MichaelAM: No looking back
Written by Michael Felt   

It happened. I got bit by "something". I have a mission! Howto secure AIX using the technologies that have been there, for the using since 2007 - but have not not been because the focus on security has been on maintaining compapability with "the past". Anno 2010 (hey we are 2012 - I know) -- anno 2010 we should have been doing this - three years in the making. But no, crisis this, crisis that - and worst of all - looking back for guidance as a way to secure UNIX.

Looking forward now!

Instead, I am going to look forward. In the articles I can already forsee...

I shall write quickly on what RBAC is functionally, rather than techically. Ah - why not now? Better because I can do that now. So next becomes describing the impact on my system (only rootvg directly an install) after running the commands:

# find / -group 0 -exec chmod g-rwx {} \;
# find / -group 7 -exec chmod g-rwx {} \;

I expect there will be some, but not all that much. None as root of course, hopefully - ideally - none as a non-admin user. The one command I will still need to "kill" is chgrpmem as that will have mode rws--Sr-x - and I do not want any admin commands based on group settings - but I do still want to be able to find what constitutes - looking back!

Remember: no looking back!