, set the key to the Secure position. This is recommended for multiuser systems.

12. Create the initial user IDs for the system.
13. Decide if your system is to run continuously or is to be shut down every evening.

    Most multiuser systems should run continuously, although display terminals are shut off when not in use.

    If the system is shut down in the evenings, reschedule those cron jobs that the system sets to run at 3 a.m. every morning. These jobs include tasks such as daily accounting and the removal of unnecessary files, both of which have an impact on system security. Use the at command to check the cron jobs schedule for when your machine is off, and reschedule them for other times.

    If your system is going to run 24 hours a day, consider disabling all remote or dial-in terminals at the end of the day (or whenever no authorized users would be using them). You might want to set a cron job to do this automatically.

    Ensure that all the system-scheduled cron jobs, such as accounting and auditing report generation, do not start at the same time. If you have directed the output of these operations to a single file, the output for these reports could be interleaved, making them hard to read.

Periodic Tasks for Maintaining System Security

Performed the following tasks periodically.

• Perform system backups and check the backup tapes, probably weekly.
• Use the tcbck command daily or weekly.
• Run the grpck, pwdck, and usrck commands daily, or at least weekly.
• Update the /etc/security/sysck.cfg file whenever important files or suid programs are added to the system.
• Check the accounting output weekly.
• Run the errpt command periodically, at least weekly.

  The error logging system is active as long as the errdemon is running; the errdemon is started automatically when the system is booted. For more information about error logging, see the Error Logging Overview in Messages Guide and Reference.

• If you are using auditing, check the output at least weekly and back up the auditing output periodically. Auditing output grows quickly. Reduced the size of the files periodically.

Security Tasks for Adding Users

Perform the following tasks when adding users:

1. Assign users to appropriate groups.
2. Set initial passwords.
3. Explain to users how to create acceptable passwords. Ensure that users change their initial passwords when they first log in, and ensure they follow the password guidelines.
4. Give a written statement of your security policies to new users. The statement should include:
   • The policy on unattended terminals
   • The password policy
   • Directories users can safely use to store their own data

Security Tasks for Removing Users

When a user is removed from the system, perform the following tasks:

1. If the user is only being removed temporarily, consider just removing the ability of the user ID to log in to the system. For more information, see Chapter 4, Users and Groups .
2. If the user is being removed permanently, remove all the user information. See Chapter 4, Users and Groups for more information.
3. Recover the system key (if present) from the user.
4. Remove or reassign all the user's files on the system. You can use the find command to produce a list of all files owned by a user.
5. Remove any at jobs the user has scheduled. A user can schedule potentially damaging programs to run long after the user is removed from the system by using the at command.