aix主机操作系统加固规范.pdf

AIX主机操作系统加固规范

Opsec.cn

2010 年 9 月

目 录

1 账号管理、认证授权 ...................................................................................................... 1

1.1 账号 ........................................................................................................................... 1

1.1.1 SHG-AIX-01-01-01 .............................................................................................. 1

1.1.2 SHG-AIX-01-01-02 .............................................................................................. 2

1.1.3 SHG-AIX-01-01-03 .............................................................................................. 3

1.2.4 SHG-AIX-01-02-04 .............................................................................................. 8

1.2.5 SHG-AIX-01-02-05 .............................................................................................. 9

1.3 授权 ......................................................................................................................... 10

1.3.1 SHG-AIX-01-03-01 ............................................................................................ 10

1.3.2 SHG-AIX-01-03-02 ............................................................................................. 11

1.3.3 SHG-AIX-01-03-03 ............................................................................................ 12

1.3.4 SHG-AIX-01-03-04 ............................................................................................ 13

1.3.5 SHG-AIX-01-03-05 ............................................................................................ 14

2 日志配置 ......................................................................................................................... 15

2.1.1 SHG-AIX-02-01-01 ............................................................................................ 15

3.1.2 SHG-AIX-03-01-02 ............................................................................................ 20

3.2 路由协议安全 ........................................................................................................ 21

3.2.1 SHG-AIX-03-02-01 ............................................................................................ 21

4 补丁管理 ......................................................................................................................... 24

4.1.1 SHG-AIX-04-01-01 ............................................................................................ 24

5 服务进程和启动 ............................................................................................................ 25

5.1.1 SHG-AIX-05-01-01 ............................................................................................ 25

5.1.2 SHG-AIX-05-01-02 ............................................................................................ 27

6 设备其他安全要求 ........................................................................................................ 31

6.1 登陆超时策略 ........................................................................................................ 31

7 附录： AIX 可被利用的漏洞（截止 2009-3-8 ） ...................................................... 34

文件系统管理等方面的安全配置要求，共 27 项。对系统的安全配置审计、加固操作

起到指导性作用。

1.1 账号

1. 1. 1 SHG- AI X- 01- 01- 01

编号 SHG-AIX-01-01-01

名称 为不同的管理员分配不同的账号

实施目的 根据不同类型用途设置不同的帐户账号，提高系统安全。

问题影响 账号混淆，权限不明确，存在用户越权使用的可能。

回退方案 删除新增加的帐户： #rmuser username

判断依据 标记用户用途，定期建立用户列表，比较是否有非法用户

实施风险 高

重要等级 ★★★

备注

1. 1. 2 SHG- AI X- 01- 01- 02

编号 SHG-AIX-01-01-02

实施步骤

回退方案

判断依据