ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Question for the AIX expert

1998-08-18 04:42:50
Subject: Re: Question for the AIX expert
From: Michael Abel <Michael.Abel AT RESNOVA DOT DE>
Date: Tue, 18 Aug 1998 10:42:50 +0200 
Eric,

AFAIK: there are no means to install TCB after AIX is installed.
BUT: if you want some of the features of TCB, not TCB itself - there is a
freeware tool called "tripwire" that covers some aspects of TCB, i.e.
checking files for permissions, sizes, checksum etc. so that you now if
somebody has tampered with them. Also before dealing with TCB or the like I
would focus on "normal" AIX security features like installing the necessary
fixes, securing the root user, removing "dangerous" commands, deactivating
unnecessary ports etc.

Mit freundlichem Gruss/Best Regards

Michael Abel
==================================
res nova Unternehmensberatung GmbH
                   ...aktiv in AIX
MAIL:  Ruppmannstrasse 41
       D-70565 Stuttgart, Germany
FON:   +49 711 78888 0
FAX:   +49 711 78888 99
WWW:   http://www.resnova.de
EMAIL: Michael.Abel AT resnova DOT de




Eric van Loon <evanloon AT KLM DOT NL> on 18.08.98 09:57:43

Please respond to "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>

To:   ADSM-L AT VM.MARIST DOT EDU
cc:    (bcc: Michael Abel/resnova)
Subject:  Question for the AIX expert




Dear ADSM friends!
We recently bought a 3466 Network Storage Manager (basically a very
complete
ADSM server on AIX).
I'm about to go into production with it, but a department responsible for a
company-wide security policy did a security audit on the machine.
There seems to be several security leaks, most of them can be fixed, but
one
of them is a big problem.
AIX offers, during installation, the option to use TCB's. TCB stands for
Trusting Computing Base and is a feature which allows you to log any
changes
made to binary files. This is a must-have to be security compliant in our
company.
The problem is that this option can only be set during AIX installation and
because the NSM comes pre-configured, I cannot set this option anymore.
The only way to have TCB's enabled seems to be a re-install of AIX and
ADSM,
but a lot of other stuff is also installed on the NSM (e.g. SNA server, a
fully configured WWW and FTP server, IPX and NETBIOS communication
software,
etc. etc.). Re-installing AIX would result in a non-NSM environment and
thus
I would loose the feature that comes with a NSM: the Engineering Change by
IBM (a engineer comes by about every 6 months to install fixes and new
releases for all NSM software).
I was hoping that a AIX expert out there knows a way to install the TCB
option without having to do a re-install or without loosing all the data.
I will appreciate your reply VERY much!
Kindest regards,
Eric van Loon
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Question for the AIX expert, Eric van Loon
Next by Date:  Delete filespace with macro, Stefan Cina
Previous by Thread:  Question for the AIX expert, Eric van Loon
Next by Thread:  Delete filespace with macro, Stefan Cina
Indexes:  [Date] [Thread] [Top] [All Lists]