IBM®
Skip to main content
    Country/region [select]      Terms of use
 
 
    
     Home      Products      Services & solutions      Support & downloads      My account     
 
developerworks > My developerWorks >  Dashboard > AIX > ... > Movies > aixpert
developerWorks
Log In   View a printable version of the current page.
Overview Connect Spaces Forums Wikis
aixpert
Browse space Browse Space    
Added by nagger, last edited by nagger on Feb 02, 2009  (view change)
Labels: 
(None)

aixpert - Hints & Tips

This is a hints and tips page for the AIX aixpert command available on AIX 5.3 TL09 and AIX 6. This all might work on older versions of AIX back to say AIX 5.3 TL06 but I haven't checked.

System Administrators have a number of key rolls including

  • Backup of all important data and readiness to disaster recovery - they should be sacked if this is not done as it can cause a company failure.
  • Services are Up and running for their user departments and this involves monitoring - users will soon complain if this is not true.
  • Security - this tends to become important only after a serious problem!!
    • System Hardening from ugly criminal attack over a network
    • Compliance with financial laws and proof this is in place

System Hardening is Hard Work as it covers so many area:

  • User password controls
  • Root access and SUID
  • Access failures
  • Network settings
  • Disabling unnecessary Services & Daemons
  • Auditing and proof of auditing

How is this done?

  • Man power intensive hand-on typing from a list of commands
  • Home grown shell scripts to set & test

But there are limits

  • You can never be sure if you have forgotten something?
  • With dozens to 100's of machines/LPAR this is often done once and then forgotten about?

Compliance is mandatory in many industries and a good thing for everyone else too!

  • SOX - Sarbanes-Oxley Act, 2002 by USA Government - the result of financial reporting issues in large companies that failed. It is a document on Finance Reporting but in general terms. It has eleven 11 chapters in legal terms and not in IT actions.
  • COBIT - Control OBjectives for Information & related Technology - A further refining document, more of a Guideline & Best Practice document, not platform specific and not commands, script or tools to be used.
  • AIXpert - AIX Security Expert the tool for AIX to implement the above
  • aixpert settings decided by
    • IBM security expert team and AIX Labs
    • AIX user community (including large UK banks)
  • But you have to make up your own mind too - IBM does not take responsibility for your compliance.

User Interfaces for aixpert

There are many interfaces to access the underlying aixpert command line interface tool including:

  • smit or smitty
  • pConsole (officially IBM Systems Director 6.1 Console for AIX (phew what a mouthful!)
    ]
  • Director 6 - this launches the pConsole
  • WebSM - the older Web based System Manager which does allow tick boxes to select rules although the details are ambiguous)
  • But recommended is direct use of the command, as you can make a custom rules file and distribute it across machines 
    root:/# aixpert -?
aixpert -l high|medium|low|default|sox-cobit
aixpert -l h|m|l|d|s [-p] [ -n -o filename ] [ -a -o filename ]
aixpert -c [-l <level>] [-p]
aixpert -u [-p]
aixpert -d
aixpert [ -f filename ] [ -a -o filename ] [-p]
root:/#

Security Levels

High Security

  • Direct Internet running web server with important data
  • Banned are Telnet, FTP, rlogin
  • Start services and then go High Security - in use ports not blocked but others will be.
    Medium Security
  • Corporate network Firewall protected
  • Telnet, FTP are in use
  • Wants port scanning and user account protection
    Low Security
  • Been running for a long time on isolated secure network
  • Need to keep all services available
    Default
  • As comes with AIX standard install
    SOX-COBIT
  • The setting recommended for compliance

Want More?

Go to the IBM Redbooks website http://www.redbooks.ibm.com and find the AIX 6 Advanced Security Features Redbook

Underlying aixpert Files

  • /etc/security/aixpert/core/aixpertall.xml
    • XML file of all possible settings
  • /etc/security/aixpert/core/appliedaixpert.xml
    • XML file of applied security
  • /etc/security/aixpert/log/aixpert.log
    • Trace log of applied settings
    • Does not use syslog, aixpert writes directly to this file
  • /etc/security/aixpert/core/undo.xml
    • XLM file of settings, which can be undone

You should NOT be changing these directly in any way - you can extract from the aixpertall.xml file using the aixpert command to make your own rules file.

WARNING !!!

  • High Level Security - really means High Level
  • Can lock the root user due to password aging
  • So set your root password before using aixpert
    • If you get caught out by this there is no way to switch off security - that would not be secure.
    • You will have to reboot the system/LPAR in Diagnostics mode, go single user, mount the root file system and modify the root user account and reboot again to recover this.
    • This is still secure was you will need physical access to the machine or HMC/IVM access for virtual console work. If you have this level of access ... you could steal the machine!!
  • Also if you disable telnet make sure you have a way to get on to the machine!!
    • Currently logged on telnet sessions will continue to work but if you disconnect you will never get back in using telenet.
    • You will need one of the following: dumb console, HMC virtual console, IVM virtual console, ssh fully working and tested or some other security channel/package.

Command used in the aixpert movie

  1. Go to security level "low": aixpert -l low
    • This produced the failure "prereqtcb" and warning "lls_tcpupdate"
  2. Extract the low level rules to my own custom file in a secure directory: aixpert -l low -n -o /etc/security/aix/custom/mysettings.xml
  3. Investigate and remove the tcb rule we decided not to use: vi /etc/security/aix/custom/mysettings.xml
    • The rule "lls_tcpupdate" was removed.
  4. Go back to default level: aixpert -l default
  5. Implement my own settings: aixpert -f /etc/security/aix/custom/mysettings.xml
  6. Check the rules are still applied: aixpert -c -l low
  7. Modify the maxage (password age in weeks): vi /etc/security/user
  8. Check the rules are still applied: aixpert -c -l low
    • One failure spotted here
  9. Change back yo original value the maxage (password age in weeks): vi /etc/security/user
  10. Check the rules are still applied: aixpert -c -l low
    • No failures
  11. Go back to default AIX security level: aixpert -l default
  12. Set High AIX security level: aixpert -l high
    • Now telnet fails

Note:

  • If you use the -p option then you get to see verbose output as each rule is covered - this is nice positive feedback

Rules, Commands and Arguments

List of "aixpert" Rules, commands and arguments for AIX6 TL02

  • oslevel -s: 6100-02-02-0849
  • Taken from /usr/security/aixpert/aixpertall.xml
  • Hopefully you can use this to see the details of every rule and the underlying commands and arguments so you can determine the level you what to use and what is involved.
Entry Name Function Rule Type Desciption Command Arguments Group
prereqbinaudit prereqbinaudit Prereq Prereq rule for binaudit: Checks whether auditing is running or not /etc/security/aixpert/bin/prereqbinaudit none none
prereqcde prereqcde Prereq Prereq rule for CDE: Checks whether CDE entry eixsts or not in /etc/inittab. /etc/security/aixpert/bin/prereqcde none none
prereqgated prereqgated Prereq Prereq rule for gated: Checks whether the system is configured to be a router or not /etc/security/aixpert/bin/prereqgated none none
prereqipsec prereqipsec Prereq Prereq rule for IPSec: Checks whether IPSec is enabled or not /etc/security/aixpert/bin/prereqipsec none none
prereqlft prereqlft Prereq Prereq rule for LFT: Checks whether LFT is configured or not /etc/security/aixpert/bin/prereqlft none none
prereqlh prereqlh Prereq Prereq rule for loginherald: Checks the herald value is set or not /etc/security/aixpert/bin/prereqlh none none
prereqnosyn prereqnosyn Prereq Prereq rule for NoSyn: Checks whether IPSec is enabled or not, if its not, then enable it /etc/security/aixpert/bin/prereqnosyn none none
prereqrl prereqrl Prereq Prereq rule for root login: Checks whether any non root user exists who has login privileges /etc/security/aixpert/bin/prereqrl none none
prereqrrl prereqrrl Prereq Prereq rule for remote root login: Checks whether any non root user exists with privileges to login remotely /etc/security/aixpert/bin/prereqrrl none none
prereqtcb prereqtcb Prereq Prereq rule for TCB: Checks whether TCB is enabled or not /etc/security/aixpert/bin/prereqtcb none none
prereqsed prereqsed Prereq Prereq rule for SED: Checks whether the machine has 64 bit kernel support or not /etc/security/aixpert/bin/prereqsed none none
prereqnontcb prereqnontcb Prereq Prereq rule for non-TCB: Checks whether the system is non TCB or not /etc/security/aixpert/bin/prereqnontcb none none
hls_minage minage
High Security
 Minimum age for password: Specifies the minimum number of weeks to 1 week, before a password can be changed /etc/security/aixpert/bin/chusrattr minage=1 ALL hls_minage Password policy rules
mls_minage minage
Medium Security
 Minimum age for password: Specifies the minimum number of weeks to 4 weeks, before a password can be changed /etc/security/aixpert/bin/chusrattr minage=4 ALL mls_minage Password policy rules
dls_minage minage
Default
 Minimum age for password: Removes any minimum number of weeks requirements before a password can be changed /etc/security/aixpert/bin/chusrattr minage=0 ALL dls_minage Password policy rules
hls_maxage maxage
High Security
 Maximum age for password: Specifies the maximum number of weeks (13 weeks) that a password is valid /etc/security/aixpert/bin/chusrattr maxage=13 ALL hls_maxage Password policy rules
mls_maxage maxage
Medium Security
 Maximum age for password: Specifies the maximum number of weeks (13 weeks) that a password is valid /etc/security/aixpert/bin/chusrattr maxage=13 ALL mls_maxage Password policy rules
lls_maxage maxage
Low Security
 Maximum age for password: Specifies the maximum number of weeks (13 weeks) that a password is valid /etc/security/aixpert/bin/chusrattr maxage=52 ALL lls_maxage Password policy rules
dls_maxage maxage
Default
 Maximum age for password: Removes any minimum number of weeks requirements, that a password is valid /etc/security/aixpert/bin/chusrattr maxage=0 ALL dls_maxage Password policy rules
hls_maxexpired maxexpired
High Security
 Time to change password after the expiration: Specifies the maximum number of weeks to 2 weeks, after maxage that an expired password can be changed by the user /etc/security/aixpert/bin/chusrattr maxexpired=2 ALL hls_maxexpired Password policy rules
mls_maxexpired maxexpired
Medium Security
 Time to change password after the expiration: Specifies the maximum number of weeks to 4 weeeks, after maxage that an expired password can be changed by the user /etc/security/aixpert/bin/chusrattr maxexpired=4 ALL mls_maxexpired Password policy rules
lls_maxexpired maxexpired
Low Security
 Time to change password after the expiration: Specifies the maximum number of weeks to 8 weeeks, after maxage that an expired password can be changed by the user /etc/security/aixpert/bin/chusrattr maxexpired=8 ALL lls_maxexpired Password policy rules
dls_maxexpired maxexpired
Default
 Time to change password after the expiration: Removes any minimum number of weeks requirements, after maxage that an expired password can be changed by the user /etc/security/aixpert/bin/chusrattr maxexpired=-1 ALL dls_maxexpired Password policy rules
hls_minlen minlen
High Security
 Minimum length for password: Specifies the minimum length of a password to 8 /etc/security/aixpert/bin/chusrattr minlen=8 ALL hls_minlen Password policy rules
mls_minlen minlen
Medium Security
 Minimum length for password: Specifies the minimum length of a password to 8 /etc/security/aixpert/bin/chusrattr minlen=8 ALL mls_minlen Password policy rules
lls_minlen minlen
Low Security
 Minimum length for password: Specifies the minimum length of a password to 8 /etc/security/aixpert/bin/chusrattr minlen=8 ALL lls_minlen Password policy rules
dls_minlen minlen
Default
 Minimum length for password: Removes the minimum length constraint on password /etc/security/aixpert/bin/chusrattr minlen=0 ALL dls_minlen Password policy rules
hls_minalpha minalpha
High Security
 Minimum number of alphabetic chars: Specifies the minimum number of alphabetic characters in a password to 2 /etc/security/aixpert/bin/chusrattr minalpha=2 ALL hls_minalpha Password policy rules
mls_minalpha minalpha
Medium Security
 Minimum number of alphabetic chars: Specifies the minimum number of alphabetic characters in a password to 2 /etc/security/aixpert/bin/chusrattr minalpha=2 ALL mls_minalpha Password policy rules
lls_minalpha minalpha
Low Security
 Minimum number of alphabetic chars: Specifies the minimum number of alphabetic characters in a password to 2 /etc/security/aixpert/bin/chusrattr minalpha=2 ALL lls_minalpha Password policy rules
dls_minalpha minalpha
Default
 Minimum number of alphabetic chars: Removes the minimum number of alphabetic characters constraint, in a password /etc/security/aixpert/bin/chusrattr minalpha=0 ALL dls_minalpha Password policy rules
hls_minother minother
High Security
 Minimum number of non-alphabetic chars: Specifies the minimum number of non-alphabetic characters in a password to 2 /etc/security/aixpert/bin/chusrattr minother=2 ALL hls_minother Password policy rules
mls_minother minother
Medium Security
 Minimum number of non-alphabetic chars: Specifies the minimum number of non-alphabetic characters in a password to 2 /etc/security/aixpert/bin/chusrattr minother=2 ALL mls_minother Password policy rules
lls_minother minother
Low Security
 Minimum number of non-alphabetic chars: Specifies the minimum number of non-alphabetic characters in a password to 2 /etc/security/aixpert/bin/chusrattr minother=2 ALL lls_minother Password policy rules
dls_minother minother
Default
 Minimum number of non-alphabetic chars: Removes the minimum number of non-alphabetic characters constraint, in a password /etc/security/aixpert/bin/chusrattr minother=0 ALL dls_minother Password policy rules
hls_maxrepeats maxrepeats
High Security
 Maximum times a char can appear in a password: Specifies the maximum number of times a character can appear in a password to 2 /etc/security/aixpert/bin/chusrattr maxrepeats=2 ALL hls_maxrepeats Password policy rules
dls_maxrepeats maxrepeats
Default
 Maximum times a char can appear in a password: Specifies the maximum number of times a character can appear in a password to 8 /etc/security/aixpert/bin/chusrattr maxrepeats=8 ALL dls_maxrepeats Password policy rules
hls_mindiff mindiff
High Security
 Minimum number of chars: Specifies the minimum number of characters required in a new password to 4, that were not in the old password /etc/security/aixpert/bin/chusrattr mindiff=4 ALL hls_mindiff Password policy rules
mls_mindiff mindiff
Medium Security
 Minimum number of chars: Specifies the minimum number of characters required in a new password to 4, that were not in the old password /etc/security/aixpert/bin/chusrattr mindiff=4 ALL mls_mindiff Password policy rules
lls_mindiff mindiff
Low Security
 Minimum number of chars: Specifies the minimum number of characters required in a new password to 4, that were not in the old password /etc/security/aixpert/bin/chusrattr mindiff=4 ALL lls_mindiff Password policy rules
dls_mindiff mindiff
Default
 Minimum number of chars: Removes the constraint on the minimum number of characters required in a new password that were not in the old password /etc/security/aixpert/bin/chusrattr mindiff=0 ALL dls_mindiff Password policy rules
hls_histexpire histexpire
High Security
 Password reset time: Specifies the number of weeks to 13 weeks, before a password can be reused /etc/security/aixpert/bin/chusrattr histexpire=13 ALL hls_histexpire Password policy rules
mls_histexpire histexpire
Medium Security
 Password reset time: Specifies the number of weeks to 13 weeks, before a password can be reused /etc/security/aixpert/bin/chusrattr histexpire=13 ALL mls_histexpire Password policy rules
lls_histexpire histexpire
Low Security
 Password reset time: Specifies the number of weeks to 26 weeks, before a password can be reused /etc/security/aixpert/bin/chusrattr histexpire=26 ALL lls_histexpire Password policy rules
dls_histexpire histexpire
Default
 Password reset time: Removes any minimum number of weeks requirements before a password can be reused /etc/security/aixpert/bin/chusrattr histexpire=0 ALL dls_histexpire Password policy rules
hls_histsize histsize
High Security
 Password reuse time: Specifies the number of previous passwords a user cannot resuse to 20 /etc/security/aixpert/bin/chusrattr histsize=20 ALL hls_histsize Password policy rules
mls_histsize histsize
Medium Security
 Password reuse time: Specifies the number of previous passwords a user cannot resuse to 4 /etc/security/aixpert/bin/chusrattr histsize=4 ALL mls_histsize Password policy rules
lls_histsize histsize
Low Security
 Password reuse time: Specifies the number of previous passwords a user cannot resuse to 4 /etc/security/aixpert/bin/chusrattr histsize=4 ALL lls_histsize Password policy rules
dls_histsize histsize
Default
 Password reuse time: Removes the constraint on the number of previous passwords a user cannot reuse /etc/security/aixpert/bin/chusrattr histsize=0 ALL dls_histsize Password policy rules
hls_pwdwarntime pwdwarntime
High Security
 Password expiration warning time: Specifies the number of days to 5 days, before the system issues a warning that a password change is required /etc/security/aixpert/bin/chusrattr pwdwarntime=5 ALL hls_pwdwarntime Password policy rules
mls_pwdwarntime pwdwarntime
Medium Security
 Password expiration warning time: Specifies the number of days to 5 days, before the system issues a warning that a password change is required /etc/security/aixpert/bin/chusrattr pwdwarntime=5 ALL mls_pwdwarntime Password policy rules
lls_pwdwarntime pwdwarntime
Low Security
 Password expiration warning time: Specifies the number of days to 5 days, before the system issues a warning that a password change is required /etc/security/aixpert/bin/chusrattr pwdwarntime=5 ALL lls_pwdwarntime Password policy rules
dls_pwdwarntime pwdwarntime
Default
 Password expiration warning time: Removes the constraint on the number of days before the system issues a warning that a password change is required /etc/security/aixpert/bin/chusrattr pwdwarntime=0 ALL dls_pwdwarntime Password policy rules
hls_usrck usrck
High Security
 Check user definitions: Verifies the correctness of user definitions and fixes the errors /etc/security/aixpert/bin/execmds "/usr/bin/usrck -y ALL; /usr/bin/usrck -n ALL" User Group System and Password Definitions
mls_usrck usrck
Medium Security
 Check user definitions: Verifies the correctness of user definitions and fixes the errors /etc/security/aixpert/bin/execmds "/usr/bin/usrck -y ALL; /usr/bin/usrck -n ALL" User Group System and Password Definitions
lls_usrck usrck
Low Security
 Check user definitions: Verifies the correctness of user definitions and fixes the errors /etc/security/aixpert/bin/execmds "/usr/bin/usrck -y ALL; /usr/bin/usrck -n ALL" User Group System and Password Definitions
hls_pwdck pwdck
High Security
 Check password definitions: Verifies the correctness of password definitions and fixes the errors, also locks the users without a password /etc/security/aixpert/bin/pwdckhls none User Group System and Password Definitions
mls_pwdck pwdck
Medium Security
 Check password definitions: Verifies the correctness of password definitions and fixes the errors /etc/security/aixpert/bin/execmds "/usr/bin/pwdck -y ALL; /usr/bin/pwdck -n ALL" User Group System and Password Definitions
lls_pwdck pwdck
Low Security
 Check password definitions: Verifies the correctness of password definitions and fixes the errors /etc/security/aixpert/bin/execmds "/usr/bin/pwdck -y ALL; /usr/bin/pwdck -n ALL" User Group System and Password Definitions
hls_grpck grpck
High Security
 Check group definitions: Verifies the correctness of group definitions and fixes the errors /etc/security/aixpert/bin/execmds "/usr/sbin/grpck -y ALL; /usr/sbin/grpck -n ALL" User Group System and Password Definitions
mls_grpck grpck
Medium Security
 Check group definitions: Verifies the correctness of group definitions and fixes the errors /etc/security/aixpert/bin/execmds "/usr/sbin/grpck -y ALL; /usr/sbin/grpck -n ALL" User Group System and Password Definitions
lls_grpck grpck
Low Security
 Check group definitions: Verifies the correctness of group definitions and fixes the errors /etc/security/aixpert/bin/execmds "/usr/sbin/grpck -y ALL; /usr/sbin/grpck -n ALL" User Group System and Password Definitions
hls_tcbupdate tcbupdate
High Security
 TCB update: Updates Trusted Computing Base /etc/security/aixpert/bin/execmds "tcbck -y ALL; tcbck -n ALL" User Group System and Password Definitions
mls_tcbupdate tcbupdate
Medium Security
 TCB update: Updates Trusted Computing Base /etc/security/aixpert/bin/execmds "tcbck -y ALL; tcbck -n ALL" User Group System and Password Definitions
lls_tcbupdate tcbupdate
Low Security
 TCB update: Updates Trusted Computing Base /etc/security/aixpert/bin/execmds "tcbck -y ALL; tcbck -n ALL" User Group System and Password Definitions
dls_tcbupdate tcbupdate
Default
 TCB update: Updates Trusted Computing Base /etc/security/aixpert/bin/execmds "tcbck -y ALL; tcbck -n ALL" User Group System and Password Definitions
hls_loginretries loginretries
High Security
 Number of login attempts before locking the account: Specifies the number of consecutive unsuccessful login attempts to 3, for each non-root user account before the account is disabled /etc/security/aixpert/bin/chusrattr loginretries=3 NONROOT hls_loginretries Login policy recommendations
mls_loginretries loginretries
Medium Security
 Number of login attempts before locking the account: Specifies the number of consecutive unsuccessful login attempts to 4, for each non-root user account before the account is disabled /etc/security/aixpert/bin/chusrattr loginretries=4 NONROOT mls_loginretries Login policy recommendations
lls_loginretries loginretries
Low Security
 Number of login attempts before locking the account: Specifies the number of consecutive unsuccessful login attempts to 5, for each non-root user account before the account is disabled /etc/security/aixpert/bin/chusrattr loginretries=5 NONROOT lls_loginretries Login policy recommendations
dls_loginretries loginretries
Default
 Number of login attempts before locking the account: Removes the constraint on the number of consecutive unsuccessful login attempts per non-root user account before the account is disabled /etc/security/aixpert/bin/chusrattr loginretries=0 ALL dls_loginretries Login policy recommendations
hls_logindelay logindelay
High Security
 Delay between unsuccessful logins: Specifies the delay between unsuccessful logins to 10 seconds /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logindelay=10 default hls_logindelay Login policy recommendations
mls_logindelay logindelay
Medium Security
 Delay between unsuccessful logins: Specifies the delay between unsuccessful logins to 5 seconds /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logindelay=5 default mls_logindelay Login policy recommendations
lls_logindelay logindelay
Low Security
 Delay between unsuccessful logins: Specifies the delay between unsuccessful logins to 5 seconds /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logindelay=5 default lls_logindelay Login policy recommendations
dls_logindelay logindelay
Default
 Delay between unsuccessful logins: Removes any login delays between two unsuccessful login attempts /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logindelay=0 default dls_logindelay Login policy recommendations
hls_logindisable logindisable
High Security
 Disable login after unsuccessful login attempts: Specifies the number of unsuccessful login attempts on a port to 10, before the port is locked /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logindisable=10 default hls_logindisable Login policy recommendations
mls_logindisable logindisable
Medium Security
 Disable login after unsuccessful login attempts: Specifies the number of unsuccessful login attempts on a port to 10, before the port is locked /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logindisable=10 default mls_logindisable Login policy recommendations
dls_logindisable logindisable
Default
 Remove the unsuccessful login constraint: Removes the constraint on the number of unsuccessful login attempts on a port, before the port can be locked /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logindisable=0 default dls_logindisable Login policy recommendations
hls_logininterval logininterval
High Security
 Interval between unsuccessful logins: Specifies the time interval(300 seconds) for a port in which the unsuccessful login attempts must occur before the port is disabled /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logininterval=300 default hls_logininterval Login policy recommendations
mls_logininterval logininterval
Medium Security
 Interval between unsuccessful logins: Specifies the time interval(60 seconds) for a port in which the unsuccessful login attempts must occur before the port is disable /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logininterval=60 default mls_logininterval Login policy recommendations
dls_logininterval logininterval
Default
 Interval between unsuccessful logins: Removes any time interval for a port in which the unsuccessful login attempts must occur before the port is disabled /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logininterval=0 default dls_logininterval Login policy recommendations
hls_loginreenable loginreenable
High Security
 Reenable login after locking: Specifies the time interval(360 minutes) after which a port is unlocked after being disabled by logindisable /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg loginreenable=360 default hls_loginreenable Login policy recommendations
mls_loginreenable loginreenable
Medium Security
 Reenable login after locking: Specifies the time interval(30 minutes) after which a port is unlocked after being disabled by logindisable /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg loginreenable=30 default mls_loginreenable Login policy recommendations
dls_loginreenable loginreenable
Default
 Reenable login after locking: Removes any time interval after which a port is unlocked after being disabled by logindisable /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg loginreenable=0 default dls_loginreenable Login policy recommendations
hls_logintimeout logintimeout
High Security
 Login timeout: Specifies the time interval(30 seconds) to type in a password /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logintimeout=30 usw hls_logintimeout Login policy recommendations
mls_logintimeout logintimeout
Medium Security
 Login timeout: Specifies the time interval(60 seconds) to type in a password /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logintimeout=60 usw mls_logintimeout Login policy recommendations
lls_logintimeout logintimeout
Low Security
 Login timeout: Specifies the time interval(60 seconds) to type in a password /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logintimeout=60 usw lls_logintimeout Login policy recommendations
dls_logintimeout logintimeout
Default
 Login timeout: Specifies the time interval(60 seconds) to type in a password /etc/security/aixpert/bin/chdefstanza /etc/security/login.cfg logintimeout=60 usw dls_logintimeout Login policy recommendations
hls_rootrlogin rootrlogin
High Security
 Remote root login: Disables remote root login /etc/security/aixpert/bin/chuserstanza /etc/security/user rlogin=false root hls_rootrlogin Login policy recommendations
mls_rootrlogin rootrlogin
Medium Security
 Remote root login: Disables remote root login /etc/security/aixpert/bin/chuserstanza /etc/security/user rlogin=false root mls_rootrlogin Login policy recommendations
dls_rootrlogin rootrlogin
Default
 Remote root login: Enables remote root login /etc/security/aixpert/bin/chuserstanza /etc/security/user rlogin=true root dls_rootrlogin Login policy recommendations
hls_rootlogin rootlogin
High Security
 Local login: Disables root to login locally /etc/security/aixpert/bin/chuserstanza /etc/security/user login=false root hls_rootlogin Login policy recommendations
dls_rootlogin rootlogin
Default
 Local login: Enables root to login locally /etc/security/aixpert/bin/chuserstanza /etc/security/user login=true root dls_rootlogin Login policy recommendations
hls_binaudit binaudit
High Security
 Enable binaudit: Enables bin auditing for
High Security
 /etc/security/aixpert/bin/binaudit h hls_binaudit Audit policy recommendations
mls_binaudit binaudit
Medium Security
 Enable binaudit: Enables bin auditing for
Medium Security
 /etc/security/aixpert/bin/binaudit m mls_binaudit Audit policy recommendations
lls_binaudit binaudit
Low Security
 Enable binaudit: Enables bin auditing for
Low Security
 /etc/security/aixpert/bin/binaudit l lls_binaudit Audit policy recommendations
dls_binaudit binaudit
Default
 Disable binaudit: Disables bin auditing /etc/security/aixpert/bin/binaudit d dls_binaudit Audit policy recommendations
hls_disqdaemon disqdaemon
High Security
 Disable qdaemon: Stops qdaemon and comments the qdaemon entry in /etc/inittab /etc/security/aixpert/bin/comntrows qdaemon: /etc/inittab : d hls_disqdaemon Rules for /etc/inittab
mls_disqdaemon disqdaemon
Medium Security
 Disable qdaemon: Stops qdaemon and comments the qdaemon entry in /etc/inittab /etc/security/aixpert/bin/comntrows qdaemon: /etc/inittab : d mls_disqdaemon Rules for /etc/inittab
dls_disqdaemon disqdaemon
Default
 Enable qdaemon: Starts qdaemon and uncomments the qdaemon entry in /etc/inittab /etc/security/aixpert/bin/comntrows qdaemon: /etc/inittab : a dls_disqdaemon Rules for /etc/inittab
hls_dispiobe dispiobe
High Security
 Disable piobe daemon: Stops piobe daemon and comments the piobe entry in /etc/inittab /etc/security/aixpert/bin/comntrows piobe: /etc/inittab : d hls_dispiobe Rules for /etc/inittab
mls_dispiobe dispiobe
Medium Security
 Disable piobe daemon: Stops piobe daemon and comments the piobe entry in /etc/inittab /etc/security/aixpert/bin/comntrows piobe: /etc/inittab : d mls_dispiobe Rules for /etc/inittab
dls_dispiobe dispiobe
Default
 Enable piobe daemon: Starts piobe daemon and uncomments the piobe entry in /etc/inittab /etc/security/aixpert/bin/comntrows piobe: /etc/inittab : a dls_dispiobe Rules for /etc/inittab
hls_dislpd dislpd
High Security
 Disable lpd daemon: Stops lpd daemon and comments the lpd entry in /etc/inittab /etc/security/aixpert/bin/comntrows lpd: /etc/inittab : d hls_dislpd Rules for /etc/inittab
mls_dislpd dislpd
Medium Security
 Disable lpd daemon: Stops lpd daemon and comments the lpd entry in /etc/inittab /etc/security/aixpert/bin/comntrows lpd: /etc/inittab : d mls_dislpd Rules for /etc/inittab
dls_dislpd dislpd
Default
 Enable lpd daemon: Stops lpd daemon and comments the lpd entry in /etc/inittab /etc/security/aixpert/bin/comntrows lpd: /etc/inittab : d dls_dislpd Rules for /etc/inittab
hls_discde discde
High Security
 Disable CDE: Disables CDE when LFT is not configured /etc/security/aixpert/bin/comntrows "dt:" "/etc/inittab" ":" d hls_discde Rules for /etc/inittab
mls_discde discde
Medium Security
 Disable CDE: Disables CDE when LFT is not configured /etc/security/aixpert/bin/comntrows "dt:" "/etc/inittab" ":" d mls_discde Rules for /etc/inittab
dls_discde discde
Default
 Enable CDE: Enables CDE /etc/security/aixpert/bin/comntrows "dt:" "/etc/inittab" ":" a dls_discde Rules for /etc/inittab
hls_disautoconf6 disautoconf6
High Security
 Stop autoconf6: Stops autoconf6, if it is running and comments the entry for autoconf6 in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip autoconf6 d hls_disautoconf6 /etc/rc.tcpip Settings
dls_disautoconf6 disautoconf6
Default
 Stop autoconf6: Stops autoconf6, if it is running and comments the entry for autoconf6 in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip autoconf6 d dls_disautoconf6 /etc/rc.tcpip Settings
hls_disrtngdmn disrtngdmn
High Security
 Disable routing daemon: Stops routed daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip routed d hls_disrtngdmn /etc/rc.tcpip Settings
dls_disrtngdmn disrtngdmn
Default
 Disable routing daemon: Stops routed daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip routed d dls_disrtngdmn /etc/rc.tcpip Settings
hls_distimedmn distimedmn
High Security
 Disable timed daemon: Stops timed daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip timed d hls_distimedmn /etc/rc.tcpip Settings
mls_distimedmn distimedmn
Medium Security
 Disable timed daemon: Stops timed daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip timed d mls_distimedmn /etc/rc.tcpip Settings
lls_distimedmn distimedmn
Low Security
 Disable timed daemon: Stops timed daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip timed d lls_distimedmn /etc/rc.tcpip Settings
dls_distimedmn distimedmn
Default
 Disable timed daemon: Stops timed daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip timed d dls_distimedmn /etc/rc.tcpip Settings
hls_disntpdmn disntpdmn
High Security
 Disable NTP daemon: Stops NTP daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip xntpd d hls_disntpdmn /etc/rc.tcpip Settings
mls_disntpdmn disntpdmn
Medium Security
 Disable NTP daemon: Stops NTP daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip xntpd d mls_disntpdmn /etc/rc.tcpip Settings
dls_disntpdmn disntpdmn
Default
 Disable NTP daemon: Stops NTP daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip xntpd d dls_disntpdmn /etc/rc.tcpip Settings
hls_disrwhoddmn disrwhoddmn
High Security
 Disable rwhod daemon: Stops rwhod daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip rwhod d hls_disrwhoddmn /etc/rc.tcpip Settings
dls_disrwhoddmn disrwhoddmn
Default
 Disable rwhod daemon: Stops rwhod daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip rwhod d dls_disrwhoddmn /etc/rc.tcpip Settings
hls_dissnmpdmn dissnmpdmn
High Security
 Disable SNMP daemon: Stops SNMP daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip snmpd d hls_dissnmpdmn /etc/rc.tcpip Settings
mls_dissnmpdmn dissnmpdmn
Medium Security
 Disable SNMP daemon: Stops SNMP daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip snmpd d mls_dissnmpdmn /etc/rc.tcpip Settings
lls_dissnmpdmn dissnmpdmn
Low Security
 Disable SNMP daemon: Stops SNMP daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip snmpd d lls_dissnmpdmn /etc/rc.tcpip Settings
dls_dissnmpdmn dissnmpdmn
Default
 Disable SNMP daemon: Stops SNMP daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip snmpd a dls_dissnmpdmn /etc/rc.tcpip Settings
hls_disdpid2dmn disdpid2dmn
High Security
 Disable DPID2 daemon: Stops DPID2 daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip dipid2 d hls_disdpid2dmn /etc/rc.tcpip Settings
dls_disdpid2dmn disdpid2dmn
Default
 Disable DPID2 daemon: Stops DPID2 daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip dipid2 d dls_disdpid2dmn /etc/rc.tcpip Settings
hls_dismrouteddmn dismrouteddmn
High Security
 Disable mrouted daemon: Stops mrouted daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip mrouted d hls_dismrouteddmn /etc/rc.tcpip Settings
dls_dismrouteddmn dismrouteddmn
Default
 Disable mrouted daemon: Stops mrouted daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip mrouted d dls_dismrouteddmn /etc/rc.tcpip Settings
hls_disprintdmn disprintdmn
High Security
 Disable print daemon: Stops the print daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip lpd d hls_disprintdmn /etc/rc.tcpip Settings
dls_disprintdmn disprintdmn
Default
 Disable print daemon: Stops the print daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip lpd d dls_disprintdmn /etc/rc.tcpip Settings
hls_disdnsdmn disdnsdmn
High Security
 Disable DNS daemon: Stops DNS daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip named d hls_disdnsdmn /etc/rc.tcpip Settings
dls_disdnsdmn disdnsdmn
Default
 Disable DNS daemon: Stops DNS daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip named d dls_disdnsdmn /etc/rc.tcpip Settings
hls_dismaildmn dismaildmn
High Security
 Disable mail client:Stops Sendmail daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip sendmail d hls_dismaildmn /etc/rc.tcpip Settings
dls_dismaildmn dismaildmn
Default
 Enable mail client: Uncomments the entry for Sendmail daemon in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip sendmail a dls_dismaildmn /etc/rc.tcpip Settings
hls_disdhcpserv disdhcpserv
High Security
 Stop DHCP Server: Stops DHCP server daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip dhcpsd d hls_disdhcpserv /etc/rc.tcpip Settings
dls_disdhcpserv disdhcpserv
Default
 Stop DHCP Server: Stops DHCP server daemon and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip dhcpsd d dls_disdhcpserv /etc/rc.tcpip Settings
hls_disdhcpagent disdhcpagent
High Security
 Stop DHCP Agent: Stops DHCP relay agent and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip dhcprd d hls_disdhcpagent /etc/rc.tcpip Settings
dls_disdhcpagent disdhcpagent
Default
 Stop DHCP Agent: Stops DHCP relay agent and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip dhcprd d dls_disdhcpagent /etc/rc.tcpip Settings
hls_disdhcpclient disdhcpclient
High Security
 Stop DHCP Client: Stops DHCP client and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip dhcpcd d hls_disdhcpclient /etc/rc.tcpip Settings
dls_disdhcpclient disdhcpclient
Default
 Stop DHCP Client: Stops DHCP client and comments it's entry in /etc/rc.tcpip /etc/security/aixpert/bin/rctcpip dhcpcd d dls_disdhcpclient /etc/rc.tcpip Settings
hls_disgateddmn disgateddmn
High Security
 Disable gated daemon: Stops gated daemons and comments the entry for gated daemon in /etc/rc.tcpip if the system is not configured as a router /etc/security/aixpert/bin/rctcpip gated d hls_disgateddmn /etc/rc.tcpip Settings
mls_disgateddmn disgateddmn
Medium Security
 Disable gated daemon: Stops gated daemons and comments the entry for gated daemon in /etc/rc.tcpip if the system is not configured as a router /etc/security/aixpert/bin/rctcpip gated d mls_disgateddmn /etc/rc.tcpip Settings
lls_disgateddmn disgateddmn
Low Security
 Disable gated daemon: Stops gated daemons and comments the entry for gated daemon in /etc/rc.tcpip if the system is not configured as a router /etc/security/aixpert/bin/rctcpip gated d lls_disgateddmn /etc/rc.tcpip Settings
dls_disgateddmn disgateddmn
Default
 Disable gated daemon: Stops gated daemons and comments the entry for gated daemon in /etc/rc.tcpip if the system is not configured as a router /etc/security/aixpert/bin/rctcpip gated d dls_disgateddmn /etc/rc.tcpip Settings
hls_shell shell
High Security
 Disable rshd daemon: Comments the entry for rshd daemon in /etc/inetd.conf and kills all instances of rshd /etc/security/aixpert/bin/cominetdconf shell tcp d hls_shell /etc/inetd.conf Settings
mls_shell shell
Medium Security
 Disable rshd daemon: Comments the entry for rshd daemon in /etc/inetd.conf and kills all instances of rshd /etc/security/aixpert/bin/cominetdconf shell tcp d mls_shell /etc/inetd.conf Settings
lls_shell shell
Low Security
 /etc/security/aixpert/bin/cominetdconf shell tcp d lls_shell /etc/inetd.conf Settings
dls_shell shell
Default
 Enable rshd daemon: Uncomments the entry for rshd daemon in /etc/inetd.conf and starts rshd daemon /etc/security/aixpert/bin/cominetdconf shell tcp a dls_shell /etc/inetd.conf Settings
hls_kshell kshell
High Security
 Disable krshd daemon: Comments the entry for krshd daemon in /etc/inetd.conf and kills all instances of krshd /etc/security/aixpert/bin/cominetdconf kshell tcp d hls_kshell /etc/inetd.conf Settings
dls_kshell kshell
Default
 Disable krshd daemon: Comments the entry for krshd daemon in /etc/inetd.conf and kills all instances of krshd /etc/security/aixpert/bin/cominetdconf kshell tcp d dls_kshell /etc/inetd.conf Settings
hls_rlogin rlogin
High Security
 Disable rlogin in /etc/inetd.conf: Comments the entry for rlogind daemon in /etc/inetd.conf and kills all instances of rlogind /etc/security/aixpert/bin/cominetdconf login tcp d hls_rlogin /etc/inetd.conf Settings
mls_rlogin rlogin
Medium Security
 Disable rlogin in /etc/inetd.conf: Comments the entry for rlogind daemon in /etc/inetd.conf and kills all instances of rlogind /etc/security/aixpert/bin/cominetdconf login tcp d mls_rlogin /etc/inetd.conf Settings
dls_rlogin rlogin
Default
 Enable rlogin in /etc/inetd.conf: Uncomments the entry for rlogind daemon in /etc/inetd.conf and starts rlogind daemon /etc/security/aixpert/bin/cominetdconf login tcp a dls_rlogin /etc/inetd.conf Settings
hls_krlogin krlogin
High Security
 Disable krlogind in /etc/inetd.conf: Comments the entry for krlogind daemon in /etc/inetd.conf and kills all instances of krlogind /etc/security/aixpert/bin/cominetdconf klogin tcp d hls_krlogin /etc/inetd.conf Settings
dls_krlogin krlogin
Default
 Disable krlogind in /etc/inetd.conf: Comments the entry for krlogind daemon in /etc/inetd.conf and kills all instances of krlogind /etc/security/aixpert/bin/cominetdconf klogin tcp d dls_krlogin /etc/inetd.conf Settings
hls_rexecd rexecd
High Security
 Disable rexecd in /etc/inetd.conf: Comments the entry for rexecd daemon in /etc/inetd.conf and kills all instances of rexecd /etc/security/aixpert/bin/cominetdconf exec tcp d hls_rexecd /etc/inetd.conf Settings
mls_rexecd rexecd
Medium Security
 Disable rexecd in /etc/inetd.conf: Comments the entry for rexecd daemon in /etc/inetd.conf and kills all instances of rexecd /etc/security/aixpert/bin/cominetdconf exec tcp d mls_rexecd /etc/inetd.conf Settings
dls_rexecd rexecd
Default
 Enable rexecd in /etc/inetd.conf: Uncomments the entry for rexecd daemon in /etc/inetd.conf and starts rexecd daemon /etc/security/aixpert/bin/cominetdconf exec tcp a dls_rexecd /etc/inetd.conf Settings
hls_comsat comsat
High Security
 Disable comsat in /etc/inetd.conf: Comments the entry for comsat daemon in /etc/inetd.conf and kills all instances of comsat /etc/security/aixpert/bin/cominetdconf comsat udp d hls_comsat /etc/inetd.conf Settings
dls_comsat comsat
Default
 Disable comsat in /etc/inetd.conf: Comments the entry for comsat daemon in /etc/inetd.conf and kills all instances of comsat /etc/security/aixpert/bin/cominetdconf comsat udp d hls_comsat /etc/inetd.conf Settings
hls_uucp uucp
High Security
 Enable uucpd in /etc/inetd.conf: Comments the entry for uucpd daemon in /etc/inetd.conf and kills all instances of uucpd /etc/security/aixpert/bin/cominetdconf uucp tcp d hls_uucp /etc/inetd.conf Settings
dls_uucp uucp
Default
 Enable uucpd in /etc/inetd.conf: Uncomments the entry for uucpd daemon in /etc/inetd.conf and starts uucp service /etc/security/aixpert/bin/cominetdconf uucp tcp a dls_uucp /etc/inetd.conf Settings
hls_bootps bootps
High Security
 Disable bootpd in /etc/inetd.conf: Comments the entry for bootpd daemon in /etc/inetd.conf and kills all instances of bootpsd /etc/security/aixpert/bin/cominetdconf bootps udp d hls_bootps /etc/inetd.conf Settings
mls_bootps bootps
Medium Security
 Disable bootpd in /etc/inetd.conf: Comments the entry for bootpd daemon in /etc/inetd.conf and kills all instances of bootpsd /etc/security/aixpert/bin/cominetdconf bootps udp d mls_bootps /etc/inetd.conf Settings
dls_bootps bootps
Default
 Disable bootpd in /etc/inetd.conf: Comments the entry for bootpd daemon in /etc/inetd.conf and kills all instances of bootpsd /etc/security/aixpert/bin/cominetdconf bootps udp d dls_bootps /etc/inetd.conf Settings
hls_fingerd fingerd
High Security
 Disable fingerd in /etc/inetd.conf: Comments the entry for fingerd daemon in /etc/inetd.conf and kills all instances of fingerd /etc/security/aixpert/bin/cominetdconf finger tcp d hls_fingerd /etc/inetd.conf Settings
mls_fingerd fingerd
Medium Security
 Disable fingerd in /etc/inetd.conf: Comments the entry for fingerd daemon in /etc/inetd.conf and kills all instances of fingerd /etc/security/aixpert/bin/cominetdconf finger tcp d mls_fingerd /etc/inetd.conf Settings
dls_fingerd fingerd
Default
 Disable fingerd in /etc/inetd.conf: Comments the entry for fingerd daemon in /etc/inetd.conf and kills all instances of fingerd /etc/security/aixpert/bin/cominetdconf finger tcp d dls_fingerd /etc/inetd.conf Settings
hls_systat systat
High Security
 Disable sysstat in /etc/inetd.conf: Comments the entry for systat daemon in /etc/inetd.conf and kills all instances of systat /etc/security/aixpert/bin/cominetdconf systat tcp d hls_systat /etc/inetd.conf Settings
mls_systat systat
Medium Security
 Disable sysstat in /etc/inetd.conf: Comments the entry for systat daemon in /etc/inetd.conf and kills all instances of systat /etc/security/aixpert/bin/cominetdconf systat tcp d mls_systat /etc/inetd.conf Settings
dls_systat systat
Default
 Disable sysstat in /etc/inetd.conf: Comments the entry for systat daemon in /etc/inetd.conf and kills all instances of systat /etc/security/aixpert/bin/cominetdconf systat tcp d dls_systat /etc/inetd.conf Settings
hls_netstat netstat
High Security
 Disable netstat in /etc/inetd.conf: Comments the entry for netstat daemon in /etc/inetd.conf and kills all instances of netstat /etc/security/aixpert/bin/cominetdconf netstat tcp d hls_netstat /etc/inetd.conf Settings
mls_netstat netstat
Medium Security
 Disable netstat in /etc/inetd.conf: Comments the entry for netstat daemon in /etc/inetd.conf and kills all instances of netstat /etc/security/aixpert/bin/cominetdconf netstat tcp d mls_netstat /etc/inetd.conf Settings
dls_netstat netstat
Default
 Disable netstat in /etc/inetd.conf: Comments the entry for netstat daemon in /etc/inetd.conf and kills all instances of netstat /etc/security/aixpert/bin/cominetdconf netstat tcp d dls_netstat /etc/inetd.conf Settings
hls_tftp tftp
High Security
 Disable tftp in /etc/inetd.conf: Comments the entry for tftp daemon in /etc/inetd.conf and kills all instances of tftpd /etc/security/aixpert/bin/cominetdconf tftp udp d hls_tftp /etc/inetd.conf Settings
mls_tftp tftp
Medium Security
 Disable tftp in /etc/inetd.conf: Comments the entry for tftp daemon in /etc/inetd.conf and kills all instances of tftpd /etc/security/aixpert/bin/cominetdconf tftp udp d mls_tftp /etc/inetd.conf Settings
dls_tftp tftp
Default
 Disable tftp in /etc/inetd.conf: Comments the entry for tftp daemon in /etc/inetd.conf and kills all instances of tftpd /etc/security/aixpert/bin/cominetdconf tftp udp d mls_tftp /etc/inetd.conf Settings
hls_talk talk
High Security
 Disable talk in /etc/inetd.conf: Comments the entry for talk daemon in /etc/inetd.conf and kills all instances of talkd /etc/security/aixpert/bin/cominetdconf talk udp d hls_talk /etc/inetd.conf Settings
mls_talk talk
Medium Security
 Disable talk in /etc/inetd.conf: Comments the entry for talk daemon in /etc/inetd.conf and kills all instances of talkd /etc/security/aixpert/bin/cominetdconf talk udp d mls_talk /etc/inetd.conf Settings
lls_talk talk
Low Security
 Disable talk in /etc/inetd.conf: Comments the entry for talk daemon in /etc/inetd.conf and kills all instances of talkd /etc/security/aixpert/bin/cominetdconf talk udp d lls_talk /etc/inetd.conf Settings
dls_talk talk
Default
 Enable talk in /etc/inetd.conf: Uncomments the entry for talk daemon in /etc/inetd.conf and starts talk service /etc/security/aixpert/bin/cominetdconf talk udp a dls_talk /etc/inetd.conf Settings
hls_rquotad rquotad
High Security
 Disable rquotad in /etc/inetd.conf: Comments the entry for rquotad daemon in /etc/inetd.conf and kills all instances of rquotad /etc/security/aixpert/bin/cominetdconf rquotad udp d hls_rquotad /etc/inetd.conf Settings
mls_rquotad rquotad
Medium Security
 Disable rquotad in /etc/inetd.conf: Comments the entry for rquotad daemon in /etc/inetd.conf and kills all instances of rquotad /etc/security/aixpert/bin/cominetdconf rquotad udp d mls_rquotad /etc/inetd.conf Settings
lls_rquotad rquotad
Low Security
 Disable rquotad in /etc/inetd.conf: Comments the entry for rquotad daemon in /etc/inetd.conf and kills all instances of rquotad /etc/security/aixpert/bin/cominetdconf rquotad udp d lls_rquotad /etc/inetd.conf Settings
dls_rquotad rquotad
Default
 Disable rquotad in /etc/inetd.conf: Comments the entry for rquotad daemon in /etc/inetd.conf and kills all instances of rquotad /etc/security/aixpert/bin/cominetdconf rquotad udp d dls_rquotad /etc/inetd.conf Settings
hls_rexd rexd
High Security
 Disable rexd in /etc/inetd.conf: Comments the entry for rexd daemon in /etc/inetd.conf and kills all instances of rexd /etc/security/aixpert/bin/cominetdconf rexd tcp d hls_rexd /etc/inetd.conf Settings
mls_rexd rexd
Medium Security
 Disable rexd in /etc/inetd.conf: Comments the entry for rexd daemon in /etc/inetd.conf and kills all instances of rexd /etc/security/aixpert/bin/cominetdconf rexd tcp d mls_rexd /etc/inetd.conf Settings
lls_rexd rexd
Low Security
 Disable rexd in /etc/inetd.conf: Comments the entry for rexd daemon in /etc/inetd.conf and kills all instances of rexd /etc/security/aixpert/bin/cominetdconf rexd tcp d lls_rexd /etc/inetd.conf Settings
dls_rexd rexd
Default
 Disable rexd in /etc/inetd.conf: Comments the entry for rexd daemon in /etc/inetd.conf and kills all instances of rexd /etc/security/aixpert/bin/cominetdconf rexd tcp d dls_rexd /etc/inetd.conf Settings
hls_rstatd rstatd
High Security
 Disable rstatd in /etc/inetd.conf: Comments the entry for rstatd daemon in /etc/inetd.conf and kills all instances of rstatd /etc/security/aixpert/bin/cominetdconf rstatd udp d hls_rstatd /etc/inetd.conf Settings
mls_rstatd rstatd
Medium Security
 Disable rstatd in /etc/inetd.conf: Comments the entry for rstatd daemon in /etc/inetd.conf and kills all instances of rstatd /etc/security/aixpert/bin/cominetdconf rstatd udp d mls_rstatd /etc/inetd.conf Settings
dls_rstatd rstatd
Default
 Disable rstatd in /etc/inetd.conf: Comments the entry for rstatd daemon in /etc/inetd.conf and kills all instances of rstatd /etc/security/aixpert/bin/cominetdconf rstatd udp d dls_rstatd /etc/inetd.conf Settings
hls_rusersd rusersd
High Security
 Disable ruserd in /etc/inetd.conf: Comments the entry for rusersd daemon in /etc/inetd.conf and kills all instances of rusersd /etc/security/aixpert/bin/cominetdconf rusersd udp d hls_rusersd /etc/inetd.conf Settings
mls_rusersd rusersd
Medium Security
 Disable ruserd in /etc/inetd.conf: Comments the entry for rusersd daemon in /etc/inetd.conf and kills all instances of rusersd /etc/security/aixpert/bin/cominetdconf rusersd udp d mls_rusersd /etc/inetd.conf Settings
dls_rusersd rusersd
Default
 Disable ruserd in /etc/inetd.conf: Comments the entry for rusersd daemon in /etc/inetd.conf and kills all instances of rusersd /etc/security/aixpert/bin/cominetdconf rusersd udp d dls_rusersd /etc/inetd.conf Settings
hls_rwalld rwalld
High Security
 Disable rwalld in /etc/inetd.conf: Comments the entry for rwalld daemon in /etc/inetd.conf and kills all instances of rwalld /etc/security/aixpert/bin/cominetdconf rwalld udp d hls_rwalld /etc/inetd.conf Settings
mls_rwalld rwalld
Medium Security
 Disable rwalld in /etc/inetd.conf: Comments the entry for rwalld daemon in /etc/inetd.conf and kills all instances of rwalld /etc/security/aixpert/bin/cominetdconf rwalld udp d mls_rwalld /etc/inetd.conf Settings
dls_rwalld rwalld
Default
 Disable rwalld in /etc/inetd.conf: Comments the entry for rwalld daemon in /etc/inetd.conf and kills all instances of rwalld /etc/security/aixpert/bin/cominetdconf rwalld udp d dls_rwalld /etc/inetd.conf Settings
hls_sprayd sprayd
High Security
 Disable sprayd in /etc/inetd.conf: Comments the entry for sprayd daemon in /etc/inetd.conf and kills all instances of sprayd /etc/security/aixpert/bin/cominetdconf sprayd udp d hls_sprayd /etc/inetd.conf Settings
mls_sprayd sprayd
Medium Security
 Disable sprayd in /etc/inetd.conf: Comments the entry for sprayd daemon in /etc/inetd.conf and kills all instances of sprayd /etc/security/aixpert/bin/cominetdconf sprayd udp d mls_sprayd /etc/inetd.conf Settings
dls_sprayd sprayd
Default
 Disable sprayd in /etc/inetd.conf: Comments the entry for sprayd daemon in /etc/inetd.conf and kills all instances of sprayd /etc/security/aixpert/bin/cominetdconf sprayd udp d dls_sprayd /etc/inetd.conf Settings
hls_pcnfsd pcnfsd
High Security
 Disable pcnfsd in /etc/inetd.conf: Comments the entry for pcnfsd daemon in /etc/inetd.conf and kills all instances of pcnfsd /etc/security/aixpert/bin/cominetdconf pcnfsd udp d hls_pcnfsd /etc/inetd.conf Settings
dls_pcnfsd pcnfsd
Default
 Disable pcnfsd in /etc/inetd.conf: Comments the entry for pcnfsd daemon in /etc/inetd.conf and kills all instances of pcnfsd /etc/security/aixpert/bin/cominetdconf pcnfsd udp d dls_pcnfsd /etc/inetd.conf Settings
hls_tcpecho tcpecho
High Security
 Disable TCP echo service in /etc/inetd.conf: Comments the entry for TCP Echo service in /etc/inetd.confand kills all instances of echo(tcp) /etc/security/aixpert/bin/cominetdconf echo tcp d hls_tcpecho /etc/inetd.conf Settings
dls_tcpecho tcpecho
Default
 Disable TCP echo service in /etc/inetd.conf: Comments the entry for TCP Echo service in /etc/inetd.confand kills all instances of echo(tcp) /etc/security/aixpert/bin/cominetdconf echo tcp d dls_tcpecho /etc/inetd.conf Settings
hls_tcpdiscard tcpdiscard
High Security
 Disable TCP Discard service in /etc/inetd.conf: Comments the entry for TCP Discard service in /etc/inetd.conf and kills all instances of discard(tcp) /etc/security/aixpert/bin/cominetdconf discard tcp d hls_tcpdiscard /etc/inetd.conf Settings
dls_tcpdiscard tcpdiscard
Default
 Disable TCP Discard service in /etc/inetd.conf: Comments the entry for TCP Discard service in /etc/inetd.conf and kills all instances of discard(tcp) /etc/security/aixpert/bin/cominetdconf discard tcp d dls_tcpdiscard /etc/inetd.conf Settings
hls_tcpchargen tcpchargen
High Security
 Disable TCP chargen service in /etc/inetd.conf: Comments the entry for TCP Chargen service in /etc/inetd.confand kills all instances of chargen(tcp) /etc/security/aixpert/bin/cominetdconf chargen tcp d hls_tcpchargen /etc/inetd.conf Settings
dls_tcpchargen tcpchargen
Default
 Disable TCP chargen service in /etc/inetd.conf: Comments the entry for TCP Chargen service in /etc/inetd.confand kills all instances of chargen(tcp) /etc/security/aixpert/bin/cominetdconf chargen tcp d dls_tcpchargen /etc/inetd.conf Settings
hls_tcpdaytime tcpdaytime
High Security
 Disable TCP daytime service in /etc/inetd.conf: Comments the entry for TCP Daytime service in /etc/inetd.confand kills all instances of daytime(tcp) /etc/security/aixpert/bin/cominetdconf daytime tcp d hls_tcpdaytime /etc/inetd.conf Settings
dls_tcpdaytime tcpdaytime
Default
 Enable TCP daytime service in /etc/inetd.conf: Comments the entry for TCP Daytime service in /etc/inetd.confand kills all instances of daytime(tcp) /etc/security/aixpert/bin/cominetdconf daytime tcp a dls_tcpdaytime /etc/inetd.conf Settings
hls_tcptime tcptime
High Security
 Disable TCP time service in /etc/inetd.conf: Comments the entry for TCP Time service in /etc/inetd.conf and kills all instances of timed(tcp) /etc/security/aixpert/bin/cominetdconf time tcp d hls_tcptime /etc/inetd.conf Settings
dls_tcptime tcptime
Default
 Enable TCP time service in /etc/inetd.conf: Uncomments the entry for TCP Time service in /etc/inetd.conf and starts timed(tcp) /etc/security/aixpert/bin/cominetdconf time tcp a dls_tcptime /etc/inetd.conf Settings
hls_udpecho udpecho
High Security
 Disable UDP Echo service in /etc/inetd.conf: Comments the entry for UDP Echo service in /etc/inetd.conf and kills all instances of UDP echo /etc/security/aixpert/bin/cominetdconf echo udp d hls_udpecho /etc/inetd.conf Settings
dls_udpecho udpecho
Default
 Disable UDP Echo service in /etc/inetd.conf: Comments the entry for UDP Echo service in /etc/inetd.conf and kills all instances of UDP echo /etc/security/aixpert/bin/cominetdconf echo udp d dls_udpecho /etc/inetd.conf Settings
hls_udpdiscard udpdiscard
High Security
 Disable UDP discard service in /etc/inetd.conf: Comments the entry for UDP Discard service in /etc/inetd.conf and kills all instances of UDP discard /etc/security/aixpert/bin/cominetdconf discard udp d hls_udpdiscard /etc/inetd.conf Settings
dls_udpdiscard udpdiscard
Default
 Disable UDP discard service in /etc/inetd.conf: Comments the entry for UDP Discard service in /etc/inetd.conf and kills all instances of UDP discard /etc/security/aixpert/bin/cominetdconf discard udp d dls_udpdiscard /etc/inetd.conf Settings
hls_udpchargen udpchargen
High Security
 Disable UDP chargen service in /etc/inetd.conf: Comments the entry for UDP Chargen service in /etc/inetd.conf and kills all instances of chargen /etc/security/aixpert/bin/cominetdconf chargen udp d hls_udpchargen /etc/inetd.conf Settings
dls_udpchargen udpchargen
Default
 Disable UDP chargen service in /etc/inetd.conf: Comments the entry for UDP Chargen service in /etc/inetd.conf and kills all instances of chargen /etc/security/aixpert/bin/cominetdconf chargen udp d dls_udpchargen /etc/inetd.conf Settings
hls_udpdaytime udpdaytime
High Security
 Disable UDP daytime service in /etc/inetd.conf: Comments the entry for UDP Daytime service in /etc/inetd.conf and kills all instances of daytime /etc/security/aixpert/bin/cominetdconf daytime udp d hls_udpdaytime /etc/inetd.conf Settings
dls_udpdaytime udpdaytime
Default
 Enable UDP daytime service in /etc/inetd.conf: Uncomments the entry for UDP Daytime service in /etc/inetd.conf and starts the daytime service /etc/security/aixpert/bin/cominetdconf daytime udp a dls_udpdaytime /etc/inetd.conf Settings
hls_udptime udptime
High Security
 Disable UDP time service in /etc/inetd.conf: Comments the entry for UDP Time service in /etc/inetd.conf and kills all instances of time service(udp) /etc/security/aixpert/bin/cominetdconf time udp d hls_udptime /etc/inetd.conf Settings
dls_udptime udptime
Default
 Enable UDP time service in /etc/inetd.conf: Uncomments the entry for UDP Time service in /etc/inetd.conf and starts the time service(udp) /etc/security/aixpert/bin/cominetdconf time udp a dls_udptime /etc/inetd.conf Settings
hls_ftp ftp
High Security
 Disable FTP: Comments the entry for ftpd daemon in /etc/inetd.conf and kills all instances of ftpd /etc/security/aixpert/bin/cominetdconf ftp tcp d hls_ftp /etc/inetd.conf Settings
dls_ftp ftp
Default
 Enable FTP: Uncomments the entry for ftpd daemon in /etc/inetd.conf and starts ftpd daemon starts ftpd daemon /etc/security/aixpert/bin/cominetdconf ftp tcp a dls_ftp /etc/inetd.conf Settings
hls_telnet telnet
High Security
 Disable telnet: Comments the entry for telnetd daemon in /etc/inetd.conf and kills all instances of telnetd /etc/security/aixpert/bin/cominetdconf telnet tcp d hls_telnet /etc/inetd.conf Settings
dls_telnet telnet
Default
 Enable telnet: Uncomments the entry for telnetd daemon in /etc/inetd.conf and starts telnetd daemon /etc/security/aixpert/bin/cominetdconf telnet tcp a dls_telnet /etc/inetd.conf Settings
hls_imapd imapd
High Security
 Disable IMAPD: Comments the entry for imapd daemon in /etc/inetd.conf and kills all instances of imapd /etc/security/aixpert/bin/cominetdconf imap2 tcp d hls_imapd /etc/inetd.conf Settings
dls_imapd imapd
Default
 Disable IMAPD: Comments the entry for imapd daemon in /etc/inetd.conf and kills all instances of imapd /etc/security/aixpert/bin/cominetdconf imap2 tcp d dls_imapd /etc/inetd.conf Settings
hls_pop3d pop3d
High Security
 Disable POP3D: Comments the entry for pop3d daemon in /etc/inetd.conf and kills all instances of pop3d /etc/security/aixpert/bin/cominetdconf pop3 tcp d hls_pop3d /etc/inetd.conf Settings
dls_pop3d pop3d
Default
 Disable POP3D: Comments the entry for pop3d daemon in /etc/inetd.conf and kills all instances of pop3d /etc/security/aixpert/bin/cominetdconf pop3 tcp d dls_pop3d /etc/inetd.conf Settings
hls_dtspc dtspc
High Security
 Disable dtspc in /etc/inetd.conf: Comments the entry for dtspc daemon in /etc/inetd.conf when LFT is not configured and CDE is disabled in /etc/inittab, also kills all the instances of dtspc daemon /etc/security/aixpert/bin/cominetdconf dtspc tcp d hls_dtspc /etc/inetd.conf Settings
dls_dtspc dtspc
Default
 Disable dtspc in /etc/inetd.conf: Comments the entry for dtspc daemon in /etc/inetd.conf when LFT is not configured and CDE is disabled in /etc/inittab, also kills all the instances of dtspc daemon /etc/security/aixpert/bin/cominetdconf dtspc tcp d dls_dtspc /etc/inetd.conf Settings
hls_ttdbserver ttdbserver
High Security
 Disable ttdbserver service in /etc/inetd.conf: Comments the entry for ttdbserver service in /etc/inetd.conf and kills all instances of ttdbserver service /etc/security/aixpert/bin/cominetdconf ttdbserver tcp d hls_ttdbserver /etc/inetd.conf Settings
dls_ttdbserver ttdbserver
Default
 Enable ttdbserver service in /etc/inetd.conf: Uncomments the entry for ttdbserver service in /etc/inetd.conf and starts ttdbserver service /etc/security/aixpert/bin/cominetdconf ttdbserver tcp a dls_ttdbserver /etc/inetd.conf Settings
hls_cmsd cmsd
High Security
 Disable cmsd service in /etc/inetd.conf: Comments the entry for cmsd service in /etc/inetd.conf and kills all instances of cmsd service /etc/security/aixpert/bin/cominetdconf cmsd udp d hls_cmsd /etc/inetd.conf Settings
dls_cmsd cmsd
Default
 Enable cmsd service in /etc/inetd.conf: Uncomments the entry for cmsd service in /etc/inetd.conf and starts cmsd service /etc/security/aixpert/bin/cominetdconf cmsd udp a dls_cmsd /etc/inetd.conf Settings
hls_rmsuidfrmrcmds rmsuidfrmrcmds
High Security
 Removes SUID from remote commands: Removes SUID from remote commands rcp, rdist, rexec, remsh, rlogin and rsh /etc/security/aixpert/bin/rmsuidfrmrcmds r hls_rmsuidfrmrcmds Disable SUID of commands
mls_rmsuidfrmrcmds rmsuidfrmrcmds
Medium Security
 Removes SUID from remote commands: Removes SUID from remote commands rcp, rdist, rexec, remsh, rlogin and rsh /etc/security/aixpert/bin/rmsuidfrmrcmds r mls_rmsuidfrmrcmds Disable SUID of commands
lls_rmsuidfrmrcmds rmsuidfrmrcmds
Low Security
 Removes SUID from remote commands: Removes SUID from remote commands rcp, rdist, rexec, remsh, rlogin and rsh /etc/security/aixpert/bin/rmsuidfrmrcmds r lls_rmsuidfrmrcmds Disable SUID of commands
dls_rmsuidfrmrcmds rmsuidfrmrcmds
Default
 Set SUID of remote commands: Sets SUID of remote commands rcp, rdist, rexec, remsh, rlogin and rsh /etc/security/aixpert/bin/rmsuidfrmrcmds s dls_rmsuidfrmrcmds Disable SUID of commands
hls_filepermgr filepermgr
High Security
 File Permissions Manager: Runs fpm comamnd with high option to remove setuid, setgid from privileged commands /etc/security/aixpert/bin/filepermgr h hls_filepermgr Disable SUID of commands
mls_filepermgr filepermgr
Medium Security
 File Permissions Manager: Runs fpm comamnd with medium option to remove setuid, setgid from privileged commands /etc/security/aixpert/bin/filepermgr m mls_filepermgr Disable SUID of commands
lls_filepermgr filepermgr
Low Security
 File Permissions Manager: Runs fpm comamnd with low option to remove setuid from privileged commands /etc/security/aixpert/bin/filepermgr l lls_filepermgr Disable SUID of commands
dls_filepermgr filepermgr
Default
 File Permissions Manager: Runs fpm comamnd with default option to restore back the setuid, setgid on the privileged commands /etc/security/aixpert/bin/filepermgr d dls_filepermgr Disable SUID of commands
hls_disablenfs disablenfs
High Security
 Stop NFS daemon: Removes NFS mounts, stops NFS daemons and removes NFS from startup /etc/security/aixpert/bin/nfsconfig d hls_disablenfs Disable remote services
dls_disablenfs disablenfs
Default
 Enable NFS daemon: Enables NFS mounts, starts NFS daemons and enables NFS from startup /etc/security/aixpert/bin/nfsconfig e dls_disablenfs Disable remote services
hls_disrmtcmds disrmtcmds
High Security
 Disable unsecure commands: Disables unsecure commands rlogin, rsh, rcp and tftp /etc/security/aixpert/bin/disrmtcmds d hls_disrmtcmds Disable remote services
mls_disrmtcmds disrmtcmds
Medium Security
 Disable unsecure commands: Disables unsecure commands rlogin, rsh, rcp and tftp /etc/security/aixpert/bin/disrmtcmds d mls_disrmtcmds Disable remote services
dls_disrmtcmds disrmtcmds
Default
 Enable unsecure commands: Enables unsecure commands rlogin, rsh, rcp and tftp /etc/security/aixpert/bin/disrmtcmds e dls_disrmtcmds Disable remote services
hls_disrmtdmns disrmtdmns
High Security
 Disable unsecure daemons: Disables unsecure daemons rlogind, rshd, and tftpd /etc/security/aixpert/bin/disrmtdmns d hls_disrmtdmns Disable remote services
mls_disrmtdmns disrmtdmns
Medium Security
 Disable unsecure daemons: Disables unsecure daemons rlogind, rshd, and tftpd /etc/security/aixpert/bin/disrmtdmns d mls_disrmtdmns Disable remote services
dls_disrmtdmns disrmtdmns
Default
 Enable unsecure daemons: Enables unsecure daemons rlogind, rshd, and tftpd /etc/security/aixpert/bin/disrmtdmns e dls_disrmtdmns Disable remote services
hls_rmrhostsnetrc rmrhostsnetrc
High Security
 Remove rhosts and netrc services: Removes .rhosts and .netrc files from user's home directory /etc/security/aixpert/bin/rmrhostsnetrc h hls_rmrhostsnetrc Remove unauthorized access
mls_rmrhostsnetrc rmrhostsnetrc
Medium Security
 Remove rhosts and netrc services: Removes .rhosts and .netrc files from user's home directory /etc/security/aixpert/bin/rmrhostsnetrc m mls_rmrhostsnetrc Remove unauthorized access
lls_rmrhostsnetrc rmrhostsnetrc
Low Security
 Remove rhosts and netrc services: Removes .rhosts and .netrc files from user's home directory /etc/security/aixpert/bin/rmrhostsnetrc l lls_rmrhostsnetrc Remove unauthorized access
dls_rmrhostsnetrc rmrhostsnetrc
Default
 Remove rhosts and netrc services: Removes .rhosts and .netrc files from user's home directory /etc/security/aixpert/bin/rmrhostsnetrc d dls_rmrhostsnetrc Remove unauthorized access
hls_rmetchostsequiv rmetchostsequiv
High Security
 Remove entries from /etc/hosts.equiv file: Removes entries from /etc/hosts.equiv file /etc/security/aixpert/bin/rmetchostsequiv hls_rmetchostsequiv Remove unauthorized access
mls_rmetchostsequiv rmetchostsequiv
Medium Security
 Remove entries from /etc/hosts.equiv file: Removes entries from /etc/hosts.equiv file /etc/security/aixpert/bin/rmetchostsequiv mls_rmetchostsequiv Remove unauthorized access
lls_rmetchostsequiv rmetchostsequiv
Low Security
 Remove entries from /etc/hosts.equiv file: Removes entries from /etc/hosts.equiv file /etc/security/aixpert/bin/rmetchostsequiv lls_rmetchostsequiv Remove unauthorized access
dls_rmetchostsequiv rmetchostsequiv
Default
 Remove entries from /etc/hosts.equiv file: Removes entries from /etc/hosts.equiv file /etc/security/aixpert/bin/rmetchostsequiv dls_rmetchostsequiv Remove unauthorized access
hls_bcastping bcastping
High Security
 Network option bcastping: Set network option bcastping's value to 0 /etc/security/aixpert/bin/ntwkopts bcastping=0 s hls_bcastping Tune network options
mls_bcastping bcastping
Medium Security
 Network option bcastping: Set network option bcastping's value to 0 /etc/security/aixpert/bin/ntwkopts bcastping=0 s mls_bcastping Tune network options
lls_bcastping bcastping
Low Security
 Network option bcastping: Set network option bcastping's value to 0 /etc/security/aixpert/bin/ntwkopts bcastping=0 s lls_bcastping Tune network options
dls_bcastping bcastping
Default
 Network option bcastping: Set network option bcastping to default value /etc/security/aixpert/bin/ntwkopts bcastping=NULL d dls_bcastping Tune network options
hls_clean_partial_conns clean_partial_conns
High Security
 Network option clean_partial_conns: Set network option clean_partial_conns's value to 1 /etc/security/aixpert/bin/ntwkopts clean_partial_conns=1 s hls_clean_partial_conns Tune network options
mls_clean_partial_conns clean_partial_conns
Medium Security
 Network option clean_partial_conns: Set network option clean_partial_conns's value to 1 /etc/security/aixpert/bin/ntwkopts clean_partial_conns=1 s mls_clean_partial_conns Tune network options
lls_clean_partial_conns clean_partial_conns
Low Security
 Network option clean_partial_conns: Set network option clean_partial_conns's value to 1 /etc/security/aixpert/bin/ntwkopts clean_partial_conns=1 s lls_clean_partial_conns Tune network options
dls_clean_partial_conns clean_partial_conns
Default
 Network option clean_partial_conns: Set network option clean_partial_conns to default value /etc/security/aixpert/bin/ntwkopts clean_partial_conns=NULL d dls_clean_partial_conns Tune network options
hls_directed_broadcast directed_broadcast
High Security
 Network option directed_broadcast: Set network option directed_broadcast's value to 0 /etc/security/aixpert/bin/ntwkopts directed_broadcast=0 s hls_directed_broadcast Tune network options
mls_directed_broadcast directed_broadcast
Medium Security
 Network option directed_broadcast: Set network option directed_broadcast's value to 0 /etc/security/aixpert/bin/ntwkopts directed_broadcast=0 s mls_directed_broadcast Tune network options
lls_directed_broadcast directed_broadcast
Low Security
 Network option directed_broadcast: Set network option directed_broadcast's value to 0 /etc/security/aixpert/bin/ntwkopts directed_broadcast=0 s lls_directed_broadcast Tune network options
dls_directed_broadcast directed_broadcast
Default
 Network option directed_broadcast: Set network option directed_broadcast to default value /etc/security/aixpert/bin/ntwkopts directed_broadcast=NULL d dls_directed_broadcast Tune network options
hls_icmpaddressmask icmpaddressmask
High Security
 Network option icmpaddressmask: Set network option icmpaddressmask's value to 0 /etc/security/aixpert/bin/ntwkopts icmpaddressmask=0 s hls_icmpaddressmask Tune network options
mls_icmpaddressmask icmpaddressmask
Medium Security
 Network option icmpaddressmask: Set network option icmpaddressmask's value to 0 /etc/security/aixpert/bin/ntwkopts icmpaddressmask=0 s mls_icmpaddressmask Tune network options
lls_icmpaddressmask icmpaddressmask
Low Security
 Network option icmpaddressmask: Set network option icmpaddressmask's value to 0 /etc/security/aixpert/bin/ntwkopts icmpaddressmask=0 s lls_icmpaddressmask Tune network options
dls_icmpaddressmask icmpaddressmask
Default
 Network option icmpaddressmask: Set network option icmpaddressmask to default value /etc/security/aixpert/bin/ntwkopts icmpaddressmask=NULL d dls_icmpaddressmask Tune network options
hls_ipforwarding ipforwarding
High Security
 Network option ipforwarding: Set network option ipforwarding's value to 0 /etc/security/aixpert/bin/ntwkopts ipforwarding=0 s hls_ipforwarding Tune network options
dls_ipforwarding ipforwarding
Default
 Network option ipforwarding: Set network option ipforwarding to default value /etc/security/aixpert/bin/ntwkopts ipforwarding=NULL d dls_ipforwarding Tune network options
hls_ipignoreredirects ipignoreredirects
High Security
 Network option ipignoreredirects: Set network option ipignoreredirects's value to 1 /etc/security/aixpert/bin/ntwkopts ipignoreredirects=1 s hls_ipignoreredirects Tune network options
dls_ipignoreredirects ipignoreredirects
Default
 Network option ipignoreredirects: Set network option ipignoreredirects to default value /etc/security/aixpert/bin/ntwkopts ipignoreredirects=NULL d dls_ipignoreredirects Tune network options
hls_ipsendredirects ipsendredirects
High Security
 Network option ipsendredirects: Set network option ipsendredirects's value to 0 /etc/security/aixpert/bin/ntwkopts ipsendredirects=0 s hls_ipsendredirects Tune network options
dls_ipsendredirects ipsendredirects
Default
 Network option ipsendredirects: Set network option ipsendredirects to default value /etc/security/aixpert/bin/ntwkopts ipsendredirects=NULL d dls_ipsendredirects Tune network options
hls_ipsrcrouteforward ipsrcrouteforward
High Security
 Network option ipsrcrouteforward: Set network option ipsrcrouteforward's value to 0 /etc/security/aixpert/bin/ntwkopts ipsrcrouteforward=0 s hls_ipsrcrouteforward Tune network options
mls_ipsrcrouteforward ipsrcrouteforward
Medium Security
 Network option ipsrcrouteforward: Set network option ipsrcrouteforward's value to 0 /etc/security/aixpert/bin/ntwkopts ipsrcrouteforward=0 s mls_ipsrcrouteforward Tune network options
dls_ipsrcrouteforward ipsrcrouteforward
Default
 Network option ipsrcrouteforward: Set network option ipsrcrouteforward to default value /etc/security/aixpert/bin/ntwkopts ipsrcrouteforward=NULL d dls_ipsrcrouteforward Tune network options
hls_ipsrcrouterecv ipsrcrouterecv
High Security
 Network option ipsrcrouterecv: Set network option ipsrcrouterecv's value to 0 /etc/security/aixpert/bin/ntwkopts ipsrcrouterecv=0 s hls_ipsrcrouterecv Tune network options
mls_ipsrcrouterecv ipsrcrouterecv
Medium Security
 Network option ipsrcrouterecv: Set network option ipsrcrouterecv's value to 0 /etc/security/aixpert/bin/ntwkopts ipsrcrouterecv=0 s mls_ipsrcrouterecv Tune network options
dls_ipsrcrouterecv ipsrcrouterecv
Default
 Network option ipsrcrouterecv: Set network option ipsrcrouterecv to default value /etc/security/aixpert/bin/ntwkopts ipsrcrouterecv=NULL d dls_ipsrcrouterecv Tune network options
hls_ipsrcroutesend ipsrcroutesend
High Security
 Network option ipsrcroutesend: Set network option ipsrcroutesend's value to 0 /etc/security/aixpert/bin/ntwkopts ipsrcroutesend=0 s hls_ipsrcroutesend Tune network options
dls_ipsrcroutesend ipsrcroutesend
Default
 Network option ipsrcroutesend: Set network option ipsrcroutesend to default value /etc/security/aixpert/bin/ntwkopts ipsrcroutesend=NULL d dls_ipsrcroutesend Tune network options
hls_ip6srcrouteforward ip6srcrouteforward
High Security
 Network option ip6srcrouteforward: Set network option ip6srcrouteforward's value to 0 /etc/security/aixpert/bin/ntwkopts ip6srcrouteforward=0 s hls_ip6srcrouteforward Tune network options
dls_ip6srcrouteforward ip6srcrouteforward
Default
 Network option ip6srcrouteforward: Set network option ip6srcrouteforward to default value /etc/security/aixpert/bin/ntwkopts ip6srcrouteforward=NULL d dls_ip6srcrouteforward Tune network options
hls_nonlocsrcroute nonlocsrcroute
High Security
 Network option nonlocsrcroute: Set network option nonlocsrcroute's value to 0 /etc/security/aixpert/bin/ntwkopts nonlocsrcroute=0 s hls_nonlocsrcroute Tune network options
mls_nonlocsrcroute nonlocsrcroute
Medium Security
 Network option nonlocsrcroute: Set network option nonlocsrcroute's value to 0 /etc/security/aixpert/bin/ntwkopts nonlocsrcroute=0 s mls_nonlocsrcroute Tune network options
dls_nonlocsrcroute nonlocsrcroute
Default
 Network option nonlocsrcroute: Set network option nonlocsrcroute to default value /etc/security/aixpert/bin/ntwkopts nonlocsrcroute=NULL d dls_nonlocsrcroute Tune network options
hls_tcp_pmtu_discover tcp_pmtu_discover
High Security
 Network option tcp_pmtu_discover: Set network option tcp_pmtu_discover's value to 0 /etc/security/aixpert/bin/ntwkopts tcp_pmtu_discover=0 s hls_tcp_pmtu_discover Tune network options
mls_tcp_pmtu_discover tcp_pmtu_discover
Medium Security
 Network option tcp_pmtu_discover: Set network option tcp_pmtu_discover's value to 0 /etc/security/aixpert/bin/ntwkopts tcp_pmtu_discover=0 s mls_tcp_pmtu_discover Tune network options
lls_tcp_pmtu_discover tcp_pmtu_discover
Low Security
 Network option tcp_pmtu_discover: Set network option tcp_pmtu_discover's value to 0 /etc/security/aixpert/bin/ntwkopts tcp_pmtu_discover=0 s lls_tcp_pmtu_discover Tune network options
dls_tcp_pmtu_discover tcp_pmtu_discover
Medium Security
 Network option tcp_pmtu_discover: Set network option tcp_pmtu_discover to default value /etc/security/aixpert/bin/ntwkopts tcp_pmtu_discover=NULL d dls_tcp_pmtu_discover Tune network options
hls_udp_pmtu_discover udp_pmtu_discover
High Security
 Network option udp_pmtu_discover: Set network option udp_pmtu_discover's value to 0 /etc/security/aixpert/bin/ntwkopts udp_pmtu_discover=0 s hls_udp_pmtu_discover Tune network options
mls_udp_pmtu_discover udp_pmtu_discover
Medium Security
 Network option udp_pmtu_discover: Set network option udp_pmtu_discover's value to 0 /etc/security/aixpert/bin/ntwkopts udp_pmtu_discover=0 s mls_udp_pmtu_discover Tune network options
lls_udp_pmtu_discover udp_pmtu_discover
Low Security
 Network option udp_pmtu_discover: Set network option udp_pmtu_discover's value to 0 /etc/security/aixpert/bin/ntwkopts udp_pmtu_discover=0 s lls_udp_pmtu_discover Tune network options
dls_udp_pmtu_discover udp_pmtu_discover
Default
 Network option udp_pmtu_discover: Set network option udp_pmtu_discover to default value /etc/security/aixpert/bin/ntwkopts udp_pmtu_discover=NULL d dls_udp_pmtu_discover Tune network options
hls_tcp_sendspace tcp_sendspace
High Security
 Network option tcp_sendspace: Set network option tcp_sendspace's value to 262144 /etc/security/aixpert/bin/ntwkopts tcp_sendspace=262144 s hls_tcp_sendspace Tune network options
mls_tcp_sendspace tcp_sendspace
Medium Security
 Network option tcp_sendspace: Set network option tcp_sendspace's value to 262144 /etc/security/aixpert/bin/ntwkopts tcp_sendspace=262144 s mls_tcp_sendspace Tune network options
lls_tcp_sendspace tcp_sendspace
Low Security
 Network option tcp_sendspace: Set network option tcp_sendspace's value to 262144 /etc/security/aixpert/bin/ntwkopts tcp_sendspace=262144 s lls_tcp_sendspace Tune network options
dls_tcp_sendspace tcp_sendspace
Default
 Network option tcp_sendspace: Set network option tcp_sendspace to default value /etc/security/aixpert/bin/ntwkopts tcp_sendspace=NULL d dls_tcp_sendspace Tune network options
hls_tcp_recvspace tcp_recvspace
High Security
 Network option tcp_recvspace: Set network option tcp_recvspace's value to 262144 /etc/security/aixpert/bin/ntwkopts tcp_recvspace=262144 s hls_tcp_recvspace Tune network options
mls_tcp_recvspace tcp_recvspace
Medium Security
 Network option tcp_recvspace: Set network option tcp_recvspace's value to 262144 /etc/security/aixpert/bin/ntwkopts tcp_recvspace=262144 s mls_tcp_recvspace Tune network options
lls_tcp_recvspace tcp_recvspace
Low Security
 Network option tcp_recvspace: Set network option tcp_recvspace's value to 262144 /etc/security/aixpert/bin/ntwkopts tcp_recvspace=262144 s mls_tcp_recvspace Tune network options
hls_rfc1323 rfc1323
High Security
 Network option rfc1323: Set network option rfc1323's value to 1 /etc/security/aixpert/bin/ntwkopts rfc1323=1 s hls_rfc1323 Tune network options
mls_rfc1323 rfc1323
Medium Security
 Network option rfc1323: Set network option rfc1323's value to 1 /etc/security/aixpert/bin/ntwkopts rfc1323=1 s mls_rfc1323 Tune network options
lls_rfc1323 rfc1323
Low Security
 Network option rfc1323: Set network option rfc1323's value to 1 /etc/security/aixpert/bin/ntwkopts rfc1323=1 s lls_rfc1323 Tune network options
dls_rfc1323 rfc1323
Default
 Network option rfc1323: Set network option rfc1323 to default value /etc/security/aixpert/bin/ntwkopts rfc1323=NULL d dls_rfc1323 Tune network options
hls_tcp_mssdflt tcp_mssdflt
High Security
 Network option tcp_mssdflt: Set network option tcp_mssdflt's value to 1448 /etc/security/aixpert/bin/ntwkopts tcp_mssdflt=1448 s hls_tcp_mssdflt Tune network options
mls_tcp_mssdflt tcp_mssdflt
Medium Security
 Network option tcp_mssdflt: Set network option tcp_mssdflt's value to 1448 /etc/security/aixpert/bin/ntwkopts tcp_mssdflt=1448 s mls_tcp_mssdflt Tune network options
lls_tcp_mssdflt tcp_mssdflt
Low Security
 Network option tcp_mssdflt: Set network option tcp_mssdflt's value to 1448 /etc/security/aixpert/bin/ntwkopts tcp_mssdflt=1448 s lls_tcp_mssdflt Tune network options
dls_tcp_mssdflt tcp_mssdflt
Default
 Network option tcp_mssdflt: Set network option tcp_mssdflt to default value /etc/security/aixpert/bin/ntwkopts tcp_mssdflt=NULL d dls_tcp_mssdflt Tune network options
hls_sb_max sb_max
High Security
 Network option sb_max: Set network option sb_max's value to 1MB /etc/security/aixpert/bin/ntwkopts sb_max=1048576 s hls_sb_max Tune network options
mls_sb_max sb_max
Medium Security
 Network option sb_max: Set network option sb_max's value to 1MB /etc/security/aixpert/bin/ntwkopts sb_max=1048576 s mls_sb_max Tune network options
lls_sb_max sb_max
Low Security
 Network option sb_max: Set network option sb_max's value to 1MB /etc/security/aixpert/bin/ntwkopts sb_max=1048576 s lls_sb_max Tune network options
dls_sb_max sb_max
Default
 Network option sb_max: Set network option sb_max to default value /etc/security/aixpert/bin/ntwkopts sb_max=1048576 s lls_sb_max Tune network options
hls_tcp_tcpsecure tcp_tcpsecure
High Security
 Network option tcp_tcpsecure: Set network option tcp_tcpsecure's value to 7 /etc/security/aixpert/bin/ntwkopts tcp_tcpsecure=7 s hls_tcp_tcpsecure Tune network options
mls_tcp_tcpsecure tcp_tcpsecure
Medium Security
 Network option tcp_tcpsecure: Set network option tcp_tcpsecure's value to 7 /etc/security/aixpert/bin/ntwkopts tcp_tcpsecure=7 s mls_tcp_tcpsecure Tune network options
lls_tcp_tcpsecure tcp_tcpsecure
Low Security
 Network option tcp_tcpsecure: Set network option tcp_tcpsecure's value to 5 /etc/security/aixpert/bin/ntwkopts tcp_tcpsecure=5 s lls_tcp_tcpsecure Tune network options
dls_tcp_tcpsecure tcp_tcpsecure
Default
 Network option tcp_tcpsecure: Set network option tcp_tcpsecure to default value /etc/security/aixpert/bin/ntwkopts tcp_tcpsecure=NULL d dls_tcp_tcpsecure Tune network options
hls_sockthresh sockthresh
High Security
 Network option sockthresh: Set network option sockthresh's value to 60 /etc/security/aixpert/bin/ntwkopts sockthresh=60 s hls_sockthresh Tune network options
mls_sockthresh sockthresh
Medium Security
 Network option sockthresh: Set network option sockthresh's value to 70 /etc/security/aixpert/bin/ntwkopts sockthresh=70 s mls_sockthresh Tune network options
lls_sockthresh sockthresh
Low Security
 Network option sockthresh: Set network option sockthresh's value to 85 /etc/security/aixpert/bin/ntwkopts sockthresh=85 s lls_sockthresh Tune network options
dls_sockthresh sockthresh
Default
 Network option sockthresh: Set network option sockthresh to default value /etc/security/aixpert/bin/ntwkopts sockthresh=NULL d dls_sockthresh Tune network options
hls_ipsecshunhost ipsecshunhost
High Security
 Shun host for 5 minutes: Shuns the hosts for 5 minutes, which tries to access un-used ports /etc/security/aixpert/bin/ipsecshunhosthls hls_ipsecshunhost IPSec Filter Rules
hls_ipsecshunports ipsecshunports
High Security
 Guard host against port scans: Shuns vulnerable ports for 5 minutes to guard the host against port scans /etc/security/aixpert/bin/ipsecshunports hls_ipsecshunport IPSec Filter Rules
mls_ipsecshunports ipsecshunports
Medium Security
 Guard host against port scans: Shuns vulnerable ports for 5 minutes to guard the host against port scansh /etc/security/aixpert/bin/ipsecshunports mls_ipsecshunports IPSec Filter Rules
hls_umask umask
High Security
 Object creation permissions: Specifies default object creation permissions to 077 /etc/security/aixpert/bin/chusrattr umask=77 ALL hls_umask Miscellaneous Rules
mls_umask umask
Medium Security
 Object creation permissions: Specifies default object creation permissions to 027 /etc/security/aixpert/bin/chusrattr umask=27 ALL mls_umask Miscellaneous Rules
dls_umask umask
Default
 Object creation permissions: Specifies default object creation permissions to 022 /etc/security/aixpert/bin/chusrattr umask=22 ALL dls_umask Miscellaneous Rules
hls_core core
High Security
 Set core file size: Specifies the core file size to 0 for root /etc/security/aixpert/bin/chuserstanza /etc/security/limits core=0 root hls_core Miscellaneous Rules
mls_core core
Medium Security
 Set core file size: Specifies the core file size to 0 for root /etc/security/aixpert/bin/chuserstanza /etc/security/limits core=0 root mls_core Miscellaneous Rules
dls_core core
Default
 Set core file size: Specifies the core file size to default value for root /etc/security/aixpert/bin/chuserstanza /etc/security/limits core= root dls_core Miscellaneous Rules
hls_limitsysacc limitsysacc
High Security
 Limit system access: Makes root the only user in cron.allow file and removes the cron.deny file /etc/security/aixpert/bin/limitsysacc h hls_limitsysacc Miscellaneous Rules
dls_limitsysacc limitsysacc
Default
 Limit system access: Removes the file cron.allow and removes all entries in cron.deny file /etc/security/aixpert/bin/limitsysacc d dls_limitsysacc Miscellaneous Rules
hls_crontabperm crontabperm
High Security
 Crontab permissions: Ensures root's crontab jobs are owned and writable only by root /etc/security/aixpert/bin/rootcrnjobck hls_crontabperm Miscellaneous Rules
mls_crontabperm crontabperm
Medium Security
 Crontab permissions: Ensures root's crontab jobs are owned and writable only by root /etc/security/aixpert/bin/rootcrnjobck mls_crontabperm Miscellaneous Rules
lls_crontabperm crontabperm
Low Security
 Crontab permissions: Ensures root's crontab jobs are owned and writable only by root /etc/security/aixpert/bin/rootcrnjobck lls_crontabperm Miscellaneous Rules
hls_loginherald loginherald
High Security
 Set login herald: Set login herald in default stanza /etc/security/aixpert/bin/loginherald a hls_loginherald Miscellaneous Rules
mls_loginherald loginherald
Medium Security
 Set login herald: Set login herald in default stanza /etc/security/aixpert/bin/loginherald a mls_loginherald Miscellaneous Rules
lls_loginherald loginherald
Low Security
 Set login herald: Set login herald in default stanza /etc/security/aixpert/bin/loginherald a lls_loginherald Miscellaneous Rules
dls_loginherald loginherald
Default
 Set login herald: Remove login herald from default stanza /etc/security/aixpert/bin/loginherald d dls_loginherald Miscellaneous Rules
hls_rmdotfrmpathroot rmdotfrmpathroot
High Security
 Remove dot from path root: Remove dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in root's home directory /etc/security/aixpert/bin/rmdotfrmpathroot hls_rmdotfrmpathroot Miscellaneous Rules
mls_rmdotfrmpathroot rmdotfrmpathroot
Medium Security
 Remove dot from path root: Remove dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in root's home directory /etc/security/aixpert/bin/rmdotfrmpathroot mls_rmdotfrmpathroot Miscellaneous Rules
lls_rmdotfrmpathroot rmdotfrmpathroot
Low Security
 Remove dot from path root: Remove dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in root's home directory /etc/security/aixpert/bin/rmdotfrmpathroot lls_rmdotfrmpathroot Miscellaneous Rules
dls_rmdotfrmpathroot rmdotfrmpathroot
Default
 Remove dot from path root: Remove dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in root's home directory /etc/security/aixpert/bin/rmdotfrmpathroot dls_rmdotfrmpathroot Miscellaneous Rules
hls_rmdotfrmpathnroot rmdotfrmpathnroot
High Security
 Remove dot from non-root path: Removes dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in user's home directory /etc/security/aixpert/bin/rmdotfrmpathnroot none Miscellaneous Rules
dls_rmdotfrmpathnroot rmdotfrmpathnroot
Default
 Remove dot from non-root path: Removes dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in user's home directory /etc/security/aixpert/bin/rmdotfrmpathnroot none Miscellaneous Rules
hls_xhost xhost
High Security
 Disable X-Server access: Disable access control for X-Server /etc/security/aixpert/bin/execmds "/usr/bin/X11/xhost -" Miscellaneous Rules
mls_xhost xhost
Medium Security
 Disable X-Server access: Disable access control for X-Server /etc/security/aixpert/bin/execmds "/usr/bin/X11/xhost -" Miscellaneous Rules
dls_xhost xhost
Default
 Enable X-Server access: Enable access control for X-Server /etc/security/aixpert/bin/execmds "/usr/bin/X11/xhost +" Miscellaneous Rules
hls_chetcftpusers chetcftpusers
High Security
 Add root user in /etc/ftpusers file: Adds root username in /etc/ftpusers file /etc/security/aixpert/bin/chetcftpusers a hls_chetcftpusers Miscellaneous Rules
mls_chetcftpusers chetcftpusers
Medium Security
 Add root user in /etc/ftpusers file: Adds root username in /etc/ftpusers file /etc/security/aixpert/bin/chetcftpusers a mls_chetcftpusers Miscellaneous Rules
dls_chetcftpusers chetcftpusers
Default
 Remove root user in /etc/ftpusers file: Removes root's entry from /etc/ftpusers file /etc/security/aixpert/bin/chetcftpusers r dls_chetcftpusers Miscellaneous Rules
hls_removeguest removeguest
High Security
 Remove guest account: Removes guest account and its files /etc/security/aixpert/bin/execmds "rmuser guest; rm -rf /home/guest; ODMDIR=/etc/objrepos odmdelete -qloc0=/home/guest -o inventory" Miscellaneous Rules
mls_removeguest removeguest
Medium Security
 Remove guest account: Removes guest account and its files /etc/security/aixpert/bin/execmds "rmuser guest; rm -rf /home/guest; ODMDIR=/etc/objrepos odmdelete -qloc0=/home/guest -o inventory" Miscellaneous Rules
dls_removeguest removeguest
Default
 Add guest account: Adds guest account /etc/security/aixpert/bin/execmds "/usr/sbin/lsuser guest then /usr/bin/mkuser guest " Miscellaneous Rules
hls_sedconfig sedconfig
High Security
 Enable SED feature: Enable Stack Execution Disable feature /etc/security/aixpert/bin/sedconfig hls_sedconfig Miscellaneous Rules
hls_rootpwdintchk rootpwdintchk
High Security
 Root Password Integrity Check: Makes sure that the root password being set is not weak /etc/security/aixpert/bin/chuserstanza /etc/security/user dictionlist=/etc/security/aixpert/dictionary/English root hls_rootpwdintchk Miscellaneous Rules
mls_rootpwdintchk rootpwdintchk
Medium Security
 Root Password Integrity Check: Makes sure that the root password being set is not weak /etc/security/aixpert/bin/chuserstanza /etc/security/user dictionlist=/etc/security/aixpert/dictionary/English root mls_rootpwdintchk Miscellaneous Rules
scbps_pwdpolicyenf pwdpolicyenf
Sox-Corbit
 SOX-cobit-best-practices-Password Policy Enforcement: Password Policy Enforcement /etc/security/aixpert/bin/pwdpolicyenf none SOX-COBIT Best Practices Security
scbps_secactreport secactreport
Sox-Corbit
 SOX-cobit-best-practices-Security Activity Reports: Violation and Security Activity Reports /etc/security/aixpert/bin/secactreport none SOX-COBIT Best Practices Security
scbps_virusdetsw virusdetsw
Sox-Corbit
 SOX-cobit-best-practices-Virus Detection Software: Malicious Software Prevention, Detection and Correction /etc/security/aixpert/bin/virusdetsw none SOX-COBIT Best Practices Security
scbps_firewsetup firewsetup
Sox-Corbit
 SOX-cobit-best-practices-Firewall setup: Firewall Architecture and Connections with Public Networks /etc/security/aixpert/bin/firewsetup none SOX-COBIT Best Practices Security
hls_tcptr tcptr
High Security
 TCP Traffic Regulation High - Enforces denial-of-service mitigation on popular ports. /etc/security/aixpert/bin/tcptr_aixpert hls Tune network options


 
    About IBM      Privacy      Contact