ADSM-L

Question for the AIX expert

1998-08-18 03:57:43
Subject: Question for the AIX expert
From: Eric van Loon <evanloon AT KLM DOT NL>
Date: Tue, 18 Aug 1998 09:57:43 +0200
Dear ADSM friends!
We recently bought a 3466 Network Storage Manager (basically a very complete
ADSM server on AIX).
I'm about to go into production with it, but a department responsible for a
company-wide security policy did a security audit on the machine.
There seems to be several security leaks, most of them can be fixed, but one
of them is a big problem.
AIX offers, during installation, the option to use TCB's. TCB stands for
Trusting Computing Base and is a feature which allows you to log any changes
made to binary files. This is a must-have to be security compliant in our
company.
The problem is that this option can only be set during AIX installation and
because the NSM comes pre-configured, I cannot set this option anymore.
The only way to have TCB's enabled seems to be a re-install of AIX and ADSM,
but a lot of other stuff is also installed on the NSM (e.g. SNA server, a
fully configured WWW and FTP server, IPX and NETBIOS communication software,
etc. etc.). Re-installing AIX would result in a non-NSM environment and thus
I would loose the feature that comes with a NSM: the Engineering Change by
IBM (a engineer comes by about every 6 months to install fixes and new
releases for all NSM software).
I was hoping that a AIX expert out there knows a way to install the TCB
option without having to do a re-install or without loosing all the data.
I will appreciate your reply VERY much!
Kindest regards,
Eric van Loon
<Prev in Thread] Current Thread [Next in Thread>