Creating custom security configuration profile

If a rule is not applicable to the specific environment of the system, most compliance organizations permit documented exceptions.

To remove a rule and to create a custom security policy and configuration file, complete the following steps:
  1. Copy the contents of the following files into a single file named /etc/security/aixpert/custom/<my_security_policy>.xml:
     /etc/security/aixpert/custom/profile-name.xml
  2. Edit the <my_security_policy>.xml file by removing the rule that is not applicable from the opening XML tag <AIXPertEntry name… to the ending XML tag </AIXPertEntry.

You can insert additional configuration rules for security. Insert the additional rules to the XML AIXPertSecurityHardening schema. You cannot change the PowerSC profiles directly, but you can customize the profiles.

For most environments, you must create a custom XML policy. To distribute a customer profile to other systems, you must securely copy the customized XML policy to the system that requires the same configuration. A secure protocol, such as secure file transfer protocol (SFTP), is used to distribute a custom XML policy to other systems, and the profile is stored in a secure location /etc/security/aixpert/custom/<my_security_policy.xml>

Log on to the system where a custom profile must be created, and run the following command:
pscxpert –f /etc/security/aixpert/custom/<my_security_policy>.xml