How to audit AIX Unix systems with Lynis

How to audit AIX Unix systems with Lynis

Each system is as strong as its weakest link. Also for systems running on AIX this rule applies. Therefore a regular audit can help finding the weakest links. Next step is then the fortification of these weakened areas and implement system hardening.

What to audit?

There is a lot to look for when auditing a system running AIX. Let’s have a look at the most important areas.

File systems

Monitor alterations to critical systems files. Usually configurations should be similar and properly controlled. Unauthorized file changes are definitely not something you want. Implement tight file permissions and only provide access to users which really need access. Protect data directories which contain sensitive data.

Related commands: lsfs, mount


The core component of each operating system is the kernel. Using safe values and parameters will protect the system from crashing. Proper tuning needs some careful attention though. Consult related documentation when adjusting the kernel, to make sure that the kernel properly deals with network traffic and the right security measures are enabled. Especially with kernel hardening the focus should be correct. Does the system handle a lot of sensitive data? Go for full protection. Is it just action as a gateway and interfacing with users, go for the optimal mix of performance and security.

Related commands: no, smtctl


Monitor for unexpected events (software crashes) to detect weak areas on the system. Also detect common events like login failures and have them logged. They can be also linked with an existing SIEM (security information and event management) solution, or forwarded to the security officer.

Related commands: alog, errpt

Memory and swap

Determine memory usage and make sure no processes are hogging up memory in an unexpected way.

Related commands: lsps


Implement a firewall to limit traffic to what is needed for properly functioning and its business goal. Also check for proper tuning of the system, so it is optimized to deal with the amount of users it is facing.

Related commands: ifconfig lsattr, netstat, route

Patch management

Software is one of the biggest areas on a system where vulnerabilities can exist. Proper software patch management helps with solving any weaknesses found in software. If there is one area to pay attention to and put some time into it, then it is software management and patching.

Related commands: lslpp, oslevel

How to audit?

Lynis screenshot with hardening index

Lynis screenshot with hardening index.

We already blogged a few times on what to look for when auditing Unix systems. While we definitely suggest to read other posts, we want to simplify the lives of others. This is where Lynis comes into play. Lynis is an auditing tool for Unix based systems. It runs on almost all Unix platforms and performs an in-depth audit in a few minutes.

If you want a quick idea on what areas to improve on your systems, give Lynis a try. It’s open source and free to use. With a big community of users, the software is very popular and widespread. The findings showing up can be a great point to start with your system hardening efforts!

Lynis Enterprise

Lynis Enterprise screenshot to help with system hardening

This blog post is part of our Linux security series and the mission to get Linux and Unix-based systems more secure.

Does system hardening take a lot of time, or do you have any compliance in your company? Have a look at Lynis Enterprise.

Or start today with the open source security scanner Lynis (GitHub)


Leave a Reply

Your email address will not be published. Required fields are marked *