Sunday, 19 April 2015
PCI-DSS 3.1
The latest version of PCI-DSS (3.1) has recently released http://searchsecurity.techtarget.com/news/4500244448/PCI-DSS-31-debuts-requires-detailed-new-SSL-security-management-plan and this includes much tighter rules on the use of certificates and encryption algorithms.
Tuesday, 14 April 2015
Locking-down smit
It is possible to restrict a user's access to smit (menus) and to escape to the shell from a smit session:
If you run:
$ export SMIT_SHELL=n
for a user when they press F9 they will see the following error message:
+--------------------------------------------------------------------------+
| INFORMATION MESSAGE |
| |
| Press Enter or Cancel to return to the |
| application. |
| |
| The Shell function is not available for this |
| session. |
| |
| F1=Help F2=Refresh F3=Cancel |
F1| F8=Image F10=Exit Enter=Do |
F9+--------------------------------------------------------------------------+
Menu access can also be restricted by editing "/etc/security/smitacl.user" and adding a stanza for a user e.g.
$ cat /etc/security/smitacl.user
default:
screens = *
funcmode = roles+acl
backup:
screens = shutdown,mksysb
funcmode = roles+acl
If you run:
$ export SMIT_SHELL=n
for a user when they press F9 they will see the following error message:
+--------------------------------------------------------------------------+
| INFORMATION MESSAGE |
| |
| Press Enter or Cancel to return to the |
| application. |
| |
| The Shell function is not available for this |
| session. |
| |
| F1=Help F2=Refresh F3=Cancel |
F1| F8=Image F10=Exit Enter=Do |
F9+--------------------------------------------------------------------------+
Menu access can also be restricted by editing "/etc/security/smitacl.user" and adding a stanza for a user e.g.
$ cat /etc/security/smitacl.user
default:
screens = *
funcmode = roles+acl
backup:
screens = shutdown,mksysb
funcmode = roles+acl
Subscribe to:
Posts (Atom)