Linked by David Adams on Thu 15th Jul 2010 16:56 UTC, submitted by poundsmack
IBM For only the second time since Big Blue entered the Unix market for real in February 1990 with the launch of the RS/6000 line of workstations and servers, the company is letting customers who use its Power-based servers take a future AIX release for a test drive in an open beta program
Thread beginning with comment 433585
To view parent comment, click here.
To read all comments associated with this story, please click here.
SReilly
Member since:
2006-12-28

I agree with most of what you say but it's the secure part I'm definitely not in agreement with. The default install leaves things like FTP and Telnet ports open by default plus all the remote management software runs as root.

The worst culprit of all, in my opinion, is the ssh implementation. It's always at least several versions behind the latest release and last time I looked, it didn't come installed by default. In fact, you had to download it from sourceforge.

One thing that has always annoyed me is the hardware management console, an X86 system running a cut down Linux that is used to manage all your POWER based systems on your network. It's also insecure by default and once you have control of this one machine, you can give yourself root access to any machine.

So all in all, very sloppy security by IBM.

Reply Parent Score: 5

poundsmack Member since:
2005-07-13

"The default install leaves things like FTP and Telnet ports open by default..."

I know version 5 had this issue, but I don't know if version 6 (and i am certain version 7) no longer does that. come to think of it i think version 6 left those open. 7 is more secure though. but you have a lot of very valid points.

Reply Parent Score: 2

traustitj Member since:
2005-11-09

Besides the HMC which under normal circumstances needs physical access to, that telnet and ftp is open by default is not that bad, just remember to turn them off.

SSH came with all my AIX machines by default, except for version 4. But it must be 3 years since I touched them, but worked on them and other unixes for 4 years

Reply Parent Score: 1

phastflyer Member since:
2007-05-23

Actually starting with AIX 6, AIX has a "Secure by default" installation option that installs AIX with no services started. The idea is that you would use the AIX Security Expert feature of AIX configure the security settings on that server and then optionally you could transport an XML profile to other servers to replicate those security settings.

Reply Parent Score: 1