|
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On BehalfMail
Of Rob Berendt
Sent: Friday, April 28, 2017 9:19 AM
To: Midrange Systems Technical Discussion
Subject: RE: Recommended AIX lists
AIX lpar, not PASE.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
to: 2505 Dekko Drive<midrange-l@xxxxxxxxxxxx>
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: "Kevin Bucknum" <Kevin@xxxxxxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion"
Date: 04/28/2017 10:17 AMa
Subject: RE: Recommended AIX lists
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
Very much targeted at a unix or linux system. Are you running this on
real AIX box or PASE on the IBM i? Either way, a lot of this justcheck
doesn't exist. I do have an AIX box somewhere, but I would have to
and see if I can get it back on the network.-
Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] OnBehalf
Of Rob Berendt
Sent: Friday, April 28, 2017 9:04 AM
To: Midrange Systems Technical Discussion
Subject: RE: Recommended AIX lists
The entire script:
#!/bin/sh
pwd
mkdir -p $HOSTNAME/tmp/UNIXresults
chmod -777 $HOSTNAME/tmp/UNIXresults
# this will tell you the hostname
hostname > $HOSTNAME/tmp/UNIXresults/ABOUT.fil
ifconfig >> $HOSTNAME/tmp/UNIXresults/ABOUT.fil
date >> $HOSTNAME/tmp/UNIXresults/ABOUT.fil
# Legal warning banner
echo 'outputting warning banner'
cat /etc/issue > $HOSTNAME/tmp/UNIXresults/WRNBN.fil
cat /etc/issue.net >> $HOSTNAME/tmp/UNIXresults/WRNBN.fil
cat /etc/motd >> $HOSTNAME/tmp/UNIXresults/WRNBN.fil
# SU restrictions
echo 'outputting sudoers'
cat /etc/sudoers > $HOSTNAME/tmp/UNIXresults/SUDOERS.fil
# users
echo 'outputting users'
cat /etc/passwd > $HOSTNAME/tmp/UNIXresults/USERS.fil
# groups
echo 'outputting groups'
cat /etc/group > $HOSTNAME/tmp/UNIXresults/GROUPS.fil
# System log files
echo 'this will tell you what is configured in the syslog'
cat /etc/rsyslog.conf > $HOSTNAME/tmp/UNIXresults/SYSLOG.fil
cat /etc/syslog.conf >> $HOSTNAME/tmp/UNIXresults/SYSLOG.fil
# PAM configuration
echo 'this will tell what to investigate about the PAM configuration
this isdiscuss
NOT a complete output of ALL PAM configs! If questions please
withcat
the UNIX admin!'
cat /etc/pam.d/system-auth > $HOSTNAME/tmp/UNIXresults/PAM.fil cat
/etc/security/pwquality.conf >> $HOSTNAME/tmp/UNIXresults/PAM.fil
commands./etc/pam.d/su |grep pam_wheel.so >>SSH'
$HOSTNAME/tmp/UNIXresults/PAM.fil # SSHD configuration echo 'options
available to limit which users and group can access the system via
cat /etc/ssh/sshd_config |grep "^AllowUsers" >discuss with
$HOSTNAME/tmp/UNIXresults/SSHD.fil
cat /etc/ssh/sshd_config |grep "^AllowGroups" >>
$HOSTNAME/tmp/UNIXresults/SSHD.fil
cat /etc/ssh/sshd_config |grep "^DenyUsers" >>
$HOSTNAME/tmp/UNIXresults/SSHD.fil
cat /etc/ssh/sshd_config |grep "^DenyGroups" >>
$HOSTNAME/tmp/UNIXresults/SSHD.fil
# World writable files
echo 'lists world writable files - if exist in sensitive directories
system administrator'SUID
find / -perm -2 ! -type l -ls > $HOSTNAME/tmp/UNIXresults/WWW.fil #
& SGUID files echo 'lists files with the SUID & SGUID bit set - ifexist in
sensitive directories discuss with system administrator'$HOSTNAME/tmp/UNIXresults/*.fil
find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -lg {} \;
2>/dev/null > $HOSTNAME/tmp/UNIXresults/GUIDandSUID.fil
tar -cf $HOSTNAME/tmp/UNIXresults.tar
rm -f $HOSTNAME/tmp/UNIXresults/*.fil rmdirMail
$HOSTNAME/tmp/UNIXresults exit 0
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600
to: 2505 Dekko Drive<midrange-l@xxxxxxxxxxxx>
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
From: "Kevin Bucknum" <Kevin@xxxxxxxxxxxxxxxxxxx>
To: "Midrange Systems Technical Discussion"
Date: 04/28/2017 10:01 AM
Subject: RE: Recommended AIX lists
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>
The biggest issues that I've seen have all been either expecting a
different shell than you are running, of differences in the
auditorsGnu CHMOD allows you to negate permissions in octal notation. AIX
doesn't. The equivalent of CHMOD -777 is CHMOD 0000.
How long is the script? I might can work through it and get the
information they are looking for.
Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] OnBehalf
Of Rob Berendt
Sent: Friday, April 28, 2017 8:49 AM
To: Midrange Systems Technical Discussion
Subject: Re: Recommended AIX lists
<snip>
Have you tried running it? How far do you get before it fails?
</snip>
Dies very quickly. Died on the chmod command
OS audit scripts tend to be, well, OS specific. Unless, our
..}screwed up**********************************************************
the chmod command?
*******************************************************************************pertinent to
* *
* *
* Welcome to AIX Version 7.1! *
* *
* *
* Please see the README file in /usr/lpp/bos for information
*
* this release of the AIX Operating System. *
* *
* *
*********************
# /bin/sh
# pwd
/
# mkdir -p $HOSTNAME/tmp/UNIXresults
# chmod -777 $HOSTNAME/tmp/UNIXresults
chmod: Not a recognized flag: 7
Usage: chmod [-R] [-f] [-h] {u|g|o|a ...} {+|-|=} {r|w|x|X|s|t
mailingFilemailing
...
chmod [-R] [-f] [-h] OctalNumber File ...
Changes the permission codes for files or directories.
#
#
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
listaffiliate
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our
link: http://amzn.to/2dEadiD--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
affiliatelist
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our
mailinglink: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
listaffiliate
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our
listlink: http://amzn.to/2dEadiD--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.