| | h1.aixpert - Hints & Tips |
| | |
| | This is a hints and tips page for the AIX aixpert command available on AIX 5.3 TL09 and AIX 6. This all might work on older versions of AIX back to say AIX 5.3 TL06 but I haven't checked. |
| | |
| | System Administrators have a number of key rolls including |
| | * Backup of all important data and readiness to disaster recovery - they should be sacked if this is not done as it can cause a company failure. |
| | * Services are Up and running for their user departments and this involves monitoring - users will soon complain if this is not true. |
| | * Security - this tends to become important only after a serious problem!! |
| | ** System Hardening from ugly criminal attack over a network |
| | ** Compliance with financial laws and proof this is in place |
| | |
| | System Hardening is Hard Work as it covers so many area: |
| | * User password controls |
| | * Root access and SUID |
| | * Access failures |
| | * Network settings |
| | * Disabling unnecessary Services & Daemons |
| | * Auditing and proof of auditing |
| | |
| | How is this done? |
| | * Man power intensive hand-on typing from a list of commands |
| | * Home grown shell scripts to set & test |
| | |
| | But there are limits |
| | * You can never be sure if you have forgotten something? |
| | * With dozens to 100's of machines/LPAR this is often done once and then forgotten about? |
| | |
| | Compliance is mandatory in many industries and a good thing for everyone else too! |
| | * SOX - Sarbanes-Oxley Act, 2002 by USA Government - the result of financial reporting issues in large companies that failed. It is a document on Finance Reporting but in general terms. It has eleven 11 chapters in legal terms and not in IT actions. |
| | * COBIT - Control OBjectives for Information & related Technology - A further refining document, more of a Guideline & Best Practice document, not platform specific and not commands, script or tools to be used. |
| | * AIXpert - AIX Security Expert the tool for AIX to implement the above |
| | * aixpert settings decided by |
| | ** IBM security expert team and AIX Labs |
| | ** AIX user community (including large UK banks) |
| | * But you have to make up your own mind too - IBM does not take responsibility for your compliance. |
| | |
| | |
| | h2. User Interfaces for aixpert |
| | There are many interfaces to access the underlying aixpert command line interface tool including: |
| | |
| | * smit or smitty |
| | !smitty.gif! |
| | |
| | * pConsole (officially IBM Systems Director 6.1 Console for AIX (phew what a mouthful!) |
| | !pconsole.gif!] |
| | |
| | * Director 6 - this launches the pConsole |
| | !dir6.gif! |
| | |
| | * WebSM - the older Web based System Manager which does allow tick boxes to select rules although the details are ambiguous) |
| | !websm.gif! |
| | |
| | * But recommended is direct use of the command, as you can make a custom rules file and distribute it across machines |
| | {code} |
| | root:/# aixpert -? |
| | aixpert -l high|medium|low|default|sox-cobit |
| | aixpert -l h|m|l|d|s [-p] [ -n -o filename ] [ -a -o filename ] |
| | aixpert -c [-l <level>] [-p] |
| | aixpert -u [-p] |
| | aixpert -d |
| | aixpert [ -f filename ] [ -a -o filename ] [-p] |
| | root:/# |
| | {code} |
| | |
| | |
| | h2. Security Levels |
| | |
| | High Security |
| | * Direct Internet running web server with important data |
| | * Banned are Telnet, FTP, rlogin |
| | * Start services and then go High Security - in use ports not blocked but others will be. |
| | Medium Security |
| | * Corporate network Firewall protected |
| | * Telnet, FTP are in use |
| | * Wants port scanning and user account protection |
| | Low Security |
| | * Been running for a long time on isolated secure network |
| | * Need to keep all services available |
| | Default |
| | * As comes with AIX standard install |
| | SOX-COBIT |
| | * The setting recommended for compliance |
| | |
| | h2. Want More? |
| | |
| | Go to the IBM Redbooks website http://www.redbooks.ibm.com and find the AIX 6 Advanced Security Features Redbook |
| | |
| | h2. Underlying aixpert Files |
| | |
| | * /etc/security/aixpert/core/aixpertall.xml |
| | ** XML file of all possible settings |
| | * /etc/security/aixpert/core/appliedaixpert.xml |
| | ** XML file of applied security |
| | * /etc/security/aixpert/log/aixpert.log |
| | ** Trace log of applied settings |
| | ** Does not use syslog, aixpert writes directly to this file |
| | * /etc/security/aixpert/core/undo.xml |
| | ** XLM file of settings, which can be undone |
| | |
| | You should NOT be changing these directly in any way - you can extract from the aixpertall.xml file using the aixpert command to make your own rules file. |
| | |
| | h2. WARNING !!! |
| | * High Level Security - really means High Level |
| | * Can lock the root user due to password aging |
| | * So set your root password before using aixpert |
| | ** If you get caught out by this there is no way to switch off security - that would not be secure. |
| | ** You will have to reboot the system/LPAR in Diagnostics mode, go single user, mount the root file system and modify the root user account and reboot again to recover this. |
| | ** This is still secure was you will need physical access to the machine or HMC/IVM access for virtual console work. If you have this level of access ... you could steal the machine!! |
| | |
| | * Also if you disable telnet make sure you have a way to get on to the machine!! |
| | ** Currently logged on telnet sessions will continue to work but if you disconnect you will never get back in using telenet. |
| | ** You will need one of the following: dumb console, HMC virtual console, IVM virtual console, ssh fully working and tested or some other security channel/package. |
| | |
| | h2. Command used in the aixpert movie |
| | |
| | # Go to security level "low": aixpert -l low |
| | ** This produced the failure "prereqtcb" and warning "lls_tcpupdate" |
| | # Extract the low level rules to my own custom file in a secure directory: aixpert -l low -n -o /etc/security/aix/custom/mysettings.xml |
| | # Investigate and remove the tcb rule we decided not to use: vi /etc/security/aix/custom/mysettings.xml |
| | ** The rule "lls_tcpupdate" was removed. |
| | # Go back to default level: aixpert -l default |
| | # Implement my own settings: aixpert -f /etc/security/aix/custom/mysettings.xml |
| | # Check the rules are still applied: aixpert -c -l low |
| | # Modify the maxage (password age in weeks): vi /etc/security/user |
| | # Check the rules are still applied: aixpert -c -l low |
| | ** One failure spotted here |
| | # Change back yo original value the maxage (password age in weeks): vi /etc/security/user |
| | # Check the rules are still applied: aixpert -c -l low |
| | ** No failures |
| | # Go back to default AIX security level: aixpert -l default |
| | # Set High AIX security level: aixpert -l high |
| | ** Now telnet fails |
| | |
| | |
| | |
| | Note: |
| | * If you use the -p option then you get to see verbose output as each rule is covered - this is nice positive feedback |
| | |
| | h2. Rules, Commands and Arguments |
| | |
| | List of "aixpert" Rules, commands and arguments for AIX6 TL02 |
| | * oslevel -s: 6100-02-02-0849 |
| | * Taken from /usr/security/aixpert/aixpertall.xml |
| | * Hopefully you can use this to see the details of every rule and the underlying commands and arguments so you can determine the level you what to use and what is involved. |
| | |
| | ||Entry Name ||Function ||Rule Type ||Desciption ||Command ||Arguments ||Group|| |
| | |prereqbinaudit|prereqbinaudit|Prereq|Prereq rule for binaudit: Checks whether auditing is running or not |/etc/security/aixpert/bin/prereqbinaudit |none |none | |
| | |prereqcde|prereqcde|Prereq|Prereq rule for CDE: Checks whether CDE entry eixsts or not in /etc/inittab. |/etc/security/aixpert/bin/prereqcde |none |none | |
| | |prereqgated|prereqgated|Prereq|Prereq rule for gated: Checks whether the system is configured to be a router or not |/etc/security/aixpert/bin/prereqgated |none |none | |
| | |prereqipsec|prereqipsec|Prereq|Prereq rule for IPSec: Checks whether IPSec is enabled or not |/etc/security/aixpert/bin/prereqipsec |none |none | |
| | |prereqlft|prereqlft|Prereq|Prereq rule for LFT: Checks whether LFT is configured or not |/etc/security/aixpert/bin/prereqlft |none |none | |
| | |prereqlh|prereqlh|Prereq|Prereq rule for loginherald: Checks the herald value is set or not |/etc/security/aixpert/bin/prereqlh |none |none | |
| | |prereqnosyn|prereqnosyn|Prereq|Prereq rule for NoSyn: Checks whether IPSec is enabled or not, if its not, then enable it |/etc/security/aixpert/bin/prereqnosyn |none |none | |
| | |prereqrl|prereqrl|Prereq|Prereq rule for root login: Checks whether any non root user exists who has login privileges |/etc/security/aixpert/bin/prereqrl |none |none | |
| | |prereqrrl|prereqrrl|Prereq|Prereq rule for remote root login: Checks whether any non root user exists with privileges to login remotely |/etc/security/aixpert/bin/prereqrrl |none |none | |
| | |prereqtcb|prereqtcb|Prereq|Prereq rule for TCB: Checks whether TCB is enabled or not |/etc/security/aixpert/bin/prereqtcb |none |none | |
| | |prereqsed|prereqsed|Prereq|Prereq rule for SED: Checks whether the machine has 64 bit kernel support or not |/etc/security/aixpert/bin/prereqsed |none |none | |
| | |prereqnontcb|prereqnontcb|Prereq|Prereq rule for non-TCB: Checks whether the system is non TCB or not |/etc/security/aixpert/bin/prereqnontcb |none |none | |
| | |hls_minage|minage|{bgcolor:red}High Security{bgcolor}|Minimum age for password: Specifies the minimum number of weeks to 1 week, before a password can be changed |/etc/security/aixpert/bin/chusrattr |minage=1 ALL hls_minage |Password policy rules | |
| | |mls_minage|minage|{bgcolor:purple}Medium Security{bgcolor}|Minimum age for password: Specifies the minimum number of weeks to 4 weeks, before a password can be changed |/etc/security/aixpert/bin/chusrattr |minage=4 ALL mls_minage |Password policy rules | |
| | |dls_minage|minage|{bgcolor:green}Default{bgcolor}|Minimum age for password: Removes any minimum number of weeks requirements before a password can be changed |/etc/security/aixpert/bin/chusrattr |minage=0 ALL dls_minage |Password policy rules | |
| | |hls_maxage|maxage|{bgcolor:red}High Security{bgcolor}|Maximum age for password: Specifies the maximum number of weeks (13 weeks) that a password is valid |/etc/security/aixpert/bin/chusrattr |maxage=13 ALL hls_maxage |Password policy rules | |
| | |mls_maxage|maxage|{bgcolor:purple}Medium Security{bgcolor}|Maximum age for password: Specifies the maximum number of weeks (13 weeks) that a password is valid |/etc/security/aixpert/bin/chusrattr |maxage=13 ALL mls_maxage |Password policy rules | |
| | |lls_maxage|maxage|{bgcolor:cyan}Low Security{bgcolor}|Maximum age for password: Specifies the maximum number of weeks (13 weeks) that a password is valid |/etc/security/aixpert/bin/chusrattr |maxage=52 ALL lls_maxage |Password policy rules | |
| | |dls_maxage|maxage|{bgcolor:green}Default{bgcolor}|Maximum age for password: Removes any minimum number of weeks requirements, that a password is valid |/etc/security/aixpert/bin/chusrattr |maxage=0 ALL dls_maxage |Password policy rules | |
| | |hls_maxexpired|maxexpired|{bgcolor:red}High Security{bgcolor}|Time to change password after the expiration: Specifies the maximum number of weeks to 2 weeks, after maxage that an expired password can be changed by the user |/etc/security/aixpert/bin/chusrattr |maxexpired=2 ALL hls_maxexpired |Password policy rules | |
| | |mls_maxexpired|maxexpired|{bgcolor:purple}Medium Security{bgcolor}|Time to change password after the expiration: Specifies the maximum number of weeks to 4 weeeks, after maxage that an expired password can be changed by the user |/etc/security/aixpert/bin/chusrattr |maxexpired=4 ALL mls_maxexpired |Password policy rules | |
| | |lls_maxexpired|maxexpired|{bgcolor:cyan}Low Security{bgcolor}|Time to change password after the expiration: Specifies the maximum number of weeks to 8 weeeks, after maxage that an expired password can be changed by the user |/etc/security/aixpert/bin/chusrattr |maxexpired=8 ALL lls_maxexpired |Password policy rules | |
| | |dls_maxexpired|maxexpired|{bgcolor:green}Default{bgcolor}|Time to change password after the expiration: Removes any minimum number of weeks requirements, after maxage that an expired password can be changed by the user |/etc/security/aixpert/bin/chusrattr |maxexpired=-1 ALL dls_maxexpired |Password policy rules | |
| | |hls_minlen|minlen|{bgcolor:red}High Security{bgcolor}|Minimum length for password: Specifies the minimum length of a password to 8 |/etc/security/aixpert/bin/chusrattr |minlen=8 ALL hls_minlen |Password policy rules | |
| | |mls_minlen|minlen|{bgcolor:purple}Medium Security{bgcolor}|Minimum length for password: Specifies the minimum length of a password to 8 |/etc/security/aixpert/bin/chusrattr |minlen=8 ALL mls_minlen |Password policy rules | |
| | |lls_minlen|minlen|{bgcolor:cyan}Low Security{bgcolor}|Minimum length for password: Specifies the minimum length of a password to 8 |/etc/security/aixpert/bin/chusrattr |minlen=8 ALL lls_minlen |Password policy rules | |
| | |dls_minlen|minlen|{bgcolor:green}Default{bgcolor}|Minimum length for password: Removes the minimum length constraint on password |/etc/security/aixpert/bin/chusrattr |minlen=0 ALL dls_minlen |Password policy rules | |
| | |hls_minalpha|minalpha|{bgcolor:red}High Security{bgcolor}|Minimum number of alphabetic chars: Specifies the minimum number of alphabetic characters in a password to 2 |/etc/security/aixpert/bin/chusrattr |minalpha=2 ALL hls_minalpha |Password policy rules | |
| | |mls_minalpha|minalpha|{bgcolor:purple}Medium Security{bgcolor}|Minimum number of alphabetic chars: Specifies the minimum number of alphabetic characters in a password to 2 |/etc/security/aixpert/bin/chusrattr |minalpha=2 ALL mls_minalpha |Password policy rules | |
| | |lls_minalpha|minalpha|{bgcolor:cyan}Low Security{bgcolor}|Minimum number of alphabetic chars: Specifies the minimum number of alphabetic characters in a password to 2 |/etc/security/aixpert/bin/chusrattr |minalpha=2 ALL lls_minalpha |Password policy rules | |
| | |dls_minalpha|minalpha|{bgcolor:green}Default{bgcolor}|Minimum number of alphabetic chars: Removes the minimum number of alphabetic characters constraint, in a password |/etc/security/aixpert/bin/chusrattr |minalpha=0 ALL dls_minalpha |Password policy rules | |
| | |hls_minother|minother|{bgcolor:red}High Security{bgcolor}|Minimum number of non-alphabetic chars: Specifies the minimum number of non-alphabetic characters in a password to 2 |/etc/security/aixpert/bin/chusrattr |minother=2 ALL hls_minother |Password policy rules | |
| | |mls_minother|minother|{bgcolor:purple}Medium Security{bgcolor}|Minimum number of non-alphabetic chars: Specifies the minimum number of non-alphabetic characters in a password to 2 |/etc/security/aixpert/bin/chusrattr |minother=2 ALL mls_minother |Password policy rules | |
| | |lls_minother|minother|{bgcolor:cyan}Low Security{bgcolor}|Minimum number of non-alphabetic chars: Specifies the minimum number of non-alphabetic characters in a password to 2 |/etc/security/aixpert/bin/chusrattr |minother=2 ALL lls_minother |Password policy rules | |
| | |dls_minother|minother|{bgcolor:green}Default{bgcolor}|Minimum number of non-alphabetic chars: Removes the minimum number of non-alphabetic characters constraint, in a password |/etc/security/aixpert/bin/chusrattr |minother=0 ALL dls_minother |Password policy rules | |
| | |hls_maxrepeats|maxrepeats|{bgcolor:red}High Security{bgcolor}|Maximum times a char can appear in a password: Specifies the maximum number of times a character can appear in a password to 2 |/etc/security/aixpert/bin/chusrattr |maxrepeats=2 ALL hls_maxrepeats |Password policy rules | |
| | |dls_maxrepeats|maxrepeats|{bgcolor:green}Default{bgcolor}|Maximum times a char can appear in a password: Specifies the maximum number of times a character can appear in a password to 8 |/etc/security/aixpert/bin/chusrattr |maxrepeats=8 ALL dls_maxrepeats |Password policy rules | |
| | |hls_mindiff|mindiff|{bgcolor:red}High Security{bgcolor}|Minimum number of chars: Specifies the minimum number of characters required in a new password to 4, that were not in the old password |/etc/security/aixpert/bin/chusrattr |mindiff=4 ALL hls_mindiff |Password policy rules | |
| | |mls_mindiff|mindiff|{bgcolor:purple}Medium Security{bgcolor}|Minimum number of chars: Specifies the minimum number of characters required in a new password to 4, that were not in the old password |/etc/security/aixpert/bin/chusrattr |mindiff=4 ALL mls_mindiff |Password policy rules | |
| | |lls_mindiff|mindiff|{bgcolor:cyan}Low Security{bgcolor}|Minimum number of chars: Specifies the minimum number of characters required in a new password to 4, that were not in the old password |/etc/security/aixpert/bin/chusrattr |mindiff=4 ALL lls_mindiff |Password policy rules | |
| | |dls_mindiff|mindiff|{bgcolor:green}Default{bgcolor}|Minimum number of chars: Removes the constraint on the minimum number of characters required in a new password that were not in the old password |/etc/security/aixpert/bin/chusrattr |mindiff=0 ALL dls_mindiff |Password policy rules | |
| | |hls_histexpire|histexpire|{bgcolor:red}High Security{bgcolor}|Password reset time: Specifies the number of weeks to 13 weeks, before a password can be reused |/etc/security/aixpert/bin/chusrattr |histexpire=13 ALL hls_histexpire |Password policy rules | |
| | |mls_histexpire|histexpire|{bgcolor:purple}Medium Security{bgcolor}|Password reset time: Specifies the number of weeks to 13 weeks, before a password can be reused |/etc/security/aixpert/bin/chusrattr |histexpire=13 ALL mls_histexpire |Password policy rules | |
| | |lls_histexpire|histexpire|{bgcolor:cyan}Low Security{bgcolor}|Password reset time: Specifies the number of weeks to 26 weeks, before a password can be reused |/etc/security/aixpert/bin/chusrattr |histexpire=26 ALL lls_histexpire |Password policy rules | |
| | |dls_histexpire|histexpire|{bgcolor:green}Default{bgcolor}|Password reset time: Removes any minimum number of weeks requirements before a password can be reused |/etc/security/aixpert/bin/chusrattr |histexpire=0 ALL dls_histexpire |Password policy rules | |
| | |hls_histsize|histsize|{bgcolor:red}High Security{bgcolor}|Password reuse time: Specifies the number of previous passwords a user cannot resuse to 20 |/etc/security/aixpert/bin/chusrattr |histsize=20 ALL hls_histsize |Password policy rules | |
| | |mls_histsize|histsize|{bgcolor:purple}Medium Security{bgcolor}|Password reuse time: Specifies the number of previous passwords a user cannot resuse to 4 |/etc/security/aixpert/bin/chusrattr |histsize=4 ALL mls_histsize |Password policy rules | |
| | |lls_histsize|histsize|{bgcolor:cyan}Low Security{bgcolor}|Password reuse time: Specifies the number of previous passwords a user cannot resuse to 4 |/etc/security/aixpert/bin/chusrattr |histsize=4 ALL lls_histsize |Password policy rules | |
| | |dls_histsize|histsize|{bgcolor:green}Default{bgcolor}|Password reuse time: Removes the constraint on the number of previous passwords a user cannot reuse |/etc/security/aixpert/bin/chusrattr |histsize=0 ALL dls_histsize |Password policy rules | |
| | |hls_pwdwarntime|pwdwarntime|{bgcolor:red}High Security{bgcolor}|Password expiration warning time: Specifies the number of days to 5 days, before the system issues a warning that a password change is required |/etc/security/aixpert/bin/chusrattr |pwdwarntime=5 ALL hls_pwdwarntime |Password policy rules | |
| | |mls_pwdwarntime|pwdwarntime|{bgcolor:purple}Medium Security{bgcolor}|Password expiration warning time: Specifies the number of days to 5 days, before the system issues a warning that a password change is required |/etc/security/aixpert/bin/chusrattr |pwdwarntime=5 ALL mls_pwdwarntime |Password policy rules | |
| | |lls_pwdwarntime|pwdwarntime|{bgcolor:cyan}Low Security{bgcolor}|Password expiration warning time: Specifies the number of days to 5 days, before the system issues a warning that a password change is required |/etc/security/aixpert/bin/chusrattr |pwdwarntime=5 ALL lls_pwdwarntime |Password policy rules | |
| | |dls_pwdwarntime|pwdwarntime|{bgcolor:green}Default{bgcolor}|Password expiration warning time: Removes the constraint on the number of days before the system issues a warning that a password change is required |/etc/security/aixpert/bin/chusrattr |pwdwarntime=0 ALL dls_pwdwarntime |Password policy rules | |
| | |hls_usrck|usrck|{bgcolor:red}High Security{bgcolor}|Check user definitions: Verifies the correctness of user definitions and fixes the errors |/etc/security/aixpert/bin/execmds |"/usr/bin/usrck -y ALL; /usr/bin/usrck -n ALL" |User Group System and Password Definitions | |
| | |mls_usrck|usrck|{bgcolor:purple}Medium Security{bgcolor}|Check user definitions: Verifies the correctness of user definitions and fixes the errors |/etc/security/aixpert/bin/execmds |"/usr/bin/usrck -y ALL; /usr/bin/usrck -n ALL" |User Group System and Password Definitions | |
| | |lls_usrck|usrck|{bgcolor:cyan}Low Security{bgcolor}|Check user definitions: Verifies the correctness of user definitions and fixes the errors |/etc/security/aixpert/bin/execmds |"/usr/bin/usrck -y ALL; /usr/bin/usrck -n ALL" |User Group System and Password Definitions | |
| | |hls_pwdck|pwdck|{bgcolor:red}High Security{bgcolor}|Check password definitions: Verifies the correctness of password definitions and fixes the errors, also locks the users without a password |/etc/security/aixpert/bin/pwdckhls |none |User Group System and Password Definitions | |
| | |mls_pwdck|pwdck|{bgcolor:purple}Medium Security{bgcolor}|Check password definitions: Verifies the correctness of password definitions and fixes the errors |/etc/security/aixpert/bin/execmds |"/usr/bin/pwdck -y ALL; /usr/bin/pwdck -n ALL" |User Group System and Password Definitions | |
| | |lls_pwdck|pwdck|{bgcolor:cyan}Low Security{bgcolor}|Check password definitions: Verifies the correctness of password definitions and fixes the errors |/etc/security/aixpert/bin/execmds |"/usr/bin/pwdck -y ALL; /usr/bin/pwdck -n ALL" |User Group System and Password Definitions | |
| | |hls_grpck|grpck|{bgcolor:red}High Security{bgcolor}|Check group definitions: Verifies the correctness of group definitions and fixes the errors |/etc/security/aixpert/bin/execmds |"/usr/sbin/grpck -y ALL; /usr/sbin/grpck -n ALL" |User Group System and Password Definitions | |
| | |mls_grpck|grpck|{bgcolor:purple}Medium Security{bgcolor}|Check group definitions: Verifies the correctness of group definitions and fixes the errors |/etc/security/aixpert/bin/execmds |"/usr/sbin/grpck -y ALL; /usr/sbin/grpck -n ALL" |User Group System and Password Definitions | |
| | |lls_grpck|grpck|{bgcolor:cyan}Low Security{bgcolor}|Check group definitions: Verifies the correctness of group definitions and fixes the errors |/etc/security/aixpert/bin/execmds |"/usr/sbin/grpck -y ALL; /usr/sbin/grpck -n ALL" |User Group System and Password Definitions | |
| | |hls_tcbupdate|tcbupdate|{bgcolor:red}High Security{bgcolor}|TCB update: Updates Trusted Computing Base |/etc/security/aixpert/bin/execmds |"tcbck -y ALL; tcbck -n ALL" |User Group System and Password Definitions | |
| | |mls_tcbupdate|tcbupdate|{bgcolor:purple}Medium Security{bgcolor}|TCB update: Updates Trusted Computing Base |/etc/security/aixpert/bin/execmds |"tcbck -y ALL; tcbck -n ALL" |User Group System and Password Definitions | |
| | |lls_tcbupdate|tcbupdate|{bgcolor:cyan}Low Security{bgcolor}|TCB update: Updates Trusted Computing Base |/etc/security/aixpert/bin/execmds |"tcbck -y ALL; tcbck -n ALL" |User Group System and Password Definitions | |
| | |dls_tcbupdate|tcbupdate|{bgcolor:green}Default{bgcolor}|TCB update: Updates Trusted Computing Base |/etc/security/aixpert/bin/execmds |"tcbck -y ALL; tcbck -n ALL" |User Group System and Password Definitions | |
| | |hls_loginretries|loginretries|{bgcolor:red}High Security{bgcolor}|Number of login attempts before locking the account: Specifies the number of consecutive unsuccessful login attempts to 3, for each non-root user account before the account is disabled |/etc/security/aixpert/bin/chusrattr |loginretries=3 NONROOT hls_loginretries |Login policy recommendations | |
| | |mls_loginretries|loginretries|{bgcolor:purple}Medium Security{bgcolor}|Number of login attempts before locking the account: Specifies the number of consecutive unsuccessful login attempts to 4, for each non-root user account before the account is disabled |/etc/security/aixpert/bin/chusrattr |loginretries=4 NONROOT mls_loginretries |Login policy recommendations | |
| | |lls_loginretries|loginretries|{bgcolor:cyan}Low Security{bgcolor}|Number of login attempts before locking the account: Specifies the number of consecutive unsuccessful login attempts to 5, for each non-root user account before the account is disabled |/etc/security/aixpert/bin/chusrattr |loginretries=5 NONROOT lls_loginretries |Login policy recommendations | |
| | |dls_loginretries|loginretries|{bgcolor:green}Default{bgcolor}|Number of login attempts before locking the account: Removes the constraint on the number of consecutive unsuccessful login attempts per non-root user account before the account is disabled |/etc/security/aixpert/bin/chusrattr |loginretries=0 ALL dls_loginretries |Login policy recommendations | |
| | |hls_logindelay|logindelay|{bgcolor:red}High Security{bgcolor}|Delay between unsuccessful logins: Specifies the delay between unsuccessful logins to 10 seconds |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logindelay=10 default hls_logindelay |Login policy recommendations | |
| | |mls_logindelay|logindelay|{bgcolor:purple}Medium Security{bgcolor}|Delay between unsuccessful logins: Specifies the delay between unsuccessful logins to 5 seconds |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logindelay=5 default mls_logindelay |Login policy recommendations | |
| | |lls_logindelay|logindelay|{bgcolor:cyan}Low Security{bgcolor}|Delay between unsuccessful logins: Specifies the delay between unsuccessful logins to 5 seconds |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logindelay=5 default lls_logindelay |Login policy recommendations | |
| | |dls_logindelay|logindelay|{bgcolor:green}Default{bgcolor}|Delay between unsuccessful logins: Removes any login delays between two unsuccessful login attempts |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logindelay=0 default dls_logindelay |Login policy recommendations | |
| | |hls_logindisable|logindisable|{bgcolor:red}High Security{bgcolor}|Disable login after unsuccessful login attempts: Specifies the number of unsuccessful login attempts on a port to 10, before the port is locked |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logindisable=10 default hls_logindisable |Login policy recommendations | |
| | |mls_logindisable|logindisable|{bgcolor:purple}Medium Security{bgcolor}|Disable login after unsuccessful login attempts: Specifies the number of unsuccessful login attempts on a port to 10, before the port is locked |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logindisable=10 default mls_logindisable |Login policy recommendations | |
| | |dls_logindisable|logindisable|{bgcolor:green}Default{bgcolor}|Remove the unsuccessful login constraint: Removes the constraint on the number of unsuccessful login attempts on a port, before the port can be locked |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logindisable=0 default dls_logindisable |Login policy recommendations | |
| | |hls_logininterval|logininterval|{bgcolor:red}High Security{bgcolor}|Interval between unsuccessful logins: Specifies the time interval(300 seconds) for a port in which the unsuccessful login attempts must occur before the port is disabled |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logininterval=300 default hls_logininterval |Login policy recommendations | |
| | |mls_logininterval|logininterval|{bgcolor:purple}Medium Security{bgcolor}|Interval between unsuccessful logins: Specifies the time interval(60 seconds) for a port in which the unsuccessful login attempts must occur before the port is disable |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logininterval=60 default mls_logininterval |Login policy recommendations | |
| | |dls_logininterval|logininterval|{bgcolor:green}Default{bgcolor}|Interval between unsuccessful logins: Removes any time interval for a port in which the unsuccessful login attempts must occur before the port is disabled |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logininterval=0 default dls_logininterval |Login policy recommendations | |
| | |hls_loginreenable|loginreenable|{bgcolor:red}High Security{bgcolor}|Reenable login after locking: Specifies the time interval(360 minutes) after which a port is unlocked after being disabled by logindisable |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg loginreenable=360 default hls_loginreenable |Login policy recommendations | |
| | |mls_loginreenable|loginreenable|{bgcolor:purple}Medium Security{bgcolor}|Reenable login after locking: Specifies the time interval(30 minutes) after which a port is unlocked after being disabled by logindisable |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg loginreenable=30 default mls_loginreenable |Login policy recommendations | |
| | |dls_loginreenable|loginreenable|{bgcolor:green}Default{bgcolor}|Reenable login after locking: Removes any time interval after which a port is unlocked after being disabled by logindisable |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg loginreenable=0 default dls_loginreenable |Login policy recommendations | |
| | |hls_logintimeout|logintimeout|{bgcolor:red}High Security{bgcolor}|Login timeout: Specifies the time interval(30 seconds) to type in a password |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logintimeout=30 usw hls_logintimeout |Login policy recommendations | |
| | |mls_logintimeout|logintimeout|{bgcolor:purple}Medium Security{bgcolor}|Login timeout: Specifies the time interval(60 seconds) to type in a password |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logintimeout=60 usw mls_logintimeout |Login policy recommendations | |
| | |lls_logintimeout|logintimeout|{bgcolor:cyan}Low Security{bgcolor}|Login timeout: Specifies the time interval(60 seconds) to type in a password |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logintimeout=60 usw lls_logintimeout |Login policy recommendations | |
| | |dls_logintimeout|logintimeout|{bgcolor:green}Default{bgcolor}|Login timeout: Specifies the time interval(60 seconds) to type in a password |/etc/security/aixpert/bin/chdefstanza |/etc/security/login.cfg logintimeout=60 usw dls_logintimeout |Login policy recommendations | |
| | |hls_rootrlogin|rootrlogin|{bgcolor:red}High Security{bgcolor}|Remote root login: Disables remote root login |/etc/security/aixpert/bin/chuserstanza |/etc/security/user rlogin=false root hls_rootrlogin |Login policy recommendations | |
| | |mls_rootrlogin|rootrlogin|{bgcolor:purple}Medium Security{bgcolor}|Remote root login: Disables remote root login |/etc/security/aixpert/bin/chuserstanza |/etc/security/user rlogin=false root mls_rootrlogin |Login policy recommendations | |
| | |dls_rootrlogin|rootrlogin|{bgcolor:green}Default{bgcolor}|Remote root login: Enables remote root login |/etc/security/aixpert/bin/chuserstanza |/etc/security/user rlogin=true root dls_rootrlogin |Login policy recommendations | |
| | |hls_rootlogin|rootlogin|{bgcolor:red}High Security{bgcolor}|Local login: Disables root to login locally |/etc/security/aixpert/bin/chuserstanza |/etc/security/user login=false root hls_rootlogin |Login policy recommendations | |
| | |dls_rootlogin|rootlogin|{bgcolor:green}Default{bgcolor}|Local login: Enables root to login locally |/etc/security/aixpert/bin/chuserstanza |/etc/security/user login=true root dls_rootlogin |Login policy recommendations | |
| | |hls_binaudit|binaudit|{bgcolor:red}High Security{bgcolor}|Enable binaudit: Enables bin auditing for {bgcolor:red}High Security{bgcolor} |/etc/security/aixpert/bin/binaudit |h hls_binaudit |Audit policy recommendations | |
| | |mls_binaudit|binaudit|{bgcolor:purple}Medium Security{bgcolor}|Enable binaudit: Enables bin auditing for {bgcolor:purple}Medium Security{bgcolor} |/etc/security/aixpert/bin/binaudit |m mls_binaudit |Audit policy recommendations | |
| | |lls_binaudit|binaudit|{bgcolor:cyan}Low Security{bgcolor}|Enable binaudit: Enables bin auditing for {bgcolor:cyan}Low Security{bgcolor} |/etc/security/aixpert/bin/binaudit |l lls_binaudit |Audit policy recommendations | |
| | |dls_binaudit|binaudit|{bgcolor:green}Default{bgcolor}|Disable binaudit: Disables bin auditing |/etc/security/aixpert/bin/binaudit |d dls_binaudit |Audit policy recommendations | |
| | |hls_disqdaemon|disqdaemon|{bgcolor:red}High Security{bgcolor}|Disable qdaemon: Stops qdaemon and comments the qdaemon entry in /etc/inittab |/etc/security/aixpert/bin/comntrows |qdaemon: /etc/inittab : d hls_disqdaemon |Rules for /etc/inittab | |
| | |mls_disqdaemon|disqdaemon|{bgcolor:purple}Medium Security{bgcolor}|Disable qdaemon: Stops qdaemon and comments the qdaemon entry in /etc/inittab |/etc/security/aixpert/bin/comntrows |qdaemon: /etc/inittab : d mls_disqdaemon |Rules for /etc/inittab | |
| | |dls_disqdaemon|disqdaemon|{bgcolor:green}Default{bgcolor}|Enable qdaemon: Starts qdaemon and uncomments the qdaemon entry in /etc/inittab |/etc/security/aixpert/bin/comntrows |qdaemon: /etc/inittab : a dls_disqdaemon |Rules for /etc/inittab | |
| | |hls_dispiobe|dispiobe|{bgcolor:red}High Security{bgcolor}|Disable piobe daemon: Stops piobe daemon and comments the piobe entry in /etc/inittab |/etc/security/aixpert/bin/comntrows |piobe: /etc/inittab : d hls_dispiobe |Rules for /etc/inittab | |
| | |mls_dispiobe|dispiobe|{bgcolor:purple}Medium Security{bgcolor}|Disable piobe daemon: Stops piobe daemon and comments the piobe entry in /etc/inittab |/etc/security/aixpert/bin/comntrows |piobe: /etc/inittab : d mls_dispiobe |Rules for /etc/inittab | |
| | |dls_dispiobe|dispiobe|{bgcolor:green}Default{bgcolor}|Enable piobe daemon: Starts piobe daemon and uncomments the piobe entry in /etc/inittab |/etc/security/aixpert/bin/comntrows |piobe: /etc/inittab : a dls_dispiobe |Rules for /etc/inittab | |
| | |hls_dislpd|dislpd|{bgcolor:red}High Security{bgcolor}|Disable lpd daemon: Stops lpd daemon and comments the lpd entry in /etc/inittab |/etc/security/aixpert/bin/comntrows |lpd: /etc/inittab : d hls_dislpd |Rules for /etc/inittab | |
| | |mls_dislpd|dislpd|{bgcolor:purple}Medium Security{bgcolor}|Disable lpd daemon: Stops lpd daemon and comments the lpd entry in /etc/inittab |/etc/security/aixpert/bin/comntrows |lpd: /etc/inittab : d mls_dislpd |Rules for /etc/inittab | |
| | |dls_dislpd|dislpd|{bgcolor:green}Default{bgcolor}|Enable lpd daemon: Stops lpd daemon and comments the lpd entry in /etc/inittab |/etc/security/aixpert/bin/comntrows |lpd: /etc/inittab : d dls_dislpd |Rules for /etc/inittab | |
| | |hls_discde|discde|{bgcolor:red}High Security{bgcolor}|Disable CDE: Disables CDE when LFT is not configured |/etc/security/aixpert/bin/comntrows |"dt:" "/etc/inittab" ":" d hls_discde |Rules for /etc/inittab | |
| | |mls_discde|discde|{bgcolor:purple}Medium Security{bgcolor}|Disable CDE: Disables CDE when LFT is not configured |/etc/security/aixpert/bin/comntrows |"dt:" "/etc/inittab" ":" d mls_discde |Rules for /etc/inittab | |
| | |dls_discde|discde|{bgcolor:green}Default{bgcolor}|Enable CDE: Enables CDE |/etc/security/aixpert/bin/comntrows |"dt:" "/etc/inittab" ":" a dls_discde |Rules for /etc/inittab | |
| | |hls_disautoconf6|disautoconf6|{bgcolor:red}High Security{bgcolor}|Stop autoconf6: Stops autoconf6, if it is running and comments the entry for autoconf6 in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |autoconf6 d hls_disautoconf6 |/etc/rc.tcpip Settings | |
| | |dls_disautoconf6|disautoconf6|{bgcolor:green}Default{bgcolor}|Stop autoconf6: Stops autoconf6, if it is running and comments the entry for autoconf6 in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |autoconf6 d dls_disautoconf6 |/etc/rc.tcpip Settings | |
| | |hls_disrtngdmn|disrtngdmn|{bgcolor:red}High Security{bgcolor}|Disable routing daemon: Stops routed daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |routed d hls_disrtngdmn |/etc/rc.tcpip Settings | |
| | |dls_disrtngdmn|disrtngdmn|{bgcolor:green}Default{bgcolor}|Disable routing daemon: Stops routed daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |routed d dls_disrtngdmn |/etc/rc.tcpip Settings | |
| | |hls_distimedmn|distimedmn|{bgcolor:red}High Security{bgcolor}|Disable timed daemon: Stops timed daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |timed d hls_distimedmn |/etc/rc.tcpip Settings | |
| | |mls_distimedmn|distimedmn|{bgcolor:purple}Medium Security{bgcolor}|Disable timed daemon: Stops timed daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |timed d mls_distimedmn |/etc/rc.tcpip Settings | |
| | |lls_distimedmn|distimedmn|{bgcolor:cyan}Low Security{bgcolor}|Disable timed daemon: Stops timed daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |timed d lls_distimedmn |/etc/rc.tcpip Settings | |
| | |dls_distimedmn|distimedmn|{bgcolor:green}Default{bgcolor}|Disable timed daemon: Stops timed daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |timed d dls_distimedmn |/etc/rc.tcpip Settings | |
| | |hls_disntpdmn|disntpdmn|{bgcolor:red}High Security{bgcolor}|Disable NTP daemon: Stops NTP daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |xntpd d hls_disntpdmn |/etc/rc.tcpip Settings | |
| | |mls_disntpdmn|disntpdmn|{bgcolor:purple}Medium Security{bgcolor}|Disable NTP daemon: Stops NTP daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |xntpd d mls_disntpdmn |/etc/rc.tcpip Settings | |
| | |dls_disntpdmn|disntpdmn|{bgcolor:green}Default{bgcolor}|Disable NTP daemon: Stops NTP daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |xntpd d dls_disntpdmn |/etc/rc.tcpip Settings | |
| | |hls_disrwhoddmn|disrwhoddmn|{bgcolor:red}High Security{bgcolor}|Disable rwhod daemon: Stops rwhod daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |rwhod d hls_disrwhoddmn |/etc/rc.tcpip Settings | |
| | |dls_disrwhoddmn|disrwhoddmn|{bgcolor:green}Default{bgcolor}|Disable rwhod daemon: Stops rwhod daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |rwhod d dls_disrwhoddmn |/etc/rc.tcpip Settings | |
| | |hls_dissnmpdmn|dissnmpdmn|{bgcolor:red}High Security{bgcolor}|Disable SNMP daemon: Stops SNMP daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |snmpd d hls_dissnmpdmn |/etc/rc.tcpip Settings | |
| | |mls_dissnmpdmn|dissnmpdmn|{bgcolor:purple}Medium Security{bgcolor}|Disable SNMP daemon: Stops SNMP daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |snmpd d mls_dissnmpdmn |/etc/rc.tcpip Settings | |
| | |lls_dissnmpdmn|dissnmpdmn|{bgcolor:cyan}Low Security{bgcolor}|Disable SNMP daemon: Stops SNMP daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |snmpd d lls_dissnmpdmn |/etc/rc.tcpip Settings | |
| | |dls_dissnmpdmn|dissnmpdmn|{bgcolor:green}Default{bgcolor}|Disable SNMP daemon: Stops SNMP daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |snmpd a dls_dissnmpdmn |/etc/rc.tcpip Settings | |
| | |hls_disdpid2dmn|disdpid2dmn|{bgcolor:red}High Security{bgcolor}|Disable DPID2 daemon: Stops DPID2 daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |dipid2 d hls_disdpid2dmn |/etc/rc.tcpip Settings | |
| | |dls_disdpid2dmn|disdpid2dmn|{bgcolor:green}Default{bgcolor}|Disable DPID2 daemon: Stops DPID2 daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |dipid2 d dls_disdpid2dmn |/etc/rc.tcpip Settings | |
| | |hls_dismrouteddmn|dismrouteddmn|{bgcolor:red}High Security{bgcolor}|Disable mrouted daemon: Stops mrouted daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |mrouted d hls_dismrouteddmn |/etc/rc.tcpip Settings | |
| | |dls_dismrouteddmn|dismrouteddmn|{bgcolor:green}Default{bgcolor}|Disable mrouted daemon: Stops mrouted daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |mrouted d dls_dismrouteddmn |/etc/rc.tcpip Settings | |
| | |hls_disprintdmn|disprintdmn|{bgcolor:red}High Security{bgcolor}|Disable print daemon: Stops the print daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |lpd d hls_disprintdmn |/etc/rc.tcpip Settings | |
| | |dls_disprintdmn|disprintdmn|{bgcolor:green}Default{bgcolor}|Disable print daemon: Stops the print daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |lpd d dls_disprintdmn |/etc/rc.tcpip Settings | |
| | |hls_disdnsdmn|disdnsdmn|{bgcolor:red}High Security{bgcolor}|Disable DNS daemon: Stops DNS daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |named d hls_disdnsdmn |/etc/rc.tcpip Settings | |
| | |dls_disdnsdmn|disdnsdmn|{bgcolor:green}Default{bgcolor}|Disable DNS daemon: Stops DNS daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |named d dls_disdnsdmn |/etc/rc.tcpip Settings | |
| | |hls_dismaildmn|dismaildmn|{bgcolor:red}High Security{bgcolor}|Disable mail client:Stops Sendmail daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |sendmail d hls_dismaildmn |/etc/rc.tcpip Settings | |
| | |dls_dismaildmn|dismaildmn|{bgcolor:green}Default{bgcolor}|Enable mail client: Uncomments the entry for Sendmail daemon in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |sendmail a dls_dismaildmn |/etc/rc.tcpip Settings | |
| | |hls_disdhcpserv|disdhcpserv|{bgcolor:red}High Security{bgcolor}|Stop DHCP Server: Stops DHCP server daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |dhcpsd d hls_disdhcpserv |/etc/rc.tcpip Settings | |
| | |dls_disdhcpserv|disdhcpserv|{bgcolor:green}Default{bgcolor}|Stop DHCP Server: Stops DHCP server daemon and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |dhcpsd d dls_disdhcpserv |/etc/rc.tcpip Settings | |
| | |hls_disdhcpagent|disdhcpagent|{bgcolor:red}High Security{bgcolor}|Stop DHCP Agent: Stops DHCP relay agent and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |dhcprd d hls_disdhcpagent |/etc/rc.tcpip Settings | |
| | |dls_disdhcpagent|disdhcpagent|{bgcolor:green}Default{bgcolor}|Stop DHCP Agent: Stops DHCP relay agent and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |dhcprd d dls_disdhcpagent |/etc/rc.tcpip Settings | |
| | |hls_disdhcpclient|disdhcpclient|{bgcolor:red}High Security{bgcolor}|Stop DHCP Client: Stops DHCP client and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |dhcpcd d hls_disdhcpclient |/etc/rc.tcpip Settings | |
| | |dls_disdhcpclient|disdhcpclient|{bgcolor:green}Default{bgcolor}|Stop DHCP Client: Stops DHCP client and comments it's entry in /etc/rc.tcpip |/etc/security/aixpert/bin/rctcpip |dhcpcd d dls_disdhcpclient |/etc/rc.tcpip Settings | |
| | |hls_disgateddmn|disgateddmn|{bgcolor:red}High Security{bgcolor}|Disable gated daemon: Stops gated daemons and comments the entry for gated daemon in /etc/rc.tcpip if the system is not configured as a router |/etc/security/aixpert/bin/rctcpip |gated d hls_disgateddmn |/etc/rc.tcpip Settings | |
| | |mls_disgateddmn|disgateddmn|{bgcolor:purple}Medium Security{bgcolor}|Disable gated daemon: Stops gated daemons and comments the entry for gated daemon in /etc/rc.tcpip if the system is not configured as a router |/etc/security/aixpert/bin/rctcpip |gated d mls_disgateddmn |/etc/rc.tcpip Settings | |
| | |lls_disgateddmn|disgateddmn|{bgcolor:cyan}Low Security{bgcolor}|Disable gated daemon: Stops gated daemons and comments the entry for gated daemon in /etc/rc.tcpip if the system is not configured as a router |/etc/security/aixpert/bin/rctcpip |gated d lls_disgateddmn |/etc/rc.tcpip Settings | |
| | |dls_disgateddmn|disgateddmn|{bgcolor:green}Default{bgcolor}|Disable gated daemon: Stops gated daemons and comments the entry for gated daemon in /etc/rc.tcpip if the system is not configured as a router |/etc/security/aixpert/bin/rctcpip |gated d dls_disgateddmn |/etc/rc.tcpip Settings | |
| | |hls_shell|shell|{bgcolor:red}High Security{bgcolor}|Disable rshd daemon: Comments the entry for rshd daemon in /etc/inetd.conf and kills all instances of rshd |/etc/security/aixpert/bin/cominetdconf |shell tcp d hls_shell |/etc/inetd.conf Settings | |
| | |mls_shell|shell|{bgcolor:purple}Medium Security{bgcolor}|Disable rshd daemon: Comments the entry for rshd daemon in /etc/inetd.conf and kills all instances of rshd |/etc/security/aixpert/bin/cominetdconf |shell tcp d mls_shell |/etc/inetd.conf Settings | |
| | |lls_shell|shell|{bgcolor:cyan}Low Security{bgcolor} |/etc/security/aixpert/bin/cominetdconf |shell tcp d lls_shell |/etc/inetd.conf Settings | |
| | |dls_shell|shell|{bgcolor:green}Default{bgcolor}|Enable rshd daemon: Uncomments the entry for rshd daemon in /etc/inetd.conf and starts rshd daemon |/etc/security/aixpert/bin/cominetdconf |shell tcp a dls_shell |/etc/inetd.conf Settings | |
| | |hls_kshell|kshell|{bgcolor:red}High Security{bgcolor}|Disable krshd daemon: Comments the entry for krshd daemon in /etc/inetd.conf and kills all instances of krshd |/etc/security/aixpert/bin/cominetdconf |kshell tcp d hls_kshell |/etc/inetd.conf Settings | |
| | |dls_kshell|kshell|{bgcolor:green}Default{bgcolor}|Disable krshd daemon: Comments the entry for krshd daemon in /etc/inetd.conf and kills all instances of krshd |/etc/security/aixpert/bin/cominetdconf |kshell tcp d dls_kshell |/etc/inetd.conf Settings | |
| | |hls_rlogin|rlogin|{bgcolor:red}High Security{bgcolor}|Disable rlogin in /etc/inetd.conf: Comments the entry for rlogind daemon in /etc/inetd.conf and kills all instances of rlogind |/etc/security/aixpert/bin/cominetdconf |login tcp d hls_rlogin |/etc/inetd.conf Settings | |
| | |mls_rlogin|rlogin|{bgcolor:purple}Medium Security{bgcolor}|Disable rlogin in /etc/inetd.conf: Comments the entry for rlogind daemon in /etc/inetd.conf and kills all instances of rlogind |/etc/security/aixpert/bin/cominetdconf |login tcp d mls_rlogin |/etc/inetd.conf Settings | |
| | |dls_rlogin|rlogin|{bgcolor:green}Default{bgcolor}|Enable rlogin in /etc/inetd.conf: Uncomments the entry for rlogind daemon in /etc/inetd.conf and starts rlogind daemon |/etc/security/aixpert/bin/cominetdconf |login tcp a dls_rlogin |/etc/inetd.conf Settings | |
| | |hls_krlogin|krlogin|{bgcolor:red}High Security{bgcolor}|Disable krlogind in /etc/inetd.conf: Comments the entry for krlogind daemon in /etc/inetd.conf and kills all instances of krlogind |/etc/security/aixpert/bin/cominetdconf |klogin tcp d hls_krlogin |/etc/inetd.conf Settings | |
| | |dls_krlogin|krlogin|{bgcolor:green}Default{bgcolor}|Disable krlogind in /etc/inetd.conf: Comments the entry for krlogind daemon in /etc/inetd.conf and kills all instances of krlogind |/etc/security/aixpert/bin/cominetdconf |klogin tcp d dls_krlogin |/etc/inetd.conf Settings | |
| | |hls_rexecd|rexecd|{bgcolor:red}High Security{bgcolor}|Disable rexecd in /etc/inetd.conf: Comments the entry for rexecd daemon in /etc/inetd.conf and kills all instances of rexecd |/etc/security/aixpert/bin/cominetdconf |exec tcp d hls_rexecd |/etc/inetd.conf Settings | |
| | |mls_rexecd|rexecd|{bgcolor:purple}Medium Security{bgcolor}|Disable rexecd in /etc/inetd.conf: Comments the entry for rexecd daemon in /etc/inetd.conf and kills all instances of rexecd |/etc/security/aixpert/bin/cominetdconf |exec tcp d mls_rexecd |/etc/inetd.conf Settings | |
| | |dls_rexecd|rexecd|{bgcolor:green}Default{bgcolor}|Enable rexecd in /etc/inetd.conf: Uncomments the entry for rexecd daemon in /etc/inetd.conf and starts rexecd daemon |/etc/security/aixpert/bin/cominetdconf |exec tcp a dls_rexecd |/etc/inetd.conf Settings | |
| | |hls_comsat|comsat|{bgcolor:red}High Security{bgcolor}|Disable comsat in /etc/inetd.conf: Comments the entry for comsat daemon in /etc/inetd.conf and kills all instances of comsat |/etc/security/aixpert/bin/cominetdconf |comsat udp d hls_comsat |/etc/inetd.conf Settings | |
| | |dls_comsat|comsat|{bgcolor:green}Default{bgcolor}|Disable comsat in /etc/inetd.conf: Comments the entry for comsat daemon in /etc/inetd.conf and kills all instances of comsat |/etc/security/aixpert/bin/cominetdconf |comsat udp d hls_comsat |/etc/inetd.conf Settings | |
| | |hls_uucp|uucp|{bgcolor:red}High Security{bgcolor}|Enable uucpd in /etc/inetd.conf: Comments the entry for uucpd daemon in /etc/inetd.conf and kills all instances of uucpd |/etc/security/aixpert/bin/cominetdconf |uucp tcp d hls_uucp |/etc/inetd.conf Settings | |
| | |dls_uucp|uucp|{bgcolor:green}Default{bgcolor}|Enable uucpd in /etc/inetd.conf: Uncomments the entry for uucpd daemon in /etc/inetd.conf and starts uucp service |/etc/security/aixpert/bin/cominetdconf |uucp tcp a dls_uucp |/etc/inetd.conf Settings | |
| | |hls_bootps|bootps|{bgcolor:red}High Security{bgcolor}|Disable bootpd in /etc/inetd.conf: Comments the entry for bootpd daemon in /etc/inetd.conf and kills all instances of bootpsd |/etc/security/aixpert/bin/cominetdconf |bootps udp d hls_bootps |/etc/inetd.conf Settings | |
| | |mls_bootps|bootps|{bgcolor:purple}Medium Security{bgcolor}|Disable bootpd in /etc/inetd.conf: Comments the entry for bootpd daemon in /etc/inetd.conf and kills all instances of bootpsd |/etc/security/aixpert/bin/cominetdconf |bootps udp d mls_bootps |/etc/inetd.conf Settings | |
| | |dls_bootps|bootps|{bgcolor:green}Default{bgcolor}|Disable bootpd in /etc/inetd.conf: Comments the entry for bootpd daemon in /etc/inetd.conf and kills all instances of bootpsd |/etc/security/aixpert/bin/cominetdconf |bootps udp d dls_bootps |/etc/inetd.conf Settings | |
| | |hls_fingerd|fingerd|{bgcolor:red}High Security{bgcolor}|Disable fingerd in /etc/inetd.conf: Comments the entry for fingerd daemon in /etc/inetd.conf and kills all instances of fingerd |/etc/security/aixpert/bin/cominetdconf |finger tcp d hls_fingerd |/etc/inetd.conf Settings | |
| | |mls_fingerd|fingerd|{bgcolor:purple}Medium Security{bgcolor}|Disable fingerd in /etc/inetd.conf: Comments the entry for fingerd daemon in /etc/inetd.conf and kills all instances of fingerd |/etc/security/aixpert/bin/cominetdconf |finger tcp d mls_fingerd |/etc/inetd.conf Settings | |
| | |dls_fingerd|fingerd|{bgcolor:green}Default{bgcolor}|Disable fingerd in /etc/inetd.conf: Comments the entry for fingerd daemon in /etc/inetd.conf and kills all instances of fingerd |/etc/security/aixpert/bin/cominetdconf |finger tcp d dls_fingerd |/etc/inetd.conf Settings | |
| | |hls_systat|systat|{bgcolor:red}High Security{bgcolor}|Disable sysstat in /etc/inetd.conf: Comments the entry for systat daemon in /etc/inetd.conf and kills all instances of systat |/etc/security/aixpert/bin/cominetdconf |systat tcp d hls_systat |/etc/inetd.conf Settings | |
| | |mls_systat|systat|{bgcolor:purple}Medium Security{bgcolor}|Disable sysstat in /etc/inetd.conf: Comments the entry for systat daemon in /etc/inetd.conf and kills all instances of systat |/etc/security/aixpert/bin/cominetdconf |systat tcp d mls_systat |/etc/inetd.conf Settings | |
| | |dls_systat|systat|{bgcolor:green}Default{bgcolor}|Disable sysstat in /etc/inetd.conf: Comments the entry for systat daemon in /etc/inetd.conf and kills all instances of systat |/etc/security/aixpert/bin/cominetdconf |systat tcp d dls_systat |/etc/inetd.conf Settings | |
| | |hls_netstat|netstat|{bgcolor:red}High Security{bgcolor}|Disable netstat in /etc/inetd.conf: Comments the entry for netstat daemon in /etc/inetd.conf and kills all instances of netstat |/etc/security/aixpert/bin/cominetdconf |netstat tcp d hls_netstat |/etc/inetd.conf Settings | |
| | |mls_netstat|netstat|{bgcolor:purple}Medium Security{bgcolor}|Disable netstat in /etc/inetd.conf: Comments the entry for netstat daemon in /etc/inetd.conf and kills all instances of netstat |/etc/security/aixpert/bin/cominetdconf |netstat tcp d mls_netstat |/etc/inetd.conf Settings | |
| | |dls_netstat|netstat|{bgcolor:green}Default{bgcolor}|Disable netstat in /etc/inetd.conf: Comments the entry for netstat daemon in /etc/inetd.conf and kills all instances of netstat |/etc/security/aixpert/bin/cominetdconf |netstat tcp d dls_netstat |/etc/inetd.conf Settings | |
| | |hls_tftp|tftp|{bgcolor:red}High Security{bgcolor}|Disable tftp in /etc/inetd.conf: Comments the entry for tftp daemon in /etc/inetd.conf and kills all instances of tftpd |/etc/security/aixpert/bin/cominetdconf |tftp udp d hls_tftp |/etc/inetd.conf Settings | |
| | |mls_tftp|tftp|{bgcolor:purple}Medium Security{bgcolor}|Disable tftp in /etc/inetd.conf: Comments the entry for tftp daemon in /etc/inetd.conf and kills all instances of tftpd |/etc/security/aixpert/bin/cominetdconf |tftp udp d mls_tftp |/etc/inetd.conf Settings | |
| | |dls_tftp|tftp|{bgcolor:green}Default{bgcolor}|Disable tftp in /etc/inetd.conf: Comments the entry for tftp daemon in /etc/inetd.conf and kills all instances of tftpd |/etc/security/aixpert/bin/cominetdconf |tftp udp d mls_tftp |/etc/inetd.conf Settings | |
| | |hls_talk|talk|{bgcolor:red}High Security{bgcolor}|Disable talk in /etc/inetd.conf: Comments the entry for talk daemon in /etc/inetd.conf and kills all instances of talkd |/etc/security/aixpert/bin/cominetdconf |talk udp d hls_talk |/etc/inetd.conf Settings | |
| | |mls_talk|talk|{bgcolor:purple}Medium Security{bgcolor}|Disable talk in /etc/inetd.conf: Comments the entry for talk daemon in /etc/inetd.conf and kills all instances of talkd |/etc/security/aixpert/bin/cominetdconf |talk udp d mls_talk |/etc/inetd.conf Settings | |
| | |lls_talk|talk|{bgcolor:cyan}Low Security{bgcolor}|Disable talk in /etc/inetd.conf: Comments the entry for talk daemon in /etc/inetd.conf and kills all instances of talkd |/etc/security/aixpert/bin/cominetdconf |talk udp d lls_talk |/etc/inetd.conf Settings | |
| | |dls_talk|talk|{bgcolor:green}Default{bgcolor}|Enable talk in /etc/inetd.conf: Uncomments the entry for talk daemon in /etc/inetd.conf and starts talk service |/etc/security/aixpert/bin/cominetdconf |talk udp a dls_talk |/etc/inetd.conf Settings | |
| | |hls_rquotad|rquotad|{bgcolor:red}High Security{bgcolor}|Disable rquotad in /etc/inetd.conf: Comments the entry for rquotad daemon in /etc/inetd.conf and kills all instances of rquotad |/etc/security/aixpert/bin/cominetdconf |rquotad udp d hls_rquotad |/etc/inetd.conf Settings | |
| | |mls_rquotad|rquotad|{bgcolor:purple}Medium Security{bgcolor}|Disable rquotad in /etc/inetd.conf: Comments the entry for rquotad daemon in /etc/inetd.conf and kills all instances of rquotad |/etc/security/aixpert/bin/cominetdconf |rquotad udp d mls_rquotad |/etc/inetd.conf Settings | |
| | |lls_rquotad|rquotad|{bgcolor:cyan}Low Security{bgcolor}|Disable rquotad in /etc/inetd.conf: Comments the entry for rquotad daemon in /etc/inetd.conf and kills all instances of rquotad |/etc/security/aixpert/bin/cominetdconf |rquotad udp d lls_rquotad |/etc/inetd.conf Settings | |
| | |dls_rquotad|rquotad|{bgcolor:green}Default{bgcolor}|Disable rquotad in /etc/inetd.conf: Comments the entry for rquotad daemon in /etc/inetd.conf and kills all instances of rquotad |/etc/security/aixpert/bin/cominetdconf |rquotad udp d dls_rquotad |/etc/inetd.conf Settings | |
| | |hls_rexd|rexd|{bgcolor:red}High Security{bgcolor}|Disable rexd in /etc/inetd.conf: Comments the entry for rexd daemon in /etc/inetd.conf and kills all instances of rexd |/etc/security/aixpert/bin/cominetdconf |rexd tcp d hls_rexd |/etc/inetd.conf Settings | |
| | |mls_rexd|rexd|{bgcolor:purple}Medium Security{bgcolor}|Disable rexd in /etc/inetd.conf: Comments the entry for rexd daemon in /etc/inetd.conf and kills all instances of rexd |/etc/security/aixpert/bin/cominetdconf |rexd tcp d mls_rexd |/etc/inetd.conf Settings | |
| | |lls_rexd|rexd|{bgcolor:cyan}Low Security{bgcolor}|Disable rexd in /etc/inetd.conf: Comments the entry for rexd daemon in /etc/inetd.conf and kills all instances of rexd |/etc/security/aixpert/bin/cominetdconf |rexd tcp d lls_rexd |/etc/inetd.conf Settings | |
| | |dls_rexd|rexd|{bgcolor:green}Default{bgcolor}|Disable rexd in /etc/inetd.conf: Comments the entry for rexd daemon in /etc/inetd.conf and kills all instances of rexd |/etc/security/aixpert/bin/cominetdconf |rexd tcp d dls_rexd |/etc/inetd.conf Settings | |
| | |hls_rstatd|rstatd|{bgcolor:red}High Security{bgcolor}|Disable rstatd in /etc/inetd.conf: Comments the entry for rstatd daemon in /etc/inetd.conf and kills all instances of rstatd |/etc/security/aixpert/bin/cominetdconf |rstatd udp d hls_rstatd |/etc/inetd.conf Settings | |
| | |mls_rstatd|rstatd|{bgcolor:purple}Medium Security{bgcolor}|Disable rstatd in /etc/inetd.conf: Comments the entry for rstatd daemon in /etc/inetd.conf and kills all instances of rstatd |/etc/security/aixpert/bin/cominetdconf |rstatd udp d mls_rstatd |/etc/inetd.conf Settings | |
| | |dls_rstatd|rstatd|{bgcolor:green}Default{bgcolor}|Disable rstatd in /etc/inetd.conf: Comments the entry for rstatd daemon in /etc/inetd.conf and kills all instances of rstatd |/etc/security/aixpert/bin/cominetdconf |rstatd udp d dls_rstatd |/etc/inetd.conf Settings | |
| | |hls_rusersd|rusersd|{bgcolor:red}High Security{bgcolor}|Disable ruserd in /etc/inetd.conf: Comments the entry for rusersd daemon in /etc/inetd.conf and kills all instances of rusersd |/etc/security/aixpert/bin/cominetdconf |rusersd udp d hls_rusersd |/etc/inetd.conf Settings | |
| | |mls_rusersd|rusersd|{bgcolor:purple}Medium Security{bgcolor}|Disable ruserd in /etc/inetd.conf: Comments the entry for rusersd daemon in /etc/inetd.conf and kills all instances of rusersd |/etc/security/aixpert/bin/cominetdconf |rusersd udp d mls_rusersd |/etc/inetd.conf Settings | |
| | |dls_rusersd|rusersd|{bgcolor:green}Default{bgcolor}|Disable ruserd in /etc/inetd.conf: Comments the entry for rusersd daemon in /etc/inetd.conf and kills all instances of rusersd |/etc/security/aixpert/bin/cominetdconf |rusersd udp d dls_rusersd |/etc/inetd.conf Settings | |
| | |hls_rwalld|rwalld|{bgcolor:red}High Security{bgcolor}|Disable rwalld in /etc/inetd.conf: Comments the entry for rwalld daemon in /etc/inetd.conf and kills all instances of rwalld |/etc/security/aixpert/bin/cominetdconf |rwalld udp d hls_rwalld |/etc/inetd.conf Settings | |
| | |mls_rwalld|rwalld|{bgcolor:purple}Medium Security{bgcolor}|Disable rwalld in /etc/inetd.conf: Comments the entry for rwalld daemon in /etc/inetd.conf and kills all instances of rwalld |/etc/security/aixpert/bin/cominetdconf |rwalld udp d mls_rwalld |/etc/inetd.conf Settings | |
| | |dls_rwalld|rwalld|{bgcolor:green}Default{bgcolor}|Disable rwalld in /etc/inetd.conf: Comments the entry for rwalld daemon in /etc/inetd.conf and kills all instances of rwalld |/etc/security/aixpert/bin/cominetdconf |rwalld udp d dls_rwalld |/etc/inetd.conf Settings | |
| | |hls_sprayd|sprayd|{bgcolor:red}High Security{bgcolor}|Disable sprayd in /etc/inetd.conf: Comments the entry for sprayd daemon in /etc/inetd.conf and kills all instances of sprayd |/etc/security/aixpert/bin/cominetdconf |sprayd udp d hls_sprayd |/etc/inetd.conf Settings | |
| | |mls_sprayd|sprayd|{bgcolor:purple}Medium Security{bgcolor}|Disable sprayd in /etc/inetd.conf: Comments the entry for sprayd daemon in /etc/inetd.conf and kills all instances of sprayd |/etc/security/aixpert/bin/cominetdconf |sprayd udp d mls_sprayd |/etc/inetd.conf Settings | |
| | |dls_sprayd|sprayd|{bgcolor:green}Default{bgcolor}|Disable sprayd in /etc/inetd.conf: Comments the entry for sprayd daemon in /etc/inetd.conf and kills all instances of sprayd |/etc/security/aixpert/bin/cominetdconf |sprayd udp d dls_sprayd |/etc/inetd.conf Settings | |
| | |hls_pcnfsd|pcnfsd|{bgcolor:red}High Security{bgcolor}|Disable pcnfsd in /etc/inetd.conf: Comments the entry for pcnfsd daemon in /etc/inetd.conf and kills all instances of pcnfsd |/etc/security/aixpert/bin/cominetdconf |pcnfsd udp d hls_pcnfsd |/etc/inetd.conf Settings | |
| | |dls_pcnfsd|pcnfsd|{bgcolor:green}Default{bgcolor}|Disable pcnfsd in /etc/inetd.conf: Comments the entry for pcnfsd daemon in /etc/inetd.conf and kills all instances of pcnfsd |/etc/security/aixpert/bin/cominetdconf |pcnfsd udp d dls_pcnfsd |/etc/inetd.conf Settings | |
| | |hls_tcpecho|tcpecho|{bgcolor:red}High Security{bgcolor}|Disable TCP echo service in /etc/inetd.conf: Comments the entry for TCP Echo service in /etc/inetd.confand kills all instances of echo(tcp) |/etc/security/aixpert/bin/cominetdconf |echo tcp d hls_tcpecho |/etc/inetd.conf Settings | |
| | |dls_tcpecho|tcpecho|{bgcolor:green}Default{bgcolor}|Disable TCP echo service in /etc/inetd.conf: Comments the entry for TCP Echo service in /etc/inetd.confand kills all instances of echo(tcp) |/etc/security/aixpert/bin/cominetdconf |echo tcp d dls_tcpecho |/etc/inetd.conf Settings | |
| | |hls_tcpdiscard|tcpdiscard|{bgcolor:red}High Security{bgcolor}|Disable TCP Discard service in /etc/inetd.conf: Comments the entry for TCP Discard service in /etc/inetd.conf and kills all instances of discard(tcp) |/etc/security/aixpert/bin/cominetdconf |discard tcp d hls_tcpdiscard |/etc/inetd.conf Settings | |
| | |dls_tcpdiscard|tcpdiscard|{bgcolor:green}Default{bgcolor}|Disable TCP Discard service in /etc/inetd.conf: Comments the entry for TCP Discard service in /etc/inetd.conf and kills all instances of discard(tcp) |/etc/security/aixpert/bin/cominetdconf |discard tcp d dls_tcpdiscard |/etc/inetd.conf Settings | |
| | |hls_tcpchargen|tcpchargen|{bgcolor:red}High Security{bgcolor}|Disable TCP chargen service in /etc/inetd.conf: Comments the entry for TCP Chargen service in /etc/inetd.confand kills all instances of chargen(tcp) |/etc/security/aixpert/bin/cominetdconf |chargen tcp d hls_tcpchargen |/etc/inetd.conf Settings | |
| | |dls_tcpchargen|tcpchargen|{bgcolor:green}Default{bgcolor}|Disable TCP chargen service in /etc/inetd.conf: Comments the entry for TCP Chargen service in /etc/inetd.confand kills all instances of chargen(tcp) |/etc/security/aixpert/bin/cominetdconf |chargen tcp d dls_tcpchargen |/etc/inetd.conf Settings | |
| | |hls_tcpdaytime|tcpdaytime|{bgcolor:red}High Security{bgcolor}|Disable TCP daytime service in /etc/inetd.conf: Comments the entry for TCP Daytime service in /etc/inetd.confand kills all instances of daytime(tcp) |/etc/security/aixpert/bin/cominetdconf |daytime tcp d hls_tcpdaytime |/etc/inetd.conf Settings | |
| | |dls_tcpdaytime|tcpdaytime|{bgcolor:green}Default{bgcolor}|Enable TCP daytime service in /etc/inetd.conf: Comments the entry for TCP Daytime service in /etc/inetd.confand kills all instances of daytime(tcp) |/etc/security/aixpert/bin/cominetdconf |daytime tcp a dls_tcpdaytime |/etc/inetd.conf Settings | |
| | |hls_tcptime|tcptime|{bgcolor:red}High Security{bgcolor}|Disable TCP time service in /etc/inetd.conf: Comments the entry for TCP Time service in /etc/inetd.conf and kills all instances of timed(tcp) |/etc/security/aixpert/bin/cominetdconf |time tcp d hls_tcptime |/etc/inetd.conf Settings | |
| | |dls_tcptime|tcptime|{bgcolor:green}Default{bgcolor}|Enable TCP time service in /etc/inetd.conf: Uncomments the entry for TCP Time service in /etc/inetd.conf and starts timed(tcp) |/etc/security/aixpert/bin/cominetdconf |time tcp a dls_tcptime |/etc/inetd.conf Settings | |
| | |hls_udpecho|udpecho|{bgcolor:red}High Security{bgcolor}|Disable UDP Echo service in /etc/inetd.conf: Comments the entry for UDP Echo service in /etc/inetd.conf and kills all instances of UDP echo |/etc/security/aixpert/bin/cominetdconf |echo udp d hls_udpecho |/etc/inetd.conf Settings | |
| | |dls_udpecho|udpecho|{bgcolor:green}Default{bgcolor}|Disable UDP Echo service in /etc/inetd.conf: Comments the entry for UDP Echo service in /etc/inetd.conf and kills all instances of UDP echo |/etc/security/aixpert/bin/cominetdconf |echo udp d dls_udpecho |/etc/inetd.conf Settings | |
| | |hls_udpdiscard|udpdiscard|{bgcolor:red}High Security{bgcolor}|Disable UDP discard service in /etc/inetd.conf: Comments the entry for UDP Discard service in /etc/inetd.conf and kills all instances of UDP discard |/etc/security/aixpert/bin/cominetdconf |discard udp d hls_udpdiscard |/etc/inetd.conf Settings | |
| | |dls_udpdiscard|udpdiscard|{bgcolor:green}Default{bgcolor}|Disable UDP discard service in /etc/inetd.conf: Comments the entry for UDP Discard service in /etc/inetd.conf and kills all instances of UDP discard |/etc/security/aixpert/bin/cominetdconf |discard udp d dls_udpdiscard |/etc/inetd.conf Settings | |
| | |hls_udpchargen|udpchargen|{bgcolor:red}High Security{bgcolor}|Disable UDP chargen service in /etc/inetd.conf: Comments the entry for UDP Chargen service in /etc/inetd.conf and kills all instances of chargen |/etc/security/aixpert/bin/cominetdconf |chargen udp d hls_udpchargen |/etc/inetd.conf Settings | |
| | |dls_udpchargen|udpchargen|{bgcolor:green}Default{bgcolor}|Disable UDP chargen service in /etc/inetd.conf: Comments the entry for UDP Chargen service in /etc/inetd.conf and kills all instances of chargen |/etc/security/aixpert/bin/cominetdconf |chargen udp d dls_udpchargen |/etc/inetd.conf Settings | |
| | |hls_udpdaytime|udpdaytime|{bgcolor:red}High Security{bgcolor}|Disable UDP daytime service in /etc/inetd.conf: Comments the entry for UDP Daytime service in /etc/inetd.conf and kills all instances of daytime |/etc/security/aixpert/bin/cominetdconf |daytime udp d hls_udpdaytime |/etc/inetd.conf Settings | |
| | |dls_udpdaytime|udpdaytime|{bgcolor:green}Default{bgcolor}|Enable UDP daytime service in /etc/inetd.conf: Uncomments the entry for UDP Daytime service in /etc/inetd.conf and starts the daytime service |/etc/security/aixpert/bin/cominetdconf |daytime udp a dls_udpdaytime |/etc/inetd.conf Settings | |
| | |hls_udptime|udptime|{bgcolor:red}High Security{bgcolor}|Disable UDP time service in /etc/inetd.conf: Comments the entry for UDP Time service in /etc/inetd.conf and kills all instances of time service(udp) |/etc/security/aixpert/bin/cominetdconf |time udp d hls_udptime |/etc/inetd.conf Settings | |
| | |dls_udptime|udptime|{bgcolor:green}Default{bgcolor}|Enable UDP time service in /etc/inetd.conf: Uncomments the entry for UDP Time service in /etc/inetd.conf and starts the time service(udp) |/etc/security/aixpert/bin/cominetdconf |time udp a dls_udptime |/etc/inetd.conf Settings | |
| | |hls_ftp|ftp|{bgcolor:red}High Security{bgcolor}|Disable FTP: Comments the entry for ftpd daemon in /etc/inetd.conf and kills all instances of ftpd |/etc/security/aixpert/bin/cominetdconf |ftp tcp d hls_ftp |/etc/inetd.conf Settings | |
| | |dls_ftp|ftp|{bgcolor:green}Default{bgcolor}|Enable FTP: Uncomments the entry for ftpd daemon in /etc/inetd.conf and starts ftpd daemon starts ftpd daemon |/etc/security/aixpert/bin/cominetdconf |ftp tcp a dls_ftp |/etc/inetd.conf Settings | |
| | |hls_telnet|telnet|{bgcolor:red}High Security{bgcolor}|Disable telnet: Comments the entry for telnetd daemon in /etc/inetd.conf and kills all instances of telnetd |/etc/security/aixpert/bin/cominetdconf |telnet tcp d hls_telnet |/etc/inetd.conf Settings | |
| | |dls_telnet|telnet|{bgcolor:green}Default{bgcolor}|Enable telnet: Uncomments the entry for telnetd daemon in /etc/inetd.conf and starts telnetd daemon |/etc/security/aixpert/bin/cominetdconf |telnet tcp a dls_telnet |/etc/inetd.conf Settings | |
| | |hls_imapd|imapd|{bgcolor:red}High Security{bgcolor}|Disable IMAPD: Comments the entry for imapd daemon in /etc/inetd.conf and kills all instances of imapd |/etc/security/aixpert/bin/cominetdconf |imap2 tcp d hls_imapd |/etc/inetd.conf Settings | |
| | |dls_imapd|imapd|{bgcolor:green}Default{bgcolor}|Disable IMAPD: Comments the entry for imapd daemon in /etc/inetd.conf and kills all instances of imapd |/etc/security/aixpert/bin/cominetdconf |imap2 tcp d dls_imapd |/etc/inetd.conf Settings | |
| | |hls_pop3d|pop3d|{bgcolor:red}High Security{bgcolor}|Disable POP3D: Comments the entry for pop3d daemon in /etc/inetd.conf and kills all instances of pop3d |/etc/security/aixpert/bin/cominetdconf |pop3 tcp d hls_pop3d |/etc/inetd.conf Settings | |
| | |dls_pop3d|pop3d|{bgcolor:green}Default{bgcolor}|Disable POP3D: Comments the entry for pop3d daemon in /etc/inetd.conf and kills all instances of pop3d |/etc/security/aixpert/bin/cominetdconf |pop3 tcp d dls_pop3d |/etc/inetd.conf Settings | |
| | |hls_dtspc|dtspc|{bgcolor:red}High Security{bgcolor}|Disable dtspc in /etc/inetd.conf: Comments the entry for dtspc daemon in /etc/inetd.conf when LFT is not configured and CDE is disabled in /etc/inittab, also kills all the instances of dtspc daemon |/etc/security/aixpert/bin/cominetdconf |dtspc tcp d hls_dtspc |/etc/inetd.conf Settings | |
| | |dls_dtspc|dtspc|{bgcolor:green}Default{bgcolor}|Disable dtspc in /etc/inetd.conf: Comments the entry for dtspc daemon in /etc/inetd.conf when LFT is not configured and CDE is disabled in /etc/inittab, also kills all the instances of dtspc daemon |/etc/security/aixpert/bin/cominetdconf |dtspc tcp d dls_dtspc |/etc/inetd.conf Settings | |
| | |hls_ttdbserver|ttdbserver|{bgcolor:red}High Security{bgcolor}|Disable ttdbserver service in /etc/inetd.conf: Comments the entry for ttdbserver service in /etc/inetd.conf and kills all instances of ttdbserver service |/etc/security/aixpert/bin/cominetdconf |ttdbserver tcp d hls_ttdbserver |/etc/inetd.conf Settings | |
| | |dls_ttdbserver|ttdbserver|{bgcolor:green}Default{bgcolor}|Enable ttdbserver service in /etc/inetd.conf: Uncomments the entry for ttdbserver service in /etc/inetd.conf and starts ttdbserver service |/etc/security/aixpert/bin/cominetdconf |ttdbserver tcp a dls_ttdbserver |/etc/inetd.conf Settings | |
| | |hls_cmsd|cmsd|{bgcolor:red}High Security{bgcolor}|Disable cmsd service in /etc/inetd.conf: Comments the entry for cmsd service in /etc/inetd.conf and kills all instances of cmsd service |/etc/security/aixpert/bin/cominetdconf |cmsd udp d hls_cmsd |/etc/inetd.conf Settings | |
| | |dls_cmsd|cmsd|{bgcolor:green}Default{bgcolor}|Enable cmsd service in /etc/inetd.conf: Uncomments the entry for cmsd service in /etc/inetd.conf and starts cmsd service |/etc/security/aixpert/bin/cominetdconf |cmsd udp a dls_cmsd |/etc/inetd.conf Settings | |
| | |hls_rmsuidfrmrcmds|rmsuidfrmrcmds|{bgcolor:red}High Security{bgcolor}|Removes SUID from remote commands: Removes SUID from remote commands rcp, rdist, rexec, remsh, rlogin and rsh |/etc/security/aixpert/bin/rmsuidfrmrcmds |r hls_rmsuidfrmrcmds |Disable SUID of commands | |
| | |mls_rmsuidfrmrcmds|rmsuidfrmrcmds|{bgcolor:purple}Medium Security{bgcolor}|Removes SUID from remote commands: Removes SUID from remote commands rcp, rdist, rexec, remsh, rlogin and rsh |/etc/security/aixpert/bin/rmsuidfrmrcmds |r mls_rmsuidfrmrcmds |Disable SUID of commands | |
| | |lls_rmsuidfrmrcmds|rmsuidfrmrcmds|{bgcolor:cyan}Low Security{bgcolor}|Removes SUID from remote commands: Removes SUID from remote commands rcp, rdist, rexec, remsh, rlogin and rsh |/etc/security/aixpert/bin/rmsuidfrmrcmds |r lls_rmsuidfrmrcmds |Disable SUID of commands | |
| | |dls_rmsuidfrmrcmds|rmsuidfrmrcmds|{bgcolor:green}Default{bgcolor}|Set SUID of remote commands: Sets SUID of remote commands rcp, rdist, rexec, remsh, rlogin and rsh |/etc/security/aixpert/bin/rmsuidfrmrcmds |s dls_rmsuidfrmrcmds |Disable SUID of commands | |
| | |hls_filepermgr|filepermgr|{bgcolor:red}High Security{bgcolor}|File Permissions Manager: Runs fpm comamnd with high option to remove setuid, setgid from privileged commands |/etc/security/aixpert/bin/filepermgr |h hls_filepermgr |Disable SUID of commands | |
| | |mls_filepermgr|filepermgr|{bgcolor:purple}Medium Security{bgcolor}|File Permissions Manager: Runs fpm comamnd with medium option to remove setuid, setgid from privileged commands |/etc/security/aixpert/bin/filepermgr |m mls_filepermgr |Disable SUID of commands | |
| | |lls_filepermgr|filepermgr|{bgcolor:cyan}Low Security{bgcolor} |File Permissions Manager: Runs fpm comamnd with low option to remove setuid from privileged commands |/etc/security/aixpert/bin/filepermgr |l lls_filepermgr |Disable SUID of commands | |
| | |dls_filepermgr|filepermgr|{bgcolor:green}Default{bgcolor}|File Permissions Manager: Runs fpm comamnd with default option to restore back the setuid, setgid on the privileged commands |/etc/security/aixpert/bin/filepermgr |d dls_filepermgr |Disable SUID of commands | |
| | |hls_disablenfs|disablenfs|{bgcolor:red}High Security{bgcolor}|Stop NFS daemon: Removes NFS mounts, stops NFS daemons and removes NFS from startup |/etc/security/aixpert/bin/nfsconfig |d hls_disablenfs |Disable remote services | |
| | |dls_disablenfs|disablenfs|{bgcolor:green}Default{bgcolor}|Enable NFS daemon: Enables NFS mounts, starts NFS daemons and enables NFS from startup |/etc/security/aixpert/bin/nfsconfig |e dls_disablenfs |Disable remote services | |
| | |hls_disrmtcmds|disrmtcmds|{bgcolor:red}High Security{bgcolor}|Disable unsecure commands: Disables unsecure commands rlogin, rsh, rcp and tftp |/etc/security/aixpert/bin/disrmtcmds |d hls_disrmtcmds |Disable remote services | |
| | |mls_disrmtcmds|disrmtcmds|{bgcolor:purple}Medium Security{bgcolor}|Disable unsecure commands: Disables unsecure commands rlogin, rsh, rcp and tftp |/etc/security/aixpert/bin/disrmtcmds |d mls_disrmtcmds |Disable remote services | |
| | |dls_disrmtcmds|disrmtcmds|{bgcolor:green}Default{bgcolor}|Enable unsecure commands: Enables unsecure commands rlogin, rsh, rcp and tftp |/etc/security/aixpert/bin/disrmtcmds |e dls_disrmtcmds |Disable remote services | |
| | |hls_disrmtdmns|disrmtdmns|{bgcolor:red}High Security{bgcolor}|Disable unsecure daemons: Disables unsecure daemons rlogind, rshd, and tftpd |/etc/security/aixpert/bin/disrmtdmns |d hls_disrmtdmns |Disable remote services | |
| | |mls_disrmtdmns|disrmtdmns|{bgcolor:purple}Medium Security{bgcolor}|Disable unsecure daemons: Disables unsecure daemons rlogind, rshd, and tftpd |/etc/security/aixpert/bin/disrmtdmns |d mls_disrmtdmns |Disable remote services | |
| | |dls_disrmtdmns|disrmtdmns|{bgcolor:green}Default{bgcolor}|Enable unsecure daemons: Enables unsecure daemons rlogind, rshd, and tftpd |/etc/security/aixpert/bin/disrmtdmns |e dls_disrmtdmns |Disable remote services | |
| | |hls_rmrhostsnetrc|rmrhostsnetrc|{bgcolor:red}High Security{bgcolor}|Remove rhosts and netrc services: Removes .rhosts and .netrc files from user's home directory |/etc/security/aixpert/bin/rmrhostsnetrc |h hls_rmrhostsnetrc |Remove unauthorized access | |
| | |mls_rmrhostsnetrc|rmrhostsnetrc|{bgcolor:purple}Medium Security{bgcolor}|Remove rhosts and netrc services: Removes .rhosts and .netrc files from user's home directory |/etc/security/aixpert/bin/rmrhostsnetrc |m mls_rmrhostsnetrc |Remove unauthorized access | |
| | |lls_rmrhostsnetrc|rmrhostsnetrc|{bgcolor:cyan}Low Security{bgcolor}|Remove rhosts and netrc services: Removes .rhosts and .netrc files from user's home directory |/etc/security/aixpert/bin/rmrhostsnetrc |l lls_rmrhostsnetrc |Remove unauthorized access | |
| | |dls_rmrhostsnetrc|rmrhostsnetrc|{bgcolor:green}Default{bgcolor}|Remove rhosts and netrc services: Removes .rhosts and .netrc files from user's home directory |/etc/security/aixpert/bin/rmrhostsnetrc |d dls_rmrhostsnetrc |Remove unauthorized access | |
| | |hls_rmetchostsequiv|rmetchostsequiv|{bgcolor:red}High Security{bgcolor}|Remove entries from /etc/hosts.equiv file: Removes entries from /etc/hosts.equiv file |/etc/security/aixpert/bin/rmetchostsequiv |hls_rmetchostsequiv |Remove unauthorized access | |
| | |mls_rmetchostsequiv|rmetchostsequiv|{bgcolor:purple}Medium Security{bgcolor}|Remove entries from /etc/hosts.equiv file: Removes entries from /etc/hosts.equiv file |/etc/security/aixpert/bin/rmetchostsequiv |mls_rmetchostsequiv |Remove unauthorized access | |
| | |lls_rmetchostsequiv|rmetchostsequiv|{bgcolor:cyan}Low Security{bgcolor}|Remove entries from /etc/hosts.equiv file: Removes entries from /etc/hosts.equiv file |/etc/security/aixpert/bin/rmetchostsequiv |lls_rmetchostsequiv |Remove unauthorized access | |
| | |dls_rmetchostsequiv|rmetchostsequiv|{bgcolor:green}Default{bgcolor}|Remove entries from /etc/hosts.equiv file: Removes entries from /etc/hosts.equiv file |/etc/security/aixpert/bin/rmetchostsequiv |dls_rmetchostsequiv |Remove unauthorized access | |
| | |hls_bcastping|bcastping|{bgcolor:red}High Security{bgcolor}|Network option bcastping: Set network option bcastping's value to 0 |/etc/security/aixpert/bin/ntwkopts |bcastping=0 s hls_bcastping |Tune network options | |
| | |mls_bcastping|bcastping|{bgcolor:purple}Medium Security{bgcolor}|Network option bcastping: Set network option bcastping's value to 0 |/etc/security/aixpert/bin/ntwkopts |bcastping=0 s mls_bcastping |Tune network options | |
| | |lls_bcastping|bcastping|{bgcolor:cyan}Low Security{bgcolor}|Network option bcastping: Set network option bcastping's value to 0 |/etc/security/aixpert/bin/ntwkopts |bcastping=0 s lls_bcastping |Tune network options | |
| | |dls_bcastping|bcastping|{bgcolor:green}Default{bgcolor}|Network option bcastping: Set network option bcastping to default value |/etc/security/aixpert/bin/ntwkopts |bcastping=NULL d dls_bcastping |Tune network options | |
| | |hls_clean_partial_conns|clean_partial_conns|{bgcolor:red}High Security{bgcolor}|Network option clean_partial_conns: Set network option clean_partial_conns's value to 1 |/etc/security/aixpert/bin/ntwkopts |clean_partial_conns=1 s hls_clean_partial_conns |Tune network options | |
| | |mls_clean_partial_conns|clean_partial_conns|{bgcolor:purple}Medium Security{bgcolor}|Network option clean_partial_conns: Set network option clean_partial_conns's value to 1 |/etc/security/aixpert/bin/ntwkopts |clean_partial_conns=1 s mls_clean_partial_conns |Tune network options | |
| | |lls_clean_partial_conns|clean_partial_conns|{bgcolor:cyan}Low Security{bgcolor}|Network option clean_partial_conns: Set network option clean_partial_conns's value to 1 |/etc/security/aixpert/bin/ntwkopts |clean_partial_conns=1 s lls_clean_partial_conns |Tune network options | |
| | |dls_clean_partial_conns|clean_partial_conns|{bgcolor:green}Default{bgcolor}|Network option clean_partial_conns: Set network option clean_partial_conns to default value |/etc/security/aixpert/bin/ntwkopts |clean_partial_conns=NULL d dls_clean_partial_conns |Tune network options | |
| | |hls_directed_broadcast|directed_broadcast|{bgcolor:red}High Security{bgcolor}|Network option directed_broadcast: Set network option directed_broadcast's value to 0 |/etc/security/aixpert/bin/ntwkopts |directed_broadcast=0 s hls_directed_broadcast |Tune network options | |
| | |mls_directed_broadcast|directed_broadcast|{bgcolor:purple}Medium Security{bgcolor}|Network option directed_broadcast: Set network option directed_broadcast's value to 0 |/etc/security/aixpert/bin/ntwkopts |directed_broadcast=0 s mls_directed_broadcast |Tune network options | |
| | |lls_directed_broadcast|directed_broadcast|{bgcolor:cyan}Low Security{bgcolor}|Network option directed_broadcast: Set network option directed_broadcast's value to 0 |/etc/security/aixpert/bin/ntwkopts |directed_broadcast=0 s lls_directed_broadcast |Tune network options | |
| | |dls_directed_broadcast|directed_broadcast|{bgcolor:green}Default{bgcolor}|Network option directed_broadcast: Set network option directed_broadcast to default value |/etc/security/aixpert/bin/ntwkopts |directed_broadcast=NULL d dls_directed_broadcast |Tune network options | |
| | |hls_icmpaddressmask|icmpaddressmask|{bgcolor:red}High Security{bgcolor}|Network option icmpaddressmask: Set network option icmpaddressmask's value to 0 |/etc/security/aixpert/bin/ntwkopts |icmpaddressmask=0 s hls_icmpaddressmask |Tune network options | |
| | |mls_icmpaddressmask|icmpaddressmask|{bgcolor:purple}Medium Security{bgcolor}|Network option icmpaddressmask: Set network option icmpaddressmask's value to 0 |/etc/security/aixpert/bin/ntwkopts |icmpaddressmask=0 s mls_icmpaddressmask |Tune network options | |
| | |lls_icmpaddressmask|icmpaddressmask|{bgcolor:cyan}Low Security{bgcolor}|Network option icmpaddressmask: Set network option icmpaddressmask's value to 0 |/etc/security/aixpert/bin/ntwkopts |icmpaddressmask=0 s lls_icmpaddressmask |Tune network options | |
| | |dls_icmpaddressmask|icmpaddressmask|{bgcolor:green}Default{bgcolor}|Network option icmpaddressmask: Set network option icmpaddressmask to default value |/etc/security/aixpert/bin/ntwkopts |icmpaddressmask=NULL d dls_icmpaddressmask |Tune network options | |
| | |hls_ipforwarding|ipforwarding|{bgcolor:red}High Security{bgcolor}|Network option ipforwarding: Set network option ipforwarding's value to 0 |/etc/security/aixpert/bin/ntwkopts |ipforwarding=0 s hls_ipforwarding |Tune network options | |
| | |dls_ipforwarding|ipforwarding|{bgcolor:green}Default{bgcolor}|Network option ipforwarding: Set network option ipforwarding to default value |/etc/security/aixpert/bin/ntwkopts |ipforwarding=NULL d dls_ipforwarding |Tune network options | |
| | |hls_ipignoreredirects|ipignoreredirects|{bgcolor:red}High Security{bgcolor}|Network option ipignoreredirects: Set network option ipignoreredirects's value to 1 |/etc/security/aixpert/bin/ntwkopts |ipignoreredirects=1 s hls_ipignoreredirects |Tune network options | |
| | |dls_ipignoreredirects|ipignoreredirects|{bgcolor:green}Default{bgcolor}|Network option ipignoreredirects: Set network option ipignoreredirects to default value |/etc/security/aixpert/bin/ntwkopts |ipignoreredirects=NULL d dls_ipignoreredirects |Tune network options | |
| | |hls_ipsendredirects|ipsendredirects|{bgcolor:red}High Security{bgcolor}|Network option ipsendredirects: Set network option ipsendredirects's value to 0 |/etc/security/aixpert/bin/ntwkopts |ipsendredirects=0 s hls_ipsendredirects |Tune network options | |
| | |dls_ipsendredirects|ipsendredirects|{bgcolor:green}Default{bgcolor}|Network option ipsendredirects: Set network option ipsendredirects to default value |/etc/security/aixpert/bin/ntwkopts |ipsendredirects=NULL d dls_ipsendredirects |Tune network options | |
| | |hls_ipsrcrouteforward|ipsrcrouteforward|{bgcolor:red}High Security{bgcolor}|Network option ipsrcrouteforward: Set network option ipsrcrouteforward's value to 0 |/etc/security/aixpert/bin/ntwkopts |ipsrcrouteforward=0 s hls_ipsrcrouteforward |Tune network options | |
| | |mls_ipsrcrouteforward|ipsrcrouteforward|{bgcolor:purple}Medium Security{bgcolor}|Network option ipsrcrouteforward: Set network option ipsrcrouteforward's value to 0 |/etc/security/aixpert/bin/ntwkopts |ipsrcrouteforward=0 s mls_ipsrcrouteforward |Tune network options | |
| | |dls_ipsrcrouteforward|ipsrcrouteforward|{bgcolor:green}Default{bgcolor}|Network option ipsrcrouteforward: Set network option ipsrcrouteforward to default value |/etc/security/aixpert/bin/ntwkopts |ipsrcrouteforward=NULL d dls_ipsrcrouteforward |Tune network options | |
| | |hls_ipsrcrouterecv|ipsrcrouterecv|{bgcolor:red}High Security{bgcolor}|Network option ipsrcrouterecv: Set network option ipsrcrouterecv's value to 0 |/etc/security/aixpert/bin/ntwkopts |ipsrcrouterecv=0 s hls_ipsrcrouterecv |Tune network options | |
| | |mls_ipsrcrouterecv|ipsrcrouterecv |{bgcolor:purple}Medium Security{bgcolor}|Network option ipsrcrouterecv: Set network option ipsrcrouterecv's value to 0 |/etc/security/aixpert/bin/ntwkopts |ipsrcrouterecv=0 s mls_ipsrcrouterecv |Tune network options | |
| | |dls_ipsrcrouterecv|ipsrcrouterecv |{bgcolor:green}Default{bgcolor}|Network option ipsrcrouterecv: Set network option ipsrcrouterecv to default value |/etc/security/aixpert/bin/ntwkopts |ipsrcrouterecv=NULL d dls_ipsrcrouterecv |Tune network options | |
| | |hls_ipsrcroutesend|ipsrcroutesend|{bgcolor:red}High Security{bgcolor}|Network option ipsrcroutesend: Set network option ipsrcroutesend's value to 0 |/etc/security/aixpert/bin/ntwkopts |ipsrcroutesend=0 s hls_ipsrcroutesend |Tune network options | |
| | |dls_ipsrcroutesend|ipsrcroutesend|{bgcolor:green}Default{bgcolor}|Network option ipsrcroutesend: Set network option ipsrcroutesend to default value |/etc/security/aixpert/bin/ntwkopts |ipsrcroutesend=NULL d dls_ipsrcroutesend |Tune network options | |
| | |hls_ip6srcrouteforward|ip6srcrouteforward|{bgcolor:red}High Security{bgcolor}|Network option ip6srcrouteforward: Set network option ip6srcrouteforward's value to 0 |/etc/security/aixpert/bin/ntwkopts |ip6srcrouteforward=0 s hls_ip6srcrouteforward |Tune network options | |
| | |dls_ip6srcrouteforward|ip6srcrouteforward|{bgcolor:green}Default{bgcolor}|Network option ip6srcrouteforward: Set network option ip6srcrouteforward to default value |/etc/security/aixpert/bin/ntwkopts |ip6srcrouteforward=NULL d dls_ip6srcrouteforward |Tune network options | |
| | |hls_nonlocsrcroute|nonlocsrcroute|{bgcolor:red}High Security{bgcolor}|Network option nonlocsrcroute: Set network option nonlocsrcroute's value to 0 |/etc/security/aixpert/bin/ntwkopts |nonlocsrcroute=0 s hls_nonlocsrcroute |Tune network options | |
| | |mls_nonlocsrcroute|nonlocsrcroute|{bgcolor:purple}Medium Security{bgcolor}|Network option nonlocsrcroute: Set network option nonlocsrcroute's value to 0 |/etc/security/aixpert/bin/ntwkopts |nonlocsrcroute=0 s mls_nonlocsrcroute |Tune network options | |
| | |dls_nonlocsrcroute|nonlocsrcroute|{bgcolor:green}Default{bgcolor}|Network option nonlocsrcroute: Set network option nonlocsrcroute to default value |/etc/security/aixpert/bin/ntwkopts |nonlocsrcroute=NULL d dls_nonlocsrcroute |Tune network options | |
| | |hls_tcp_pmtu_discover|tcp_pmtu_discover|{bgcolor:red}High Security{bgcolor}|Network option tcp_pmtu_discover: Set network option tcp_pmtu_discover's value to 0 |/etc/security/aixpert/bin/ntwkopts |tcp_pmtu_discover=0 s hls_tcp_pmtu_discover |Tune network options | |
| | |mls_tcp_pmtu_discover|tcp_pmtu_discover|{bgcolor:purple}Medium Security{bgcolor}|Network option tcp_pmtu_discover: Set network option tcp_pmtu_discover's value to 0 |/etc/security/aixpert/bin/ntwkopts |tcp_pmtu_discover=0 s mls_tcp_pmtu_discover |Tune network options | |
| | |lls_tcp_pmtu_discover|tcp_pmtu_discover|{bgcolor:cyan}Low Security{bgcolor}|Network option tcp_pmtu_discover: Set network option tcp_pmtu_discover's value to 0 |/etc/security/aixpert/bin/ntwkopts |tcp_pmtu_discover=0 s lls_tcp_pmtu_discover |Tune network options | |
| | |dls_tcp_pmtu_discover|tcp_pmtu_discover|{bgcolor:purple}Medium Security{bgcolor}|Network option tcp_pmtu_discover: Set network option tcp_pmtu_discover to default value |/etc/security/aixpert/bin/ntwkopts |tcp_pmtu_discover=NULL d dls_tcp_pmtu_discover |Tune network options | |
| | |hls_udp_pmtu_discover|udp_pmtu_discover|{bgcolor:red}High Security{bgcolor}|Network option udp_pmtu_discover: Set network option udp_pmtu_discover's value to 0 |/etc/security/aixpert/bin/ntwkopts |udp_pmtu_discover=0 s hls_udp_pmtu_discover |Tune network options | |
| | |mls_udp_pmtu_discover|udp_pmtu_discover|{bgcolor:purple}Medium Security{bgcolor}|Network option udp_pmtu_discover: Set network option udp_pmtu_discover's value to 0 |/etc/security/aixpert/bin/ntwkopts |udp_pmtu_discover=0 s mls_udp_pmtu_discover |Tune network options | |
| | |lls_udp_pmtu_discover|udp_pmtu_discover|{bgcolor:cyan}Low Security{bgcolor}|Network option udp_pmtu_discover: Set network option udp_pmtu_discover's value to 0 |/etc/security/aixpert/bin/ntwkopts |udp_pmtu_discover=0 s lls_udp_pmtu_discover |Tune network options | |
| | |dls_udp_pmtu_discover|udp_pmtu_discover|{bgcolor:green}Default{bgcolor}|Network option udp_pmtu_discover: Set network option udp_pmtu_discover to default value |/etc/security/aixpert/bin/ntwkopts |udp_pmtu_discover=NULL d dls_udp_pmtu_discover |Tune network options | |
| | |hls_tcp_sendspace|tcp_sendspace|{bgcolor:red}High Security{bgcolor}|Network option tcp_sendspace: Set network option tcp_sendspace's value to 262144 |/etc/security/aixpert/bin/ntwkopts |tcp_sendspace=262144 s hls_tcp_sendspace |Tune network options | |
| | |mls_tcp_sendspace|tcp_sendspace|{bgcolor:purple}Medium Security{bgcolor}|Network option tcp_sendspace: Set network option tcp_sendspace's value to 262144 |/etc/security/aixpert/bin/ntwkopts |tcp_sendspace=262144 s mls_tcp_sendspace |Tune network options | |
| | |lls_tcp_sendspace|tcp_sendspace|{bgcolor:cyan}Low Security{bgcolor}|Network option tcp_sendspace: Set network option tcp_sendspace's value to 262144 |/etc/security/aixpert/bin/ntwkopts |tcp_sendspace=262144 s lls_tcp_sendspace |Tune network options | |
| | |dls_tcp_sendspace|tcp_sendspace|{bgcolor:green}Default{bgcolor}|Network option tcp_sendspace: Set network option tcp_sendspace to default value |/etc/security/aixpert/bin/ntwkopts |tcp_sendspace=NULL d dls_tcp_sendspace |Tune network options | |
| | |hls_tcp_recvspace|tcp_recvspace|{bgcolor:red}High Security{bgcolor}|Network option tcp_recvspace: Set network option tcp_recvspace's value to 262144 |/etc/security/aixpert/bin/ntwkopts |tcp_recvspace=262144 s hls_tcp_recvspace |Tune network options | |
| | |mls_tcp_recvspace|tcp_recvspace|{bgcolor:purple}Medium Security{bgcolor}|Network option tcp_recvspace: Set network option tcp_recvspace's value to 262144 |/etc/security/aixpert/bin/ntwkopts |tcp_recvspace=262144 s mls_tcp_recvspace |Tune network options | |
| | |lls_tcp_recvspace|tcp_recvspace|{bgcolor:cyan}Low Security{bgcolor}|Network option tcp_recvspace: Set network option tcp_recvspace's value to 262144 |/etc/security/aixpert/bin/ntwkopts |tcp_recvspace=262144 s mls_tcp_recvspace |Tune network options | |
| | |hls_rfc1323|rfc1323|{bgcolor:red}High Security{bgcolor}|Network option rfc1323: Set network option rfc1323's value to 1 |/etc/security/aixpert/bin/ntwkopts |rfc1323=1 s hls_rfc1323 |Tune network options | |
| | |mls_rfc1323|rfc1323|{bgcolor:purple}Medium Security{bgcolor}|Network option rfc1323: Set network option rfc1323's value to 1 |/etc/security/aixpert/bin/ntwkopts |rfc1323=1 s mls_rfc1323 |Tune network options | |
| | |lls_rfc1323|rfc1323|{bgcolor:cyan}Low Security{bgcolor}|Network option rfc1323: Set network option rfc1323's value to 1 |/etc/security/aixpert/bin/ntwkopts |rfc1323=1 s lls_rfc1323 |Tune network options | |
| | |dls_rfc1323|rfc1323|{bgcolor:green}Default{bgcolor}|Network option rfc1323: Set network option rfc1323 to default value |/etc/security/aixpert/bin/ntwkopts |rfc1323=NULL d dls_rfc1323 |Tune network options | |
| | |hls_tcp_mssdflt|tcp_mssdflt|{bgcolor:red}High Security{bgcolor}|Network option tcp_mssdflt: Set network option tcp_mssdflt's value to 1448 |/etc/security/aixpert/bin/ntwkopts |tcp_mssdflt=1448 s hls_tcp_mssdflt |Tune network options | |
| | |mls_tcp_mssdflt|tcp_mssdflt|{bgcolor:purple}Medium Security{bgcolor}|Network option tcp_mssdflt: Set network option tcp_mssdflt's value to 1448 |/etc/security/aixpert/bin/ntwkopts |tcp_mssdflt=1448 s mls_tcp_mssdflt |Tune network options | |
| | |lls_tcp_mssdflt|tcp_mssdflt|{bgcolor:cyan}Low Security{bgcolor}|Network option tcp_mssdflt: Set network option tcp_mssdflt's value to 1448 |/etc/security/aixpert/bin/ntwkopts |tcp_mssdflt=1448 s lls_tcp_mssdflt |Tune network options | |
| | |dls_tcp_mssdflt|tcp_mssdflt|{bgcolor:green}Default{bgcolor}|Network option tcp_mssdflt: Set network option tcp_mssdflt to default value |/etc/security/aixpert/bin/ntwkopts |tcp_mssdflt=NULL d dls_tcp_mssdflt |Tune network options | |
| | |hls_sb_max|sb_max|{bgcolor:red}High Security{bgcolor}|Network option sb_max: Set network option sb_max's value to 1MB |/etc/security/aixpert/bin/ntwkopts |sb_max=1048576 s hls_sb_max |Tune network options | |
| | |mls_sb_max|sb_max|{bgcolor:purple}Medium Security{bgcolor}|Network option sb_max: Set network option sb_max's value to 1MB |/etc/security/aixpert/bin/ntwkopts |sb_max=1048576 s mls_sb_max |Tune network options | |
| | |lls_sb_max|sb_max|{bgcolor:cyan}Low Security{bgcolor}|Network option sb_max: Set network option sb_max's value to 1MB |/etc/security/aixpert/bin/ntwkopts |sb_max=1048576 s lls_sb_max |Tune network options | |
| | |dls_sb_max|sb_max|{bgcolor:green}Default{bgcolor}|Network option sb_max: Set network option sb_max to default value |/etc/security/aixpert/bin/ntwkopts |sb_max=1048576 s lls_sb_max |Tune network options | |
| | |hls_tcp_tcpsecure|tcp_tcpsecure|{bgcolor:red}High Security{bgcolor}|Network option tcp_tcpsecure: Set network option tcp_tcpsecure's value to 7 |/etc/security/aixpert/bin/ntwkopts |tcp_tcpsecure=7 s hls_tcp_tcpsecure |Tune network options | |
| | |mls_tcp_tcpsecure|tcp_tcpsecure|{bgcolor:purple}Medium Security{bgcolor}|Network option tcp_tcpsecure: Set network option tcp_tcpsecure's value to 7 |/etc/security/aixpert/bin/ntwkopts |tcp_tcpsecure=7 s mls_tcp_tcpsecure |Tune network options | |
| | |lls_tcp_tcpsecure|tcp_tcpsecure|{bgcolor:cyan}Low Security{bgcolor}|Network option tcp_tcpsecure: Set network option tcp_tcpsecure's value to 5 |/etc/security/aixpert/bin/ntwkopts |tcp_tcpsecure=5 s lls_tcp_tcpsecure |Tune network options | |
| | |dls_tcp_tcpsecure|tcp_tcpsecure|{bgcolor:green}Default{bgcolor}|Network option tcp_tcpsecure: Set network option tcp_tcpsecure to default value |/etc/security/aixpert/bin/ntwkopts |tcp_tcpsecure=NULL d dls_tcp_tcpsecure |Tune network options | |
| | |hls_sockthresh|sockthresh|{bgcolor:red}High Security{bgcolor}|Network option sockthresh: Set network option sockthresh's value to 60 |/etc/security/aixpert/bin/ntwkopts |sockthresh=60 s hls_sockthresh |Tune network options | |
| | |mls_sockthresh|sockthresh|{bgcolor:purple}Medium Security{bgcolor}|Network option sockthresh: Set network option sockthresh's value to 70 |/etc/security/aixpert/bin/ntwkopts |sockthresh=70 s mls_sockthresh |Tune network options | |
| | |lls_sockthresh|sockthresh|{bgcolor:cyan}Low Security{bgcolor}|Network option sockthresh: Set network option sockthresh's value to 85 |/etc/security/aixpert/bin/ntwkopts |sockthresh=85 s lls_sockthresh |Tune network options | |
| | |dls_sockthresh|sockthresh|{bgcolor:green}Default{bgcolor}|Network option sockthresh: Set network option sockthresh to default value |/etc/security/aixpert/bin/ntwkopts |sockthresh=NULL d dls_sockthresh |Tune network options | |
| | |hls_ipsecshunhost|ipsecshunhost|{bgcolor:red}High Security{bgcolor}|Shun host for 5 minutes: Shuns the hosts for 5 minutes, which tries to access un-used ports |/etc/security/aixpert/bin/ipsecshunhosthls |hls_ipsecshunhost |IPSec Filter Rules | |
| | |hls_ipsecshunports|ipsecshunports|{bgcolor:red}High Security{bgcolor}|Guard host against port scans: Shuns vulnerable ports for 5 minutes to guard the host against port scans |/etc/security/aixpert/bin/ipsecshunports |hls_ipsecshunport |IPSec Filter Rules | |
| | |mls_ipsecshunports|ipsecshunports|{bgcolor:purple}Medium Security{bgcolor}|Guard host against port scans: Shuns vulnerable ports for 5 minutes to guard the host against port scansh |/etc/security/aixpert/bin/ipsecshunports |mls_ipsecshunports |IPSec Filter Rules | |
| | |hls_umask|umask|{bgcolor:red}High Security{bgcolor}|Object creation permissions: Specifies default object creation permissions to 077 |/etc/security/aixpert/bin/chusrattr |umask=77 ALL hls_umask |Miscellaneous Rules | |
| | |mls_umask|umask|{bgcolor:purple}Medium Security{bgcolor}|Object creation permissions: Specifies default object creation permissions to 027 |/etc/security/aixpert/bin/chusrattr |umask=27 ALL mls_umask |Miscellaneous Rules | |
| | |dls_umask|umask|{bgcolor:green}Default{bgcolor}|Object creation permissions: Specifies default object creation permissions to 022 |/etc/security/aixpert/bin/chusrattr |umask=22 ALL dls_umask |Miscellaneous Rules | |
| | |hls_core|core|{bgcolor:red}High Security{bgcolor}|Set core file size: Specifies the core file size to 0 for root |/etc/security/aixpert/bin/chuserstanza |/etc/security/limits core=0 root hls_core |Miscellaneous Rules | |
| | |mls_core|core|{bgcolor:purple}Medium Security{bgcolor}|Set core file size: Specifies the core file size to 0 for root |/etc/security/aixpert/bin/chuserstanza |/etc/security/limits core=0 root mls_core |Miscellaneous Rules | |
| | |dls_core|core|{bgcolor:green}Default{bgcolor}|Set core file size: Specifies the core file size to default value for root |/etc/security/aixpert/bin/chuserstanza |/etc/security/limits core= root dls_core |Miscellaneous Rules | |
| | |hls_limitsysacc|limitsysacc|{bgcolor:red}High Security{bgcolor}|Limit system access: Makes root the only user in cron.allow file and removes the cron.deny file |/etc/security/aixpert/bin/limitsysacc |h hls_limitsysacc |Miscellaneous Rules | |
| | |dls_limitsysacc|limitsysacc|{bgcolor:green}Default{bgcolor}|Limit system access: Removes the file cron.allow and removes all entries in cron.deny file |/etc/security/aixpert/bin/limitsysacc |d dls_limitsysacc |Miscellaneous Rules | |
| | |hls_crontabperm|crontabperm|{bgcolor:red}High Security{bgcolor}|Crontab permissions: Ensures root's crontab jobs are owned and writable only by root |/etc/security/aixpert/bin/rootcrnjobck |hls_crontabperm |Miscellaneous Rules | |
| | |mls_crontabperm|crontabperm|{bgcolor:purple}Medium Security{bgcolor}|Crontab permissions: Ensures root's crontab jobs are owned and writable only by root |/etc/security/aixpert/bin/rootcrnjobck |mls_crontabperm |Miscellaneous Rules | |
| | |lls_crontabperm|crontabperm|{bgcolor:cyan}Low Security{bgcolor}|Crontab permissions: Ensures root's crontab jobs are owned and writable only by root |/etc/security/aixpert/bin/rootcrnjobck |lls_crontabperm |Miscellaneous Rules | |
| | |hls_loginherald|loginherald|{bgcolor:red}High Security{bgcolor}|Set login herald: Set login herald in default stanza |/etc/security/aixpert/bin/loginherald |a hls_loginherald |Miscellaneous Rules | |
| | |mls_loginherald|loginherald|{bgcolor:purple}Medium Security{bgcolor}|Set login herald: Set login herald in default stanza |/etc/security/aixpert/bin/loginherald |a mls_loginherald |Miscellaneous Rules | |
| | |lls_loginherald|loginherald|{bgcolor:cyan}Low Security{bgcolor}|Set login herald: Set login herald in default stanza |/etc/security/aixpert/bin/loginherald |a lls_loginherald |Miscellaneous Rules | |
| | |dls_loginherald|loginherald|{bgcolor:green}Default{bgcolor}|Set login herald: Remove login herald from default stanza |/etc/security/aixpert/bin/loginherald |d dls_loginherald |Miscellaneous Rules | |
| | |hls_rmdotfrmpathroot|rmdotfrmpathroot|{bgcolor:red}High Security{bgcolor}|Remove dot from path root: Remove dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in root's home directory |/etc/security/aixpert/bin/rmdotfrmpathroot |hls_rmdotfrmpathroot |Miscellaneous Rules | |
| | |mls_rmdotfrmpathroot|rmdotfrmpathroot|{bgcolor:purple}Medium Security{bgcolor}|Remove dot from path root: Remove dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in root's home directory |/etc/security/aixpert/bin/rmdotfrmpathroot |mls_rmdotfrmpathroot |Miscellaneous Rules | |
| | |lls_rmdotfrmpathroot|rmdotfrmpathroot|{bgcolor:cyan}Low Security{bgcolor}|Remove dot from path root: Remove dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in root's home directory |/etc/security/aixpert/bin/rmdotfrmpathroot |lls_rmdotfrmpathroot |Miscellaneous Rules | |
| | |dls_rmdotfrmpathroot|rmdotfrmpathroot|{bgcolor:green}Default{bgcolor}|Remove dot from path root: Remove dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in root's home directory |/etc/security/aixpert/bin/rmdotfrmpathroot |dls_rmdotfrmpathroot |Miscellaneous Rules | |
| | |hls_rmdotfrmpathnroot|rmdotfrmpathnroot|{bgcolor:red}High Security{bgcolor}|Remove dot from non-root path: Removes dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in user's home directory |/etc/security/aixpert/bin/rmdotfrmpathnroot |none |Miscellaneous Rules | |
| | |dls_rmdotfrmpathnroot|rmdotfrmpathnroot|{bgcolor:green}Default{bgcolor}|Remove dot from non-root path: Removes dot from PATH environment variable from files .profile, .kshrc, .cshrc and .login in user's home directory |/etc/security/aixpert/bin/rmdotfrmpathnroot |none |Miscellaneous Rules | |
| | |hls_xhost|xhost|{bgcolor:red}High Security{bgcolor}|Disable X-Server access: Disable access control for X-Server |/etc/security/aixpert/bin/execmds |"/usr/bin/X11/xhost -" |Miscellaneous Rules | |
| | |mls_xhost|xhost|{bgcolor:purple}Medium Security{bgcolor}|Disable X-Server access: Disable access control for X-Server |/etc/security/aixpert/bin/execmds |"/usr/bin/X11/xhost -" |Miscellaneous Rules | |
| | |dls_xhost|xhost|{bgcolor:green}Default{bgcolor}|Enable X-Server access: Enable access control for X-Server |/etc/security/aixpert/bin/execmds |"/usr/bin/X11/xhost +" |Miscellaneous Rules | |
| | |hls_chetcftpusers|chetcftpusers|{bgcolor:red}High Security{bgcolor}|Add root user in /etc/ftpusers file: Adds root username in /etc/ftpusers file |/etc/security/aixpert/bin/chetcftpusers |a hls_chetcftpusers |Miscellaneous Rules | |
| | |mls_chetcftpusers|chetcftpusers|{bgcolor:purple}Medium Security{bgcolor}|Add root user in /etc/ftpusers file: Adds root username in /etc/ftpusers file |/etc/security/aixpert/bin/chetcftpusers |a mls_chetcftpusers |Miscellaneous Rules | |
| | |dls_chetcftpusers|chetcftpusers|{bgcolor:green}Default{bgcolor}|Remove root user in /etc/ftpusers file: Removes root's entry from /etc/ftpusers file |/etc/security/aixpert/bin/chetcftpusers |r dls_chetcftpusers |Miscellaneous Rules | |
| | |hls_removeguest|removeguest|{bgcolor:red}High Security{bgcolor}|Remove guest account: Removes guest account and its files |/etc/security/aixpert/bin/execmds |"rmuser guest; rm -rf /home/guest; ODMDIR=/etc/objrepos odmdelete -qloc0=/home/guest -o inventory" |Miscellaneous Rules | |
| | |mls_removeguest|removeguest|{bgcolor:purple}Medium Security{bgcolor}|Remove guest account: Removes guest account and its files |/etc/security/aixpert/bin/execmds |"rmuser guest; rm -rf /home/guest; ODMDIR=/etc/objrepos odmdelete -qloc0=/home/guest -o inventory" |Miscellaneous Rules | |
| | | |dls_removeguest|removeguest|{bgcolor:green}Default{bgcolor}|Add guest account: Adds guest account |/etc/security/aixpert/bin/execmds |"/usr/sbin/lsuser guest || /usr/bin/mkuser guest " |Miscellaneous Rules | |
| | | |dls_removeguest|removeguest|{bgcolor:green}Default{bgcolor}|Add guest account: Adds guest account |/etc/security/aixpert/bin/execmds |"/usr/sbin/lsuser guest then /usr/bin/mkuser guest " |Miscellaneous Rules | |
| | |hls_sedconfig|sedconfig|{bgcolor:red}High Security{bgcolor}|Enable SED feature: Enable Stack Execution Disable feature |/etc/security/aixpert/bin/sedconfig |hls_sedconfig |Miscellaneous Rules | |
| | |hls_rootpwdintchk|rootpwdintchk|{bgcolor:red}High Security{bgcolor}|Root Password Integrity Check: Makes sure that the root password being set is not weak |/etc/security/aixpert/bin/chuserstanza |/etc/security/user dictionlist=/etc/security/aixpert/dictionary/English root hls_rootpwdintchk |Miscellaneous Rules | |
| | |mls_rootpwdintchk|rootpwdintchk|{bgcolor:purple}Medium Security{bgcolor}|Root Password Integrity Check: Makes sure that the root password being set is not weak |/etc/security/aixpert/bin/chuserstanza |/etc/security/user dictionlist=/etc/security/aixpert/dictionary/English root mls_rootpwdintchk |Miscellaneous Rules | |
| | |scbps_pwdpolicyenf|pwdpolicyenf|{bgcolor:blue}Sox-Corbit{bgcolor}|SOX-cobit-best-practices-Password Policy Enforcement: Password Policy Enforcement |/etc/security/aixpert/bin/pwdpolicyenf |none |SOX-COBIT Best Practices Security | |
| | |scbps_secactreport|secactreport|{bgcolor:blue}Sox-Corbit{bgcolor}|SOX-cobit-best-practices-Security Activity Reports: Violation and Security Activity Reports |/etc/security/aixpert/bin/secactreport |none |SOX-COBIT Best Practices Security | |
| | |scbps_virusdetsw|virusdetsw|{bgcolor:blue}Sox-Corbit{bgcolor}|SOX-cobit-best-practices-Virus Detection Software: Malicious Software Prevention, Detection and Correction |/etc/security/aixpert/bin/virusdetsw |none |SOX-COBIT Best Practices Security | |
| | |scbps_firewsetup|firewsetup|{bgcolor:blue}Sox-Corbit{bgcolor}|SOX-cobit-best-practices-Firewall setup: Firewall Architecture and Connections with Public Networks |/etc/security/aixpert/bin/firewsetup |none |SOX-COBIT Best Practices Security | |
| | |hls_tcptr|tcptr|{bgcolor:red}High Security{bgcolor}|TCP Traffic Regulation High - Enforces denial-of-service mitigation on popular ports. |/etc/security/aixpert/bin/tcptr_aixpert |hls |Tune network options | |
