软讯网络 > 操作系统 > 其他操作系统 > AIX System Security:6.System access,authentication

【标题】：AIX System Security:6.System access,authentication
【关键字】：AIX,System,Security,6.System,access,authentication
【来源】：http://www.cublog.cn/u/4031/showart.php?id=196582

AIX System Security:6.System access,authentication

1.Remove /etc/hosts.equiv

2.Create /etc/ftpusers

lsuser -c ALL | grep -v ^#name | cut -f1 -d: | while read NAME; do
if [ `lsuser -f $NAME | grep id | cut -f2 -d=` -lt 200 ]; then
echo "Adding $NAME to /etc/ftpusers"
echo $NAME >> /etc/ftpusers.new
fi
done
sort -u /etc/ftpusers.new > /etc/ftpusers
rm /etc/ftpusers.new
chown root:system /etc/ftpusers
chmod 600 /etc/ftpusers

3.Disable XDMCP port

if [ ! -f /etc/dt/config/Xconfig ]; then
mkdir -p /etc/dt/config
cp /usr/dt/config/Xconfig /etc/dt/config
fi
cd /etc/dt/config
awk '/Dtlogin.requestPort:/ \
{ print "Dtlogin.requestPort: 0"; next } \
{ print }' Xconfig > Xconfig.new
mv Xconfig.new Xconfig
chown root:bin Xconfig
chmod 444 Xconfig

4.Prevent X Server from listening on port 6000/tcp

if [ -f /etc/dt/config/Xservers ]; then
file=/etc/dt/config/Xservers
else
file=/usr/dt/config/Xservers
fi
awk '/Xsun/ && !/^#/ && !/-nolisten tcp/ \
{ print $0 " -nolisten tcp"; next }; \
{ print }' $file > $file.new
mkdir -p /etc/dt/config
mv $file.new /etc/dt/config/Xservers

chown root:bin /etc/dt/config/Xservers
chmod 444 /etc/dt/config/Xservers

5.Set default locking screensaver timeout

for file in /usr/dt/config/*/sys.resources; do
dir=`dirname $file | sed -e s/usr/etc/`
mkdir -p $dir
echo 'dtsession*saverTimeout: 10' >> $dir/sys.resources
echo 'dtsession*lockTimeout: 10' >> $dir/sys.resources
done

6.Remove empty crontab files and restrict file permissions

cd /var/spool/cron/crontabs
for file in *; do
lines=`grep -Ev '^[ \t]*#' $file | wc -l | sed 's/
//g'`
if [ $lines -eq 0 ]; then

echo "Removing $file"
rm $file
fi
done
chgrp -R cron /var/spool/cron/crontabs
chmod -R o= /var/spool/cron/crontabs
chmod 770 /var/spool/cron/crontabs

7.Restrict at and cron to authorized users

cd /var/adm/cron
rm -f cron.deny at.deny
echo root > cron.allow
echo root > at.allow
ls /var/spool/cron/crontabs | grep -v root >> cron.allow
ls /var/spool/cron/atjobs | grep -v root >> at.allow
chown root:sys cron.allow at.allow
chmod 400 cron.allow at.allow
cat at.allow
cat cron.allow
cat at.deny cron.deny # this should fail

8.Restrict root logins to system console

chuser rlogin=false login=true su=true sugroups=system root

AIX System Security:7.User Accounts and environmen：【上一篇】
AIX System Security:5.File/Directory permissions：【下一篇】

AIX System Security:8.Warning banner

AIX System Security:backup file shell

system-config-date的实现机制

AIX mksysb

AIX System Security:1 soft and os

AIX System Security:2 Network services and Daemons

AIX System Security:Kernel tuning

Oracle Database 10g Release 2 (10.2.0.2) for Solaris Operating System (x86) for Solaris 10 x86安装

信息安全策略之六：Router Security Policy