× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2017

Re: Recommended AIX lists

Like Kevin said. It's awfully Linux specific, for example, AIX doesn't have
sudo by default, you only have it if you install it. the same with bash.
Some admins I know install both to try to bring both worlds together (and
because bash has autocomplete).
You will have to tell the auditors to get somebody who speaks AIX to
re-write the script, because the most important questions (ssh and
permissions) won't ever be answered with that script. Hell, AIX still
doesn't have ssh by default...

Best Regards,

Roberto

On Fri, Apr 28, 2017 at 11:19 AM, Rob Berendt <rob@xxxxxxxxx> wrote:

AIX lpar, not PASE.



Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Kevin Bucknum" <Kevin@xxxxxxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Date: 04/28/2017 10:17 AM
Subject: RE: Recommended AIX lists
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



Very much targeted at a unix or linux system. Are you running this on a
real AIX box or PASE on the IBM i? Either way, a lot of this just
doesn't exist. I do have an AIX box somewhere, but I would have to check
and see if I can get it back on the network.




Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Rob Berendt
Sent: Friday, April 28, 2017 9:04 AM
To: Midrange Systems Technical Discussion
Subject: RE: Recommended AIX lists

The entire script:

#!/bin/sh
pwd
mkdir -p $HOSTNAME/tmp/UNIXresults
chmod -777 $HOSTNAME/tmp/UNIXresults
# this will tell you the hostname
hostname > $HOSTNAME/tmp/UNIXresults/ABOUT.fil
ifconfig >> $HOSTNAME/tmp/UNIXresults/ABOUT.fil
date >> $HOSTNAME/tmp/UNIXresults/ABOUT.fil
# Legal warning banner
echo 'outputting warning banner'
cat /etc/issue > $HOSTNAME/tmp/UNIXresults/WRNBN.fil
cat /etc/issue.net >> $HOSTNAME/tmp/UNIXresults/WRNBN.fil
cat /etc/motd >> $HOSTNAME/tmp/UNIXresults/WRNBN.fil
# SU restrictions
echo 'outputting sudoers'
cat /etc/sudoers > $HOSTNAME/tmp/UNIXresults/SUDOERS.fil
# users
echo 'outputting users'
cat /etc/passwd > $HOSTNAME/tmp/UNIXresults/USERS.fil
# groups
echo 'outputting groups'
cat /etc/group > $HOSTNAME/tmp/UNIXresults/GROUPS.fil
# System log files
echo 'this will tell you what is configured in the syslog'
cat /etc/rsyslog.conf > $HOSTNAME/tmp/UNIXresults/SYSLOG.fil
cat /etc/syslog.conf >> $HOSTNAME/tmp/UNIXresults/SYSLOG.fil
# PAM configuration
echo 'this will tell what to investigate about the PAM configuration -
this is
NOT a complete output of ALL PAM configs! If questions please discuss
with
the UNIX admin!'
cat /etc/pam.d/system-auth > $HOSTNAME/tmp/UNIXresults/PAM.fil cat
/etc/security/pwquality.conf >> $HOSTNAME/tmp/UNIXresults/PAM.fil cat
/etc/pam.d/su |grep pam_wheel.so >>
$HOSTNAME/tmp/UNIXresults/PAM.fil # SSHD configuration echo 'options
available to limit which users and group can access the system via
SSH'
cat /etc/ssh/sshd_config |grep "^AllowUsers" >
$HOSTNAME/tmp/UNIXresults/SSHD.fil
cat /etc/ssh/sshd_config |grep "^AllowGroups" >>
$HOSTNAME/tmp/UNIXresults/SSHD.fil
cat /etc/ssh/sshd_config |grep "^DenyUsers" >>
$HOSTNAME/tmp/UNIXresults/SSHD.fil
cat /etc/ssh/sshd_config |grep "^DenyGroups" >>
$HOSTNAME/tmp/UNIXresults/SSHD.fil
# World writable files
echo 'lists world writable files - if exist in sensitive directories
discuss with
system administrator'
find / -perm -2 ! -type l -ls > $HOSTNAME/tmp/UNIXresults/WWW.fil #
SUID
& SGUID files echo 'lists files with the SUID & SGUID bit set - if
exist in
sensitive directories discuss with system administrator'
find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -lg {} \;
2>/dev/null > $HOSTNAME/tmp/UNIXresults/GUIDandSUID.fil
tar -cf $HOSTNAME/tmp/UNIXresults.tar $HOSTNAME/tmp/UNIXresults/*.fil
rm -f $HOSTNAME/tmp/UNIXresults/*.fil rmdir
$HOSTNAME/tmp/UNIXresults exit 0




Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Kevin Bucknum" <Kevin@xxxxxxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion"
<midrange-l@xxxxxxxxxxxx>
Date: 04/28/2017 10:01 AM
Subject: RE: Recommended AIX lists
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



The biggest issues that I've seen have all been either expecting a
different shell than you are running, of differences in the commands.
Gnu CHMOD allows you to negate permissions in octal notation. AIX
doesn't. The equivalent of CHMOD -777 is CHMOD 0000.

How long is the script? I might can work through it and get the
information they are looking for.




Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On
Behalf
Of Rob Berendt
Sent: Friday, April 28, 2017 8:49 AM
To: Midrange Systems Technical Discussion
Subject: Re: Recommended AIX lists

<snip>
Have you tried running it? How far do you get before it fails?
</snip>

Dies very quickly. Died on the chmod command

OS audit scripts tend to be, well, OS specific. Unless, our auditors
screwed up
the chmod command?



**********************************************************
*********************
* *
* *
* Welcome to AIX Version 7.1! *
* *
* *
* Please see the README file in /usr/lpp/bos for information
pertinent to
*
* this release of the AIX Operating System. *
* *
* *

**********************************************************
*********************
# /bin/sh
# pwd
/
# mkdir -p $HOSTNAME/tmp/UNIXresults
# chmod -777 $HOSTNAME/tmp/UNIXresults
chmod: Not a recognized flag: 7
Usage: chmod [-R] [-f] [-h] {u|g|o|a ...} {+|-|=} {r|w|x|X|s|t ...}
File
...
chmod [-R] [-f] [-h] OctalNumber File ...
Changes the permission codes for files or directories.
#
#



Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.