Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)

AIX Security

News

See also

Redbooks IBM Links Recommended Links Recommended Papers Reference Hardening Log administration
Classic unix Tools Tips Open source software  

Patches

Admin Horror Stories

Random Findings Humor Etc

IBM provides several Redbooks that are relevant to the topic.  Please note that AIX 6.1 introduced important security enhancements and it makes sense to upgrade if you need higher level security in AIX environment.

Role Based Access Control (RBAC) is especailly important and useful feature as it allows administrators to delegate system administrative duties to non-root users. RBAC provides very fine granular authorizations which identify the privileged operation that they control by name. These authorizations can be used to create the required roles necessary and assign those roles to the users required to manage the system. Such non-root users will be able to assume the role and perform the allowed privileged operations.

The AIX 5L Security Expert was introduced with Technology Level 5 of AIX V5.3 OS, it provides clients with the capability to manage more than 300 system security settings from a single interface and the ability to export and import those security settings between systems. In AIX V6.1 OS it includes an enhancement to store security templates in a Lightweight Directory Protocol (LDAP) directory for use across a client's enterprise to help centralize its administration.

The Trusted Execution (TE) feature provides for the mechanism for checking and maintaining system integrity. A signature SHA256/RSA) database for the important system files is created automatically during the regular AIX install. The TE tool is then used to check the integrity of the system against the database. The administrator can define policies so that the loading of files listed in the database are monitored and execution is not allowed if the hashes do not match. Additionally the administrator can lock the signature database or the files in the database from being modified by anyone in the system, including root.

Among older useful Redbooks I would like to mention:

From firewalls to operating system hardening, this redbook illustrates additional tools and techniques that you can use to enhance the security environment of your IBM eServer pSeries, IBM RS/6000 workstation, SP, or Cluster. The approach taken is from outside to inside and from top to bottom. We move from the servers on the far reaches of your network that are visible to the outside world to those in the innermost recesses of your intranet containing your most confidential data. As we move through these servers, we work from the application layer at the top to the network layer at the bottom. Along the way, we cover third-party software that is readily available, modifications to the standard software that comes with AIX and PSSP, and assorted techniques that can all be used to provide enhanced security in your environment.

Subjects covered in this redbook include:
- Firewalls
- Secure Remote Access
- Network Mapping and Port Scanning
- System Integrity
- Securing AIXable of Contents

Chapter 1. Introduction
Chapter 2. Firewalls
Chapter 3. Check Point FireWall-1
Chapter 4. IBM Secureway Firewall
Chapter 5. Secure remote access
Chapter 6. Port and network scanning
Chapter 7. System and data integrity
Chapter 8. Securing AIX


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

  1. [Feb 6, 2006] OpenSSH is now bundled with AIX

    OpenSSH is a free software tool that supports SSH1 and SSH2 protocols. It's reliable and secure and is widely accepted in the IT industry to replace the r-commands, telnet, and ftp services, providing secure encrypted sessions between two hosts over the ...

    AIX 52 security guide

    IBM Redbooks AIX 5L Version 5.2 Security Supplement

    Chapter 4: Building basic firewall architecture

    ... homed firewall is comprised of a bastion ... and various flavors of Unix (Linux, AIX ... the
    operating system on the firewall host ... 4.3.3 What services should be monitored ...
    www.cyber.ust.hk/handbook4/04_hb4.html - 93k - Cached - Similar pages

    Devon_Caines_GCUX

    SANS Reading Room Unix Issues

    A User's Guide to UNIX and Workstations

    PAM Under AIX Information Page

    AIX has its own authentication framework, which is called the Loadable Authentication Module (LAM) system. So when using PAM under AIX, there are actually two different authentication systems in use. Both provide similar functionality, and both are modular, but they're designed very differently in terms of application API, module API, and config file format.

    If you have an application that uses the PAM application API, it will use the PAM modules configured in /etc/pam.conf; if you have an application that uses the LAM application API, it will use the LAM modules configured in /usr/lib/security/methods.cfg.

    The LAM module API for AIX 5.2 is documented here:

    http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/kernextc/sec_load_mod.htm
    The LAM module API was not documented in AIX 4.3, but my guess is that it was probably the same.

    AIX 4.3 does not include PAM. However, I've written a patch for building Linux-PAM under AIX.

    The patch includes a PAM module called pam_aix that "converts" PAM calls into the corresponding LAM calls, so that PAM-aware applications can make use of LAM even though they don't have any knowledge of the LAM application API. Because LAM provides AIX's default authentication mechanism, pam_aix can be used as the default module in /etc/pam.conf, much as pam_unix is on other platforms. For example:

    other   auth     required       /usr/local/lib/security/pam_aix.so
    other   account  required       /usr/local/lib/security/pam_aix.so
    other   session  required       /usr/local/lib/security/pam_aix.so
    other   password required       /usr/local/lib/security/pam_aix.so
    

    The stock AIX 5.1 CDs do not include PAM. Starting with ML01, the PAM library is included. However, no PAM modules are supplied and there is no default /etc/pam.conf file.

    To address this problem, IBM has backported their implementation of the pam_aix module from AIX 5.2 and made it available for AIX 5.1:

    https://techsupport.services.ibm.com/server/nav/pam
    Note that IBM's implementation of pam_aix was done completely independently of the one I wrote for AIX 4.3. It does not support the same options, but it works the same otherwise.

    AIX 5.2 has full support for PAM. It ships with the PAM library, the pam_aix module, and a default /etc/pam.conf file.

    Similarly to the way that pam_aix "converts" from PAM to LAM, AIX 5.2 also includes a LAM module that "converts" from LAM to PAM. The IBM documentation refers to this as the "PAM module", which is extremely confusing; to avoid this, I will refer to this module using its full path, /usr/lib/security/PAM.

    As mentioned above, pam_aix is a PAM module that you configure in /etc/pam.conf, and it allows PAM-aware applications to make use of LAM even though they don't have any knowledge of the LAM application API. Conversely, /usr/lib/security/PAM is a LAM module that you configure in /usr/lib/security/methods.cfg, and it allows LAM-aware applications to make use of PAM even though they don't have any knowledge of the PAM application API.

    The /usr/lib/security/PAM LAM module is documented here:

    http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixbman/security/pam_overview.htm
    Unfortunately, /usr/lib/security/PAM is not a very elegent solution, because it requires major modifications on the part of any PAM module that you want to use with it. Because the LAM API does not support the notion of a conversation function, all PAM modules must be modified to use the pam_get_item() and pam_set_item() calls to communicate with the application.

    (If you're familiar with the PAM and LAM APIs, it's pretty obvious why this is a problem. PAM uses an out-of-band mechanism (the conversation function) to communicate with the application, while the LAM API uses iterative calls to the authenticate() function. Even if /usr/lib/security/PAM supplied its own conversation function for communicating with PAM, there's no reasonable way for the conversation function to jump back into the initial stack frame of the original authenticate() call without losing state between each iteration.)

    Unfortunately, because the native AIX binaries (e.g., /bin/login and /bin/su) still call LAM directly, there is no reasonable way for them to use existing off-the-shelf PAM modules. The only alternative is to try to replace the native AIX binaries with open source alternatives that are PAM-aware, but that's a fairly complicated proposition, and I don't know of anyone who's actually tried to do that.

    AIX 5.3 finally has native PAM support in all of the native AIX binaries (e.g., /bin/login, /bin/su, etc). By default, these binaries will still use the historic AIX authentication mechanism, but they can be configured to use PAM instead by changing a setting in /etc/security/login.cfg. For details, see:
    http://publib.boulder.ibm.com/infocenter/pseries/index.jsp?topic=/com.ibm.aix.doc/aixbman/security/pam_overview.htm

    pSeries and AIX Information Center

    AIX® security services can be configured to call PAM modules through the use of the existing AIX loadable authentication module framework.

    Note: Prior to AIX 5.3 a loadable authentication module PAM was used to provide PAM authentication to native AIX applications. Due to differences in behavior between this solution and a true PAM solution, the PAM loadable authentication module is no longer the recommended means to provide PAM authentication to native AIX applications. Instead, the auth_type attribute in the usw stanza of /etc/security/login.cfg should be set to PAM_AUTH to enable PAM authentication in AIX. For more information on the auth_type attribute, see /etc/security/login.cfg. Use of the PAM loadable authentication module is still supported, but it is deprecated. You should use the auth_type attribute to enable PAM authentication.

    When the /usr/lib/security/methods.cfg file is set up correctly, the PAM load module routes AIX security services (passwd, login, and so on) to the PAM library. The PAM library checks the /etc/pam.conf file to determine which PAM module to use and then makes the corresponding PAM SPI call. Return values from PAM are mapped to AIX error codes and returned to the calling program.

    Figure 1. AIX Security Service to PAM Module Path

    This illustration shows the path that an AIX security service call takes when PAM is configured correctly. The PAM modules shown (pam_krb, pam_ldap, and pam_dce) are listed as examples of third-party solutions.

    The PAM load module is installed in the /usr/lib/security directory and is an authentication-only module. The PAM module must be combined with a database to form a compound load module. The following example shows the stanzas that could be added to the methods.cfg file to form a compound PAM module with a database called files. The BUILTIN keyword for the db attribute designates the database as UNIX® files.

    PAM:
            program = /usr/lib/security/PAM
    
    PAMfiles:
            options = auth=PAM,db=BUILTIN
    Creating and modifying users is then performed by using the -R option with the administration commands and by setting the SYSTEM attribute when a user is created. For example:
    mkuser -R PAMfiles SYSTEM=PAMfiles registry=PAMfiles pamuser
    This action informs further calls to AIX security services (login, passwd, and so on) to use the PAM load module for authentication. While the files database was used for the compound module in this example, other databases, such as LDAP, can also be used if they are installed. Creating users as previously described will result in the following mapping of AIX security to PAM API calls:
             AIX                     PAM API
            =====                   =========
            authenticate       -->  pam_authenticate
            chpass             -->  pam_chauthtok
            passwdexpired      -->  pam_acct_mgmt
            passwdrestrictions -->  No comparable mapping exists, success returned

    Customizing the /etc/pam.conf file allows the PAM API calls to be directed to the desired PAM module for authentication. To further refine the authentication mechanism, stacking can be implemented.

    Data prompted for by an AIX security service is passed to PAM through the pam_set_item function because it is not possible to accommodate user dialog from PAM. PAM modules written for integration with the PAM module should retrieve all data with pam_get_item calls and should not attempt to prompt the user to input data because this is handled by the security service.

    Loop detection is provided to catch possible configuration errors in which an AIX security service is routed to PAM and then a PAM module in turn attempts to call the AIX security service to perform the operation. Detection of this loop event will result in an immediate failure of the intended operation.

    Note: The /etc/pam.conf file should not be written to make use of the pam_aix module when using PAM integration from an AIX security service to a PAM module because this will result in a loop condition.

    IBM Informix Dynamic Server v10.0 Information Center

    Supported Platforms

    PAM is supported on Solaris and Linux, in both 32- and 64-bit modes.

    On HP-UX and AIX, PAM is supported in 32-bit mode only.

    The Name of the PAM Service

    The PAM service name identifies the PAM module. This PAM module typically resides in /usr/lib/security and its parameters are listed in the file /etc/pam.conf.

    In Linux, /etc/pam.conf can be replaced with a directory called /etc/pam.d, where there is a file for each PAM service. If /etc/pam.d exists, /etc/pam.conf will be ignored by Linux. See the system documentation for the details of this configuration file.

    Authentication Mode

    The PAM module determines whether a simple password is sufficient or other challenges are required. The PAM implementation in Dynamic Server takes advantage of the fact that for explicit connections, a password is sent to the server by the client. This password can be used to satisfy PAM in cases where a simple password is used. If the authentication mode involves responding to challenges, the applications must be prepared to respond to them. The application must be aware that the PAM module might raise multiple challenges.

    Required Stack Size

    The PAM feature loads OS or third-party PAM modules (shared libraries) into the informix user thread. The stack size requirements of these PAM modules cannot be predicted. For instance, on Linux some modules need more than 128K of stack space. Use the PAM_STACKSIZE configuration parameter to customize the stack size for PAM modules. The default value of PAM_STACKSIZE is 32 KB.

    For example, set PAM_STACKSIZE in the ONCONFIG file as follows:

    PAM_STACKSIZE 64 # Stack size needed for the PAM modules
    (K Bytes)

    On Linux, the default value is 128 KB plus the value of the STACKSIZE configuration parameter.

    Implicit Connections

    PAM is a challenge oriented system, in that the authentication response (the password) is supplied in response to a PAM message. In implicit connections to the database server, there is no password.

    Therefore, implicit connections can work under PAM only in challenge mode. Implicit connections in password mode will result in failure.

    Configuring a Database Server to Use PAM

    To configure a server to use PAM, the system administrator must know:

    • The name of the PAM module.
    • Whether the PAM module will raise a challenge in addition to accepting a simple username and password combination.

    The following example shows an sqlhosts entry with illustrative names:

    Authentication mode: challenge
    ifxserver2 oltlitcp servermc portnum2 options
    where options are "s=4, pam_serv=(pam_pass), pamauth=(challenge)"

    PAM service: pam_password (Needs only a password)

    Authentication mode: password
    ifxserver2 oltlitcp servermc portnum2 options
    where options are "s=4, pam_serv=(pam_pass), pamauth=(password)"

    Enterprise Replication and High-Availability Data Replication

    Enterprise Replication and High-Availability Data Replication (HDR) cannot respond to challenges, if the authentication scheme calls for it. For this reason, Enterprise Replication and HDR must not be configured in the port using PAM. For information on the facility to dedicate ports to Enterprise Replication and HDR, see Enterprise Replication and High-Availability Data Replication Connection Security Option.

    Application Development

    The process for preparing an application to respond to challenges raised by PAM is the same process to use when responding to challenges raised by LDAP Authentication Support modules. For more information, see Application Development for Authentication Modules.

    Distributed Transactions with PAM, Client APIs, and Compatibility Issues

    Distributed transactions, APIs that support PAM, and compatibility issues with other IBM Informix products and tools are the same for both PAM and LDAP Authentication Support modules. For more information, see Distributed Transactions, Client APIs and Authentication Support Modules, and Compatibility Issues.

    AIX RADIUS server, Part 1 Authentication and accounting protocols

    The AIX® Remote Authentication Dial-In User Service (RADIUS) server implements a client-server protocol, based on the Internet Engineering Task Force (IETF) Request for Comments (RFCs) 2865 and 2866, that enables remote access clients to communicate with a central server to gain access to a network. The RADIUS server authenticates users, authorizes their requests to services, and writes accounting data. The initial release for the RADIUS server is AIX 5L Version 5.3.0.10.

    Typical clients in a RADIUS environment are a terminal server, authenticating LAN device, or wireless access point.

    The AIX RADIUS server consists of three services:

    1. Authentication
    2. Authorization
    3. Accounting
    These services work together with either UNIX authentication, a local database, or a Lightweight Directory Access Protocol (LDAP) directory to provide authentication information. The RADIUS authentication server daemon provides security and user authentication for remote connections to the network. It also handles authorization, which specifies what services are available, and in some configurations, how network access is accomplished. The RADIUS accounting server daemon tracks when and how long remote connections are connected to the network, as shown in Figure 1 below.

    AIX Security Guide

    Mar 8, 2007 ... AIX Security Guide. System security ibm sysadmin unix administration AIX Hardening. ... aix 5.3 security configuration guide, Google, Page 2 ...
    www.scribd.com/doc/6896/AIX-Security-Guide - 824k - Cached - Similar pages

AIX 5L Version 5.3 Security

NewsForge | Comparing Linux and AIX

Security

The proprietary Unixes have traditionally fallen down a little on security, and AIX is no exception. From a commercial perspective it makes sense to not alienate your users, so usability has always taken precedence over security. The last thing IBM or Sun wants is businesses performing upgrades that stop their applications working correctly.

The result of this corporate caution is that a fresh install of AIX has gaping security holes. Services such as telnet, ftp, and rshd are enabled by default. Secure Shell (SSH) and TCP Wrappers aren't even installed (IBM ships both, but on a separate CD). AIX does come with some basic packet filtering, but there's no firewall on by default and it isn't easy to configure. Filesystem and swap space encryption aren't there either.

Compare this to Linux, where SSH is the default, most insecure services are disabled, a wealth of security software is shipped with almost every distro, and much effort has been put into helping users secure their systems.

AIX can be configured securely. IBM has a nice white paper that guides you through a lot of the tasks, but it isn't trivial to do, and the result is that a lot of companies don't, and tools like telnet are still a lot more common than they should be.

AIX 52 security guide

IBM Redbooks AIX 5L Version 5.2 Security Supplement

IBM Redbooks Additional AIX Security Tools on IBM eServer pSeries, IBM RS-6000, and SP-Cluster

From firewalls to operating system hardening, this redbook illustrates additional tools and techniques that you can use to enhance the security environment of your IBM eServer pSeries, IBM RS/6000 workstation, SP, or Cluster. The approach taken is from outside to inside and from top to bottom. We move from the servers on the far reaches of your network that are visible to the outside world to those in the innermost recesses of your intranet containing your most confidential data. As we move through these servers, we work from the application layer at the top to the network layer at the bottom. Along the way, we cover third-party software that is readily available, modifications to the standard software that comes with AIX and PSSP, and assorted techniques that can all be used to provide enhanced security in your environment.

Subjects covered in this redbook include:
- Firewalls
- Secure Remote Access
- Network Mapping and Port Scanning
- System Integrity
- Securing AIX

Chapter 1. Introduction
Chapter 2. Firewalls
Chapter 3. Check Point FireWall-1
Chapter 4. IBM Secureway Firewall
Chapter 5. Secure remote access
Chapter 6. Port and network scanning
Chapter 7. System and data integrity
Chapter 8. Securing AIX

Securing an AIX system Stanford university

Actually this is about hardening

[PDF] Microsoft PowerPoint - AIX-Security-Userblue-Mar05.ppt

SANS Reading Room

Recommended Links

Google matched content

Softpanorama Recommended

Top articles

Sites

[PDF] AIX 5L Version 5.3: Security Guide

http://www.bull.de/pub/

Elements of Security: AIX 4.1
AIX inventory scripts from various sources
Syslog and errorlog tools ( Cinnamon, Error reporter, Sysinfo script )
Mail Service Setup for AIX Systems

IBM AIX Security white paper

AIX Security Checklist

AU41U AIX V4 Security (IBM Learning Services Course in Ireland)

Aix Security

***** Strengthening AIX Security A System-Hardening Approach

**** IBM AIX- AIX Service Provider Utility Pack - interesting (2000 update is obsolite)

Geocrawler.com - fw-1 - [FW1] Guide for Hardening AIX.

IBM Redbooks Additional AIX Security Tools on IBM e(logo)server pSeries, IBM RS-6000, and SP-Cluster Chapter 8 is good.

AIX Network Hardening Kit from Reg Quinton,

There is a security principle that says you should Configure computers to provide only selected network services (CERT® Coordination Centre). The basic idea is this: every network service you offer is an opportunity for the bad guys (alternatively a risk to your system). That's not to say that you shouldn't offer any services -- a mail server that doesn't offer mail services isn't very useful. Instead, the principle says you should have a good understanding of network services and you should not offer any service unless there are very good reasons for doing so. This paper is a discussion of network hardening measures for AIX 4.3 -- an application of the security principle.

Some security packages address the problem by stripping all (or nearly all) network services and then instruct you to be careful about what you add to the system. That's a great approach but requires that you "get your hands on" the system before anyone layers anything onto it and you understand what you're adding to the system when you add it back in. Two conditions that don't apply at many sites.

The approach here is different. We consider services offered by the AIX 4.3 operating system, try to explain what each does, note the risks involved with each and make recommendations about what one ought to do to mitigate the risk. For each issue discussed a hardening tool (a shell script) is provided to handle the issue. Typically, the issue is handled by removing a service that you don't need. Several policies are provided to harden typical systems and an implementation tool is provided to enforce the policy.

A traditional Unix tar kit containing all scripts to harden each issue discussed, sample polices and a driver to implement policies is available here.

*** Unix Aix Computer Security Servers Risc 6000 Hardening checklists complied by Daniel Fidel Ferrer -- just links

Steps for Recovering from a UNIX or NT System Compromise
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html

How to Examine a Unix Box for Possible Compromise
http://www.sans.org/newlook/resources/IDFAQ/unixbox.htm

Rootkits: Hiding a Successful System Compromise
http://www.cchem.berkeley.edu/College/unix/docs/rootkit.html

Compromise FAQ
http://xforce.iss.net/security_library/faqs/compromise.php

CERT
http://www.cert.org/
Plus, Phone - CERT/CC hotline
412-268-7090 (24-hour hotline)
CERT/CC personnel answer 8:00 a.m.- 5:00 p.m. EST(GMT-5) / EDT(GMT-4) on working days; they are on call for emergencies during other hours and on
weekends and holidays.

General Aix technical support
http://techsupport.services.ibm.com/server/support

IBM Support and Downloads:
http://www.ibm.com/support/

Aix problem solving
http://techsupport.services.ibm.com/server/solveproblems

IBM Downloads and drivers search
http://www-1.ibm.com/support/download_search.html

AIX 4.3 System and Product Libraries
http://www.rs6000.ibm.com/doc_link/en_US/a_doc_lib/aixgen/

Aix Glossary - large.
http://www.rs6000.ibm.com/doc_link/en_US/a_doc_lib/aixuser/glossary/toc.htm

FAQ AIX November, 2000
http://www.emerson.emory.edu/services/aix-faq/

IBM Redbooks
http://www.redbooks.ibm.com/

IBM Redbooks you should have:
1) Elements of Security: AIX 4.1, GG24-4433-00.
2) AIX 4.3 Elements of Security Effective and Efficient Implementation, SG24-5962-00.
3) Additional AIX Security Tools on IBM pSeries, IBM RS/6000, and
SP/Cluster, SG24-5971-00
4) TCP/IP Tutorial and Technical Overview, GG24-3376-06
5) IBM Certification Study Guide AIX Installation and System Recovery.

Aix Security Alerts SANS
http://www.sans.org/newlook/digests/SAC/AIX.htm

Choosing good passwords
http://www.auscert.org.au/Information/Auscert_info/Papers/good_password.html

UNIX Configuration Guidelines
http://www.cert.org/tech_tips/unix_configuration_guidelines.html

Security software tools
http://www.cert.org/tech_tips/security_tools.html

UNIX Security Checklist v2.0
http://www.cert.org/tech_tips/usc20_full.html

National Infrastructure Protection Center (NIPC)
http://www.nipc.gov/

National Infrastructure Protection Center (NIPC) CyberNotes
http://www.nipc.gov/cybernotes/cybernotes.htm

The Twenty Most Critical Internet Security Vulnerabilities (Updated)
The Experts' Consensus Version 2.501 November 15, 2001
http://www.sans.org/top20.htm

IT World Unix security articles
http://www.itworld.com/nl/unix_sec/

INFOSYSSEC
The Security Portal for Information System Security Professionals
http://www.infosyssec.com/infosyssec/unixsec1.htm

FAQ: Network Intrusion Detection Systems March 2001
http://www.ticm.com/kb/faq/idsfaq.html

Google Groups E-mail:
http://groups.google.com/

General Computer Security Information
http://www.alw.nih.gov/Security/

Security Software from NIH
http://www.alw.nih.gov/Security/security-prog.html

General Security Frequently Asked Questions (FAQ) NIH
http://www.alw.nih.gov/Security/security-faqs.html

General Miscellaneous Documents Security from NIH
http://www.alw.nih.gov/Security/security-docs.html

Computer Security News Daily
http://www.MountainWave.com/

Security Daily News and Indexes
http://www.sse.ie/securitynews.html

Internet Security Systems X-force Alerts
http://xforce.iss.net/alerts/

Internet Weekly Security and Management
http://www.internetwk.com/browse/management.htm

The Computer Security Division (CSD) of NIST
Additional Government links. Cryptographic stuff
http://csrc.ncsl.nist.gov/

SSH
http://www.openssh.com/

OpenSSH including Aix
http://www.openssh.com/portable.html

SSH Manual pages
http://www.openssh.com/manual.html

TCP Wrappers
ftp://ftp.porcupine.org/pub/security/

PGP
http://www.pgpi.org/

MD5 hash
ftp://coast.cs.purdue.edu/pub/tools/unix/crypto/md5/

Tripwire 1.3
ftp://coast.cs.purdue.edu/pub/tools/unix/ids/tripwire/

Anzio
http://www.anzio.com/

Tips

AIX Security Commands Tips

Random Findings

Network Information Services (NIS and NIS+) Guide

Miscellaneous security papers
Miscellaneous security links
Distributed Denial of Service (DDoS) Attacks/tools
Unix System Administration
Principles of system administration
The Willcam Group - Index of HTML Toplevel Tags
Useful tools for Sun workstations and Solaris
sunmanagers -- The Sun Managers Mailing List
Sun Managers Summaries Archives at Louisiana Tech
Sun Managers Summaries Archives at Dataman Benelux
Solaris central
Network Training Workshop
NETS Documentation - execelent example of documentation
W. Richard Stevens' Home Page
Linux Remote-boot mini-How-To
The Bastard Operator from Hell
UNIX admins and sex - very dangerous
Dec UNIX OSF1 documentation
Books: Operating Systems, Networking, Hardware
Very Good Bookmarks



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: September 12, 2017