You are currently on IBM Systems Media’s archival website. Click here to view our new website.

AIX > Administrator > Security

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems


TE Monitoring

TE monitors and stops malicious programs before they can harm the system, as illustrated in Figure 2. TE can be configured to monitor the loading of kernel extensions, programs, shell scripts and libraries. When the files actually get loaded, TE verifies the hash values of the file with respect the baseline hash in TSD. If the verifications fail, then the file execution will be stopped. TE also does the runtime verification of other attributes like owner, group and mode during loads. See Table 2 for TE runtime verification policies.

Table 2: TE runtime verification policies

TE
Values: ON/OFF
Enables / disables TE. Policies can be activated only when the TE option is set to ON.
CHKEXEC
Values: ON/OFF
Ensures integrity of the trusted binaries is checked during load time.
CHKSHLIB
Values: ON/OFF
The integrity of the trusted shared libraries is checked before loading them into the memory for execution.
CHKSCRIPT
Values: ON/OFF
The integrity of the trusted shell scripts is checked before loading them into the memory.
CHKKERNEXT
Values: ON/OFF
The integrity of the kernel extensions is checked before loading them into memory.
STOP_ON_CHKFAIL
Values: ON/OFF
Stops the loading of the trusted files if integrity checks fail. It works in combination with CHK* policies. For instance, CHKEXEC=ON and STOP_ON_CHKFAIL=ON, then any executable for an integrity check has failed will not be loaded.

Volatile files: A good system baseline not only includes the system related executables, kernel extensions and libraries, but it also includes other important files that are critical for correct system operation. Many of the system settings including multiple security settings are captured in configuration files. Unlike executables and others, these configuration files could get modified during the life of a system. For example /etc/passwd file is an important file in the system capturing the user configurations. While it’s important to monitor this file, the monitoring aspects could not include factors such as size or hash. Files such as /etc/passwd are termed as volatile files on the system. These types of files are monitored for integrity for file attributes such as owner and permission bits, and aren’t monitored for size, hash or signature. AIX ships many of the system files such as /etc/passwd in TSD marked as volatile files.

Trojan detection: The trustchk command supports scanning for Trojan horses from AIX 6 TL4. When trustchk is invoked with the right options, it scans all of the files on the particular target file system for any programs that are not part of TSD, but are suspect from a privilege escalation point of view. For runtime monitoring this can be set using the ‘STOP_UNTRUSTED’ policy to the ‘TROJAN’ value, see Table 3.

Table 3: TE Stop_Untrusted file policy

STOP_UNTRUSTED
Values: ON/OFF/TROJAN
Stops the loading of files that don’t belong to the TSD. Hence, it works in combination with CHK* policies. For example, if CHKSCRIPT=ON and STOP_UNTRUSTED=ON, then those scripts that do not belong to TSD will not be executed. TROJAN: Stops the loading of files that don’t belong to the TSD and meet the criteria as given in the Trojan-detection section below.

TE Paths: TE can be used to define a set of paths that have the trusted binaries that can be allowed to run. When a binary is about to get loaded, TE will check if it belongs to one of the defined Trusted Paths. If it’s not from a trusted path, then TE will block it from execution. See Table 4.

Table 4: TEP and TLP policies

TEP
Values: ON/OFF
Mandates only binaries from the directories listed in the TE Path can be loaded. The TE path is a list of directory paths separated by a colon.
TLP
Values: ON/OFF
Mandates libraries be loaded only if they exist in the Trusted Library Path (TLP). Like TE Path, using this policy you can set the TLP value, enable, it or disable it. TLP is colon-separated directory path.

 

George M Koikara is a senior programmer in AIX development and has worked across multiple technologies in AIX. He is an expert on security and in particular trusted computing and multilevel-based security. He led and developed many of the security features of AIX 6.1.

Pruthvi Panyam Nataraj is a senior programmer in AIX development and has worked across multiple components of the AIX OS. He is an expert on trusted platform architecture and was instrumental in the implementation of the Trusted Execution function in AIX 6,1. He also is an expert in IPSecurity and IKE2 protocols.

Ravi Shankar is an architect for AIX and PowerHA. He joined IBM 14 years ago and has specialized in wide set of technologies from reliability, availability and serviceability, to AIX security to business resiliency. With more than 19 years of experience in IT, he’s an expert in real-time systems, OS internals and overall system architecture.

Saurabh Desai is an architect for AIX. He has more than 20 years of experience in the IT industry, mostly with IBM. Saurabh has in-depth knowledge of OS internals and has worked across AIX and Linux. He is an expert in process management and security. He led and implemented many of the security features in AIX 6.1.



Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

Hardening the Cloud

Security considerations to protect your organization

Verify System Integrity

AIX 6.1 and Trusted Execution help ensure secure systems

A Bankable Solution

AIX Cryptographic Services improves security while simplifying administration

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters