You are currently on IBM Systems Media’s archival website. Click here to view our new website.

AIX > Administrator > Security

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems


Using Custom Keys

TE requires the private key and the corresponding certificate are provided to generate the signature for the entries in the tsd.dat baseline file. The default AIX entries are shipped with signatures IBM keys have generated. For signing new entries, especially the third-party applications, you can also use your own keys generated using OpenSSL tool as described steps given below.

  1. Install openssl (OpenSSL is part of the AIX expansion pack)
  2. Create a private key (key will be created in the PEM format): openssl genrsa -out TSDprivkey.pem 2048
  3. Create the corresponding certificate in DER format (valid for 3650 days/10 years): openssl req -new -x509 -key TSDprivkey.pem -outform DER -out TSDcertificate.der -days 3650
  4. Convert the private key format from PEM to DER: openssl pkcs8 -inform PEM -in TSDprivkey.pem -topk8 -nocrypt -outform DER -out TSDprivkey.der
  5. Invoke the trustchk to include an entry for file /usr/bin/yourfile: trustchk -s TSDprivkey.der -v TSDcertificate.der -a /usr/bin/yourfile

Securing the Database Through Lockdown

The key requirement for successful integrity measurement is to guard against any intruder modifications to the baseline itself. You can do this many ways, the easiest of which is to use a once-writeable media such as CD R/DVD R to store the TSD and use this CD/DVD as the reference TSD, while periodically checking for integrity. Another option to guard TSD against modification is to use the lock-down policy in AIX 6.1 TE. This disallows all writes to the TSD file.

It’s essential the TSD be managed and maintained at a site/institution level. Create the baseline on one production system and use the same everywhere else for verification. If a malicious user breaks into root account, he or she can turn off the TE policies and change the system configuration and could even modify the TSD database contents. Hence TE provides locking capabilities to prevent system from any such damages (see Table 1).

Table 1: TE Lockdown Policies

TSD_LOCK
Values: ON/OFF
Protects the TSD database itself. If this on, any modifications to the /etc/security/tsd/tsd.dat will not be allowed.
TSD_FILES_LOCK
Values: ON/OFF
Protects all the trusted files from modifications. Operations like unlink, rename, write or mount are not allowed on the trusted files.
LOCK_KERN_POLICIES
Values: ON/OFF
Prevents other TE Policies from being turned off. Once this policy is enabled, none of the other policies can be turned OFF. However, they can always be turned ON. This is based on the assumption that security can always be extended, but never compromised.

If this policy is ON and any other policy has to be turned off, then first turn off LOCK_KERN_POLICIES and reboot the system. Then the other policies can be changed.

 

George M Koikara is a senior programmer in AIX development and has worked across multiple technologies in AIX. He is an expert on security and in particular trusted computing and multilevel-based security. He led and developed many of the security features of AIX 6.1.

Pruthvi Panyam Nataraj is a senior programmer in AIX development and has worked across multiple components of the AIX OS. He is an expert on trusted platform architecture and was instrumental in the implementation of the Trusted Execution function in AIX 6,1. He also is an expert in IPSecurity and IKE2 protocols.

Ravi Shankar is an architect for AIX and PowerHA. He joined IBM 14 years ago and has specialized in wide set of technologies from reliability, availability and serviceability, to AIX security to business resiliency. With more than 19 years of experience in IT, he’s an expert in real-time systems, OS internals and overall system architecture.

Saurabh Desai is an architect for AIX. He has more than 20 years of experience in the IT industry, mostly with IBM. Saurabh has in-depth knowledge of OS internals and has worked across AIX and Linux. He is an expert in process management and security. He led and implemented many of the security features in AIX 6.1.



Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters