Please login or register. June 23, 2017, 10:20:10 AM

Author Topic: pscxpert - new name for aixpert  (Read 2415 times)

0 Members and 1 Guest are viewing this topic.

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1039
  • Karma: +0/-0
pscxpert - new name for aixpert
« on: February 17, 2014, 08:08:53 AM »
Last year version 1.1.3 of PowerSC was released - and the program name was changed from aixpert (which still exists as part of base AIX security) to pscxpert.

Two reasons: 1) to make more clear whether you were using the enhanced aix security commands;
2) there is a PowerLinux version of pscxpert as well.

Code: [Select]
powerscExp.ice.cmds        1.1.3.0    C     F    ICE Express Security Extension

One of the big improvements is the check option. You can get a csv (comma seperated values) formatted report with PASS/FAIL of DoD, PCI, Hippa, database, and more.

I'll be writing more on this soon - now that I have experienced how easy this makes verifying and reporting on compliance PASS/FAIL.

Michael

Michael

  • Administrator
  • Hero Member
  • *****
  • Posts: 1039
  • Karma: +0/-0
Re: pscxpert - new name for aixpert
« Reply #1 on: February 17, 2014, 08:20:57 AM »
One extract from a report (check) option:
Code: [Select]
(GEN006620: CAT II) This rule will configure hosts.deny and hosts.allow files /etc/security/pscexpert/bin/chetchostsfiles   a dod_chetchostsfiles FAIL /etc/hosts.deny file does not exist
(Multiple GEN items: CATII) Change ownership of files and dirs for DoD /etc/security/pscexpert/bin/chowndodfiles   dod_chowndodfiles FAIL current ownership- 500 httpd /var/httpd/htdocs/lpar2rdd/TimeDate-1.16/t/lang.t
(Multiple GEN items: CATII) Enable dodaudit: Enables bin auditing for DoD /etc/security/pscexpert/bin/dodaudit   h dod_dodaudit FAIL Auditing is OFF now

Looks a lot prettier in a spreadsheet. Will work on an image later - have to catch a plane.