AIX blog


Your first hour with MySQL on AIX

Most modern Linux distros come with MySQL preinstalled, or it can easily be added later using a tool such as YUM. Unfortunately AIX still has no such tool, and you have to maunally download the individual RPMs and pre-reqs. Here is an example of... Read more


Maintaining an AIX firewall

IBM quietly added a firewall capability (known as ipfilters) to AIX 6.1, however they did not do a particularly good job of either publicising or documenting it. You can either configure ipfilt from the command-line or via smit. The ipfilt toolset is part of... Read more


Locking-down smit

It is possible to restrict a user’s access to smit (menus) and to escape to the shell from a smit session: If you run: $ export SMIT_SHELL=n for a user when they press F9 they will see the following error message:   +————————————————————————–+ |                          ... Read more


Check if NTP is vulnerable

There are a lot of NTP reflection attacks currently being launched, it is therefore vital that you check if you version of NTP is vulnerable. Run xnpdc as root: # xntpdc xntpdc> host <Your server name> current host set to XXXX xntpdc> monlist ***Server... Read more


DNS lookup configuration

AIX offers a confusing array of options when configuring your system to be a simple DNS client. The traditional way is to create an “/etc/resolv.conf” file and add the address of up to three DNS servers e.g. nameserver nameserver nameserver domain ... Read more


Merging LDAP and local groups

Until recently it was impossible to have a user that was a member of both local and LDAP groups and this makes centrally managing applications such as Oracle, particularly problematic. This problem can now be overcome by setting the “domainlessgroups” attribute to true in... Read more


Making your AIX network more secure

These are some common network parameters that should be set in order to improve your system’s network efficiency and security. Network Service options To improve system security, there are several network options that you can change using 0 to disable and 1 to enable.... Read more


Google announces intention to begin deprocating SHA1

Google has announced a provisional plan and timetable to begin reducing support for X.509 certificates that have been signed using SHA1. The industry is now beginning to replace the SHA1 algorithm in favour of SHA2 or perhaps SHA256 because as computers become more powerful,... Read more


What does that port do?

Have you ever run lsof or netstat and wondered why a port was open, or what it does? This site is a useful way of checking: It also contains a list of the most common attacks kown to be aimed at that port.... Read more


Finding Library Dependencies

Have you ever wondered which libraries are being called by a binary or utility? The AIX package “” includes the “ldd” binary which shows the shared libraries called by an executable. This example shows the shared libaries called by the ping executable. # /usr/local/bin/ldd... Read more