You are on page 1of 2

1. Aix practices to avoid security vulnerabilities POINT:SO What:system.

Users should not be having blank password A null password allows users to log onto a system without having to supply a valid password. This is a security risk to the

POINT:SO What:example a that how many defined password risks POINT :SO What:from POINT :SO What:POINT :SO What:full 2. Log analysis POINT :SO What:future failing

Password should be changed in a specified period of time Password should be changed over a time period as a system is accessed by many persons in a given time period for vendor and some times we are not exactly aware persons exactly sharing the passwords so a change policy will minimize these types of ftp for root access should be blocked If ftp is done through root user any user who has access to root (this happens very often ) can access any files on the server any terminal or from the network Rlogin should be disabled within the network ssh should be used instead if rlogin is enabled between servers any user logged on to any server can log on to other servers as root suid uses should be reduced to minimum if suid is applied on a binary it will run with the authority of root and any user running that binary will run the binary with permission

Daily logs and health checking Daily checking of errpt logs to avoid errors and disaster , some times there are alarm or information that points to some error which is ignored , for example failing disks or cooling subsystem which does not stops the

system functionality at once . for example if a disk is failing or some stale partitions are there it can be replaced with another disk while it is still running and thus a disaster could be avoided POINT :SO What:Status and performance report A status report has to be generated by analyzing logs and health checking output so that regular performance and errors could be monitored and analyzed further . reading these types of errors and taking necessary precautions . otherwise they would not provide the facilities which they are meant for . if we are not analyzing performance and are not taking necessary actions we may get a serious performance issues and disaster . for example if paging space is utilized 100 % a system can shut down configuration changes to avoid disaster and quick recovery in POINT :disaster So What :- By analyzing configuration periodically a administrator can detect flaws in the current configuration that may had compromised performance or redundancy and by changing in the configuration it can insure stability It can also add new configuration to increase redundancy and hence avoiding single point of failure Daily monitoring of other redundant objects or services which avoids single point of failure for example cluster services .