AIX Scanning Software 1

[roybus23]

Forumites,

Are you currently using a scanning tool on your AIX box to check for vulnerabilities, security holes, etc.???

Thanks....

 

[DukeSSD]

It's an AIX forum mate, not a windows forum!

 

[kHz]

Why wouldn't you want to do penetration testing and vulnerability scanning on an AIX or other Unix server(s)?

I worked for the gov't and they did penetration/vulnerability scanning (among other things) on our Unix servers (no variant given).

 

[Gloups]

You may have a look to AIX security toolkit. I havent tested it recently but the last time it was a good way to look for some basis security holes.

http://www.rootvg.net/downloadssec.html

Security problems are not the speciality of windows. Fot year 2005 3/4 of the security problems were found on main Unix and Linux.

 

[mrn]

roybus23,

Your right to want to improve and monitor the security of your boxes, people become too Blasé because "It's not windows"

Check for new vulnerabilities at

http://www.cert.org/

also sign-up to IBM's subscription service for new fixes / issues.

https://www14.software.ibm.com/webapp/set2/subscriptions/

google for "aix hardening"

Other tools available (Some are getting out-of-date now)

cops
tripwire
crack
tcpd
Kerberos

see

http://www-128.ibm.com/developerworks/eserver/articles/unixsecurity.html

and also a good read

http://www.securitydocs.com/library/3136/4

and

http://www.redbooks.ibm.com/abstracts/sg245971.html

Mike

Unix *is* user friendly. It's just selective about who its friends are.