Front cover AIX V6 Advanced Security Features Introduction and Configuration A comprehensive overview of AIX V6 operating system security features New features: Role Based Access Control (RBAC), Trusted AIX (Multilevel Security), and Trusted Execution AIX V6 Security Expert enhancements Brad Gough Christian Karpp Rajeev Mishra Liviu Rosca Jacqueline Wilson Chris Almond ibm.com/redbooks International Technical Support Organization AIX V6 Advanced Security Features Introduction and Configuration September 2007 SG24-7430-00 Note: Before using this information and the product it supports, read the information in “Notices” on page xi. First Edition (September 2007) This edition applies to IBM AIX Version 6.1. Note: This book is based on a pre-GA version of a product and may not apply when the product becomes generally available. We recommend that you consult the product documentation or follow-on versions of this IBM Redbooks publication for more current information. © Copyright International Business Machines Corporation 2007. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . xi Trademarks . xii Preface . xiii The team that wrote this book . xiv Acknowledgements . xv Become a published author . xvi Comments welcome. xvi Part 1. AIX V6 operating system security features . 1 Chapter 1. Introduction. 3 1.1 Introduction: security in the enterprise . 5 1.2 Risk analysis . 6 1.3 Types of security threats . 7 1.4 AIX V6.1 security features and the threats they address . 9 1.5 Types of security . 10 1.6 Purpose of security: establishing trust. 11 1.7 Overview of security enhancements to AIX V6 for establishing trust . 12 1.8 Trusting the configuration of the OS with AIX Security Expert . 14 1.8.1 AIX Security Expert enhancements for AIX V6 . 15 1.8.2 AIX Security Expert hardening groupings . 16 1.8.3 AIX Security Expert “undo” option. 17 1.8.4 Consistency check in AIX Security Expert . 17 1.8.5 Centralized AIX Security Expert policy distribution with LDAP . 18 1.9 Trusting the installation of filesets with Secure by Default . 20 1.10 Trusting system access with File Permission Manager. 21 1.11 Trusting executables with Trusted Execution . 22 1.12 Delegating trust for users and the processes with Role Based Access Control . 24 1.12.1 AIX V6 Enhanced RBAC compared to AIX RBAC prior to AIX V6 . 25 1.12.2 Advantages of AIX V6 Role Based Access Control . 26 1.12.3 Relationship of authorizations, roles, and privileges . 27 1.12.4 Privileges versus authorizations . 28 1.13 Trusting file access and providing privacy of files with AIX Encrypted File Systems . 31 1.13.1 Symmetric versus asymmetric encryption. 32 1.13.2 Advanced Encryption Standard (AES) . 34 1.13.3 Block versus streaming ciphers . 35 © Copyright IBM Corp. 2007. All rights reserved. iii 1.13.4 CBC mode versus ECB mode. 36 1.13.5 Selecting key length and modes . 38 1.13.6 RSA algorithm . 38 1.13.7 Creating the EFS keystore: installation of CLiC library . 38 1.13.8 EFS key protection modes: Root Admin or Root Guard mode . 39 1.14 Trusting the entire system: Trusted AIX . 39 1.14.1 Components of Trusted AIX . 41 1.15 In summary: total AIX security capabilities . 43 1.15.1 LDAP Active Directory enhancements . 45 1.15.2 TCP wrappers . 46 1.15.3 IP Security with AES . 46 1.15.4 ipfilter support . 47 1.15.5 Open SSH with Kerberos authentication. 47 1.15.6 Stack Execution Disable . 47 1.15.7 4764 Cryptographic Accelerator with CCA and PKCS11 support. 49 1.16 AIX certifications: independent assurance of security functions . 50 1.16.1 Background on security standards . 50 1.16.2 Security profiles for AIX V6.1: CAPP, LSPP, and RBACPP . 51 1.16.3 The Controlled Access Protection Profile (CAPP) . 51 1.16.4 Labeled Security Protection Profile (LSPP) . 52 1.16.5 Role Based Access Control Protection Profile (RBACPP) . 52 1.16.6 Current AIX certifications: CAPP and LSPP . 52 1.16.7 Evaluation and assurance levels for Common Criteria . 53 1.16.8 What does EAL4+ mean . 54 1.16.9 Definition of EAL4 . 55 1.16.10 Running a system in CAPP or LSPP mode . 56 Chapter 2. Encrypted File System . 59 2.1 EFS . 60 2.2 EFS prerequisites . 60 2.2.1 CLiC installation . 60 2.2.2 Enabling EFS for file systems . 61 2.2.3 The efsenable command. 62 2.2.4 Usage of lock files . 64 2.3 Managing encrypted file systems and encrypted files. 65 2.3.1 Creating an EFS . 65 2.3.2 Operations with EFS-enabled file systems . 67 2.3.3 Encryption inheritance. 67 2.4 Encryption at file level . 70 2.4.1 Creating encrypted files and the umask command . 70 2.4.2 Listing file encryption information . 72 2.4.3 Implication of encryption on file size and location of disk blocks . 73 2.4.4 Looking at disk blocks of an encrypted file . 74 iv AIX V6 Advanced Security Features: Introduction and Configuration 2.4.5 Decrypting a file . 77 2.4.6 Encrypting a file. 79 2.4.7 Changing file encryption key parameters . 80 2.4.8 File access permissions . 81 2.4.9 Changing file ownership . 85 2.4.10 Granting a user or a group access to a file . 87 2.4.11 Revoking a user or group access to a file . 91 2.4.12 Granting/revoking access in root admin mode . 94 2.5 Users management . 95 2.5.1 Defining users . 95 2.5.2 User keystore . 99 2.5.3 Keystore content . 100 2.5.4 Keystore operations . 104 2.5.5 Keystore operations . 105 2.5.6 Changing the user keystore password . 106 2.5.7 Granting access to the user keystore . 106 2.5.8 Revoking access to user keystore . 111 2.5.9 Accepting access keys . 113 2.5.10 Granting security credentials to a process . 115 2.5.11 Exporting the content of keystore . 116 2.5.12 User private keys . 117 2.5.13 User public key . 128 2.5.14 Importance of deprecated keys. ..