Are you using NTP? Get your ifix! PDF Print E-mail
Written by Michael Felt   

What system you are using NTP on?

The discoveries of openings in the NTP protocol for hacking into systems is pervasive into all operating systems - including AIX. One announcement in 2014, one in 2015- and 4 or 5 announcements (depending on how you want to count them) in the first 6 months of 2016.

In short, this year, the number and rate of discoveries have increased dramatically. So, thinking you are not affected is just putting your head in the sand - unless you are not using NTP at all.

Last Updated ( Friday, 10 June 2016 )
Read more...
 
apt-get install ... is being more honest PDF Print E-mail
Written by Michael Felt   

I kept hearig from people that LINUX updated - anytime - without restarts or reboots. This was something AIX could not do. Well, neither was accurate. I had paid attention in the past - and I saw the restarts of sub-systems.

I am happy to report that LINUx is being more honest about the "disruption" of services due to some updates.

Last Updated ( Thursday, 09 June 2016 )
Read more...
 
CBC-based ciphers - avoid them PDF Print E-mail
Written by Michael Felt   

CBC-based ciphers should be avoided because...

This preface, or implied question, has nagged at me for quite awhile. I knew there is a recommendation, even compliancy concern regarding CBC-based ciphers - but never had a clue why CBC-based is "out of favor". As is often the case - eventually the answer jumps out at you.

Last Updated ( Thursday, 09 June 2016 )
Read more...
 
Active Directory and AIX default user attributes integration PDF Print E-mail
Written by Michael Felt   

An awareness thing: where do I set this?

I knew it could be set, and that I read the sentence about it with some frequency.

defaultentrylocation Specifies the location of the default entry. Valid values are ldap and local. The default is ldap.

  • ldap - Use the default entry in LDAP for all attribute default values.
  • local - Use the default stanza from local /etc/security/user file for all attribute default values.

I am sure I will not forget it again - but just in case you are using LDAP - with Active Directory or OpenLDAP as the LDAP server AND!! want to continue to have the AIX default user attributes from /etc/security/user - which I do, the place to set it is in /etc/security/ldap/ldap.cfg

Last Updated ( Tuesday, 07 June 2016 )
 
I could kick myself... PDF Print E-mail
Written by Michael Felt   

I have been promoting RBAC since AIX 6.0 Beta. And RBAC Domains were, read are, a great addition. And I could really kick myself that

  1. I have let an extremely simple bug hold me back for years (read I did not find a truely simple workaround before now)
  2. I have not been beating at AIX Security support to fix it (as I shall now!!!)
Read more...
 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>