× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2017

RE: Recommended AIX lists

Very much targeted at a unix or linux system. Are you running this on a
real AIX box or PASE on the IBM i? Either way, a lot of this just
doesn't exist. I do have an AIX box somewhere, but I would have to check
and see if I can get it back on the network.




Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Rob Berendt
Sent: Friday, April 28, 2017 9:04 AM
To: Midrange Systems Technical Discussion
Subject: RE: Recommended AIX lists

The entire script:

#!/bin/sh
pwd
mkdir -p $HOSTNAME/tmp/UNIXresults
chmod -777 $HOSTNAME/tmp/UNIXresults
# this will tell you the hostname
hostname > $HOSTNAME/tmp/UNIXresults/ABOUT.fil
ifconfig >> $HOSTNAME/tmp/UNIXresults/ABOUT.fil
date >> $HOSTNAME/tmp/UNIXresults/ABOUT.fil
# Legal warning banner
echo 'outputting warning banner'
cat /etc/issue > $HOSTNAME/tmp/UNIXresults/WRNBN.fil
cat /etc/issue.net >> $HOSTNAME/tmp/UNIXresults/WRNBN.fil
cat /etc/motd >> $HOSTNAME/tmp/UNIXresults/WRNBN.fil
# SU restrictions
echo 'outputting sudoers'
cat /etc/sudoers > $HOSTNAME/tmp/UNIXresults/SUDOERS.fil
# users
echo 'outputting users'
cat /etc/passwd > $HOSTNAME/tmp/UNIXresults/USERS.fil
# groups
echo 'outputting groups'
cat /etc/group > $HOSTNAME/tmp/UNIXresults/GROUPS.fil
# System log files
echo 'this will tell you what is configured in the syslog'
cat /etc/rsyslog.conf > $HOSTNAME/tmp/UNIXresults/SYSLOG.fil
cat /etc/syslog.conf >> $HOSTNAME/tmp/UNIXresults/SYSLOG.fil
# PAM configuration
echo 'this will tell what to investigate about the PAM configuration -
this is
NOT a complete output of ALL PAM configs! If questions please discuss
with
the UNIX admin!'
cat /etc/pam.d/system-auth > $HOSTNAME/tmp/UNIXresults/PAM.fil cat
/etc/security/pwquality.conf >> $HOSTNAME/tmp/UNIXresults/PAM.fil cat
/etc/pam.d/su |grep pam_wheel.so >>
$HOSTNAME/tmp/UNIXresults/PAM.fil # SSHD configuration echo 'options
available to limit which users and group can access the system via
SSH'
cat /etc/ssh/sshd_config |grep "^AllowUsers" >
$HOSTNAME/tmp/UNIXresults/SSHD.fil
cat /etc/ssh/sshd_config |grep "^AllowGroups" >>
$HOSTNAME/tmp/UNIXresults/SSHD.fil
cat /etc/ssh/sshd_config |grep "^DenyUsers" >>
$HOSTNAME/tmp/UNIXresults/SSHD.fil
cat /etc/ssh/sshd_config |grep "^DenyGroups" >>
$HOSTNAME/tmp/UNIXresults/SSHD.fil
# World writable files
echo 'lists world writable files - if exist in sensitive directories
discuss with
system administrator'
find / -perm -2 ! -type l -ls > $HOSTNAME/tmp/UNIXresults/WWW.fil #
SUID
& SGUID files echo 'lists files with the SUID & SGUID bit set - if
exist in
sensitive directories discuss with system administrator'
find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -lg {} \;
2>/dev/null > $HOSTNAME/tmp/UNIXresults/GUIDandSUID.fil
tar -cf $HOSTNAME/tmp/UNIXresults.tar $HOSTNAME/tmp/UNIXresults/*.fil
rm -f $HOSTNAME/tmp/UNIXresults/*.fil rmdir
$HOSTNAME/tmp/UNIXresults exit 0




Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Kevin Bucknum" <Kevin@xxxxxxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion"
<midrange-l@xxxxxxxxxxxx>
Date: 04/28/2017 10:01 AM
Subject: RE: Recommended AIX lists
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



The biggest issues that I've seen have all been either expecting a
different shell than you are running, of differences in the commands.
Gnu CHMOD allows you to negate permissions in octal notation. AIX
doesn't. The equivalent of CHMOD -777 is CHMOD 0000.

How long is the script? I might can work through it and get the
information they are looking for.




Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On
Behalf
Of Rob Berendt
Sent: Friday, April 28, 2017 8:49 AM
To: Midrange Systems Technical Discussion
Subject: Re: Recommended AIX lists

<snip>
Have you tried running it? How far do you get before it fails?
</snip>

Dies very quickly. Died on the chmod command

OS audit scripts tend to be, well, OS specific. Unless, our auditors
screwed up
the chmod command?



**********************************************************
*********************
* *
* *
* Welcome to AIX Version 7.1! *
* *
* *
* Please see the README file in /usr/lpp/bos for information
pertinent to
*
* this release of the AIX Operating System. *
* *
* *

**********************************************************
*********************
# /bin/sh
# pwd
/
# mkdir -p $HOSTNAME/tmp/UNIXresults
# chmod -777 $HOSTNAME/tmp/UNIXresults
chmod: Not a recognized flag: 7
Usage: chmod [-R] [-f] [-h] {u|g|o|a ...} {+|-|=} {r|w|x|X|s|t ...}
File
...
chmod [-R] [-f] [-h] OctalNumber File ...
Changes the permission codes for files or directories.
#
#



Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.