with Tags:
security
X

"Passw0rd with a zero"
You know when you go to the ATM or enter a PIN, you're told to cover up your hands so no one can look on. I wonder whether the same rule ought to apply for people on the bus who are on the phone. I've overheard passwords for what seem to be very important institutions, and I have enough non-AIX knowledge to know the root password (for Linux) or Administrator (Windows) is probably something precious. For that matter, if IBM developerWorks - let's shorten it to ibmdw, had a root password that went something like 1bmdw123 , I'd be a little... [More]
Tags:  security password |
Lock down the directory, not just the files
I just read this comment about Unix permissions in a whitepaper to do with securing databases. The comment is about Progress databases, which may not exist in your environment, but the comment is worth noting anyway: Though counterintuitive, file modification is controlled by permissions on that file, but file creation and deletion are controlled by permissions on the parent directory. In other words, it is entirely legal to delete a file that you cannot modify if you have write access to the directory without having write access to the file... [More]
Tags:  security permissions read_write chmod umask unix_permissions chown |
Auditors at the door? Let aixpert answer.
<!--
@page { margin: 2cm }
P { margin-bottom: 0.21cm }
A:link { so-language: zxx }
-->
CAREFUL, THEY MIGHT HEAR YOU The
word “auditor”, of course, comes from the Latin audire 'to hear', since audits were originally presented orally. Hearing is
the auditors' profession, so there's no need to shout at them. If you say your system is... [More]
Tags:  security aix_security_expert auditor sox fpm xml sox_corbit aixpert sarbanes_oxley system_hardening aix |