How to audit AIX Unix systems with Lynis

How to audit AIX Unix systems with Lynis

Each system is as strong as its weakest link. Also for systems running on AIX this rule applies. Therefore a regular audit can help finding the weakest links. Next step is then the fortification of these weakened areas and implementing system hardening measures.

What to audit?

There is a lot to look for when auditing a system running AIX. Let’s have a look at the most important areas.

File systems

Monitor alterations to critical systems files. Configurations usually should be similar and properly controlled. Unauthorized file changes are definitely not something you want. Implement tight file permissions and only provide access to users which really need access. Protect data directories which contain sensitive data.

Related commands: lsfs, mount

Kernel

The core component of each operating system is the kernel. Using safe values and parameters will protect the system from crashing. Proper tuning needs some careful attention though. Consult related documentation when adjusting the kernel, to make sure that the kernel properly deals with network traffic and the right security measures are enabled. Especially with kernel hardening the focus should be correct. Does the system handle a lot of sensitive data? Go for full protection. Is it just action as a gateway and interfacing with users, go for the optimal mix of performance and security.

Related commands: no, smtctl

Logging

Monitor for unexpected events (software crashes) to detect weak areas on the system. Also detect common events like login failures and have them logged. They can be also linked with an existing SIEM (security information and event management) solution, or forwarded to the security officer.

Related commands: alog, errpt

Memory and swap

Determine memory usage and make sure no processes are hogging up memory in an unexpected way.

Related commands: lsps

Network

Implement a firewall to limit traffic to what is needed for properly functioning and its business goal. Also check for proper tuning of the system, so it is optimized to deal with the number of users it is facing.

Related commands: ifconfig lsattr, netstat, route

Patch management

Software is one of the biggest areas on a system where vulnerabilities can exist. Proper software patch management helps with solving any weaknesses found in software. If there is one area to pay attention to and put some time into it, then it is software management and patching.

Related commands: lslpp, oslevel

How to audit?

We already blogged a few times on what to look for when auditing Unix systems. While we definitely suggest reading other posts, we want to simplify the lives of others. This is where Lynis comes into play. Lynis is an auditing tool for Unix based systems. It runs on almost all Unix platforms and performs an in-depth audit in a few minutes.

If you want a quick idea on what areas to improve on your systems, give Lynis a try. It’s open source and free to use. With a big community of users, the software is very popular and widespread. The findings showing up can be a great point to start with your system hardening efforts!

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon