Translate

Sunday 19 April 2015

PCI-DSS 3.1

The latest version of PCI-DSS (3.1) has recently released http://searchsecurity.techtarget.com/news/4500244448/PCI-DSS-31-debuts-requires-detailed-new-SSL-security-management-plan and this includes much tighter rules on the use of certificates and encryption algorithms.

Tuesday 14 April 2015

Locking-down smit

It is possible to restrict a user's access to smit (menus) and to escape to the shell from a smit session:

If you run:

$ export SMIT_SHELL=n

for a user when they press F9 they will see the following error message:

  +--------------------------------------------------------------------------+
  |                           INFORMATION MESSAGE                            |
  |                                                                          |
  | Press Enter or Cancel to return to the                                   |
  | application.                                                             |
  |                                                                          |
  |   The Shell function is not available for this                           |
  |   session.                                                               |
  |                                                                          |
  | F1=Help                 F2=Refresh              F3=Cancel                |
F1| F8=Image                F10=Exit                Enter=Do                 |
F9+--------------------------------------------------------------------------+

Menu access can also be restricted by editing "/etc/security/smitacl.user" and adding a stanza for a user e.g.

$ cat /etc/security/smitacl.user
default:
        screens    =    *
        funcmode   =    roles+acl
backup:
        screens    =    shutdown,mksysb
        funcmode   =    roles+acl