AIX blog

Nov
13
system-configuration-aix

Your first hour with MySQL on AIX

Most modern Linux distros come with MySQL preinstalled, or it can easily be added later using a tool such as YUM. Unfortunately AIX still has no such tool, and you have to maunally download the individual RPMs and pre-reqs. Here is an example of... Read more

Jun
15

Maintaining an AIX firewall

IBM quietly added a firewall capability (known as ipfilters) to AIX 6.1, however they did not do a particularly good job of either publicising or documenting it. You can either configure ipfilt from the command-line or via smit. The ipfilt toolset is part of... Read more

May
01

Locking-down smit

It is possible to restrict a user’s access to smit (menus) and to escape to the shell from a smit session: If you run: $ export SMIT_SHELL=n for a user when they press F9 they will see the following error message:   +————————————————————————–+ |                          ... Read more

Mar
02

Check if NTP is vulnerable

There are a lot of NTP reflection attacks currently being launched, it is therefore vital that you check if you version of NTP is vulnerable. Run xnpdc as root: # xntpdc xntpdc> host <Your server name> current host set to XXXX xntpdc> monlist ***Server... Read more

Jan
30

DNS lookup configuration

AIX offers a confusing array of options when configuring your system to be a simple DNS client. The traditional way is to create an “/etc/resolv.conf” file and add the address of up to three DNS servers e.g. nameserver      192.168.1.40 nameserver      192.168.1.1 nameserver      10.10.1.66 domain ... Read more

Jan
30
system-configuration-aix

Merging LDAP and local groups

Until recently it was impossible to have a user that was a member of both local and LDAP groups and this makes centrally managing applications such as Oracle, particularly problematic. This problem can now be overcome by setting the “domainlessgroups” attribute to true in... Read more

Jan
20

Making your AIX network more secure

These are some common network parameters that should be set in order to improve your system’s network efficiency and security. Network Service options To improve system security, there are several network options that you can change using 0 to disable and 1 to enable.... Read more

Jan
06

Google announces intention to begin deprocating SHA1

Google has announced a provisional plan and timetable to begin reducing support for X.509 certificates that have been signed using SHA1. The industry is now beginning to replace the SHA1 algorithm in favour of SHA2 or perhaps SHA256 because as computers become more powerful,... Read more

Jan
06

What does that port do?

Have you ever run lsof or netstat and wondered why a port was open, or what it does? This site is a useful way of checking: https://www.adminsub.net/tcp-udp-port-finder It also contains a list of the most common attacks kown to be aimed at that port.... Read more

Dec
17
checking_bios

Finding Library Dependencies

Have you ever wondered which libraries are being called by a binary or utility? The AIX package “freeware.aix.tools.rte” includes the “ldd” binary which shows the shared libraries called by an executable. This example shows the shared libaries called by the ping executable. # /usr/local/bin/ldd... Read more