I had a new article published on IBM developerWorks today:  Getting started with Nmap for system administrators

Tags:  aix nmap linux security article

AIX stores password hashes under /etc/security/passwd.   Each user with a password defined will have a stanza in this file that specifies what the hashed password is.      Here is an example for the root user: # grep -p root /etc/security/passwd root:         password = 2zfymAdUyNdA.         lastupdate = 1360555127   If you would like to transfer a users password from one server to another, you can simply copy the users stanza out of /etc/security/passwd and put it in this same file on the other server (replacing their existing stanza).  ... [More]

Tags:  script security aix password

I've seen several Linux/UNIX system administrators struggle with a scenario like this one:   A user reports to the administrator they are trying to "cd" in to a directory but keep getting permission denied: $ cd /tmp/level1/level2/level3/level4/level5/level6 ksh: /tmp/level1/level2/level3/level4/level5/level6: Permission denied.   As the root user, the administartor checks the permissions on the directory:    # ls -ald /tmp/level1/level2/level3/level4/level5/level6 drwxrwxrwx    2 root     system          256 Dec 19 20:11... [More]

Tags:  unix security aix permissions linux

As a follow up to my posting from yesterday, Every possible UNIX/Linux file permission: Listed and explained (All 4,096 of them) , I also made a list of every possible umask mode including the file and directory permissions that would be created at each umask mode.   Also, below are the scripts I wrote to generate the list of permissions and the list of umasks.  umask script:   #!/usr/bin/ksh #Brian Smith - create HTML table of every possible umask echo "<table border=1 cellpadding=4>" echo "<tr>"... [More]

Tags:  security linux aix unix scripting umask script

The generic read/write/execute UNIX/Linux file permissions are fairly easy to understand.  But when you start getting in to the SUID, SGID, and Sticky bits things get more complicated and harder to understand.      For example, if you came across a file with "--S--S--T" permissions would you know what this means?  By reading this short posting and referring to the table linked below, you would be able to quickly and easily decipher any possible file permission you might run in to and translate it in to english :)   Here is a little... [More]

Tags:  files permissions security aix linux unix

If you need to edit the sudoers file from a script, you might be tempted to directly edit the file.   But like it says at the top of /etc/sudoers - the file must only be edited with the visudo command.   This is because visudo validates the syntax before putting the new file in place.   Without this syntax validation it is very easy to make a mistake in the file after which sudo no longer works (hopefully at that point you have the root password so you can still access root without sudo :) )   Here is an example of how a line can be added to... [More]

Tags:  aix ed sudoers script linux security sudo unix

The first time you connect to a server using SSH you are prompted to accept the host key.  After this, each time you connect the client uses the cached SSH host public key (stored in ~/.ssh/known_hosts) to authenticate that the server it is connecting to is the same server it connected to the first time.   This is done to prevent a man in the middle attack which is when a malicious server presents itself as another server in order to capture passwords or other information.   If SSH didn't have host keys, you... [More]

Tags:  ssh keys aix security linux