After almost 4 years with a real focus on performance and virtualization my work has been making a shift to security implementation. And I am very glad to be back in that area. Should you wonder through the older articles of rootvg - even looking at http://archive.rootvg.net you can see that I have a history with security policy, implementation and features.

Right now I am working on documenting the difference between the classic UNIX/AIX install "install everything" and one of the install options that came initially with AIX 6 - Secure by Default.

In short, AIX Secure by Default installs the minimum filesets needed to be a useable system. And, as part of "first boot" aix expert (aixpert) is activated at "high" level.

I also wrote on RBAC back in 2007. Now five (5) years down the line I see customers are beginning to make a move away from sudo to RBAC for securing AIX - enhancing trust in what users and admins are permitted to do with their systems.

More later!