What is SystemScan AIX?

  • The software is designed to work with AIX versions 5.3 to 7.1.
  • There will soon be a version for RedHat and Fedora Linux
  • SystemScan is written using standard shell scripts and so can be examined at any time by a security officer, auditor, or law-enforcement representative.
  • The checks are restricted to standard operating system features and functionality, and No attempt is made to access, or reverse-engineer, any sensitive or confidential information such as passwords.
  • The software is designed to be as close to “zero-footprint” as possible. It is packaged as a single RPM, which once removed leaves nothing except the reports/scan results.
  • The software does not install any third-party tools or binaries (e.g . Nessus or John the Ripper) and once the RPM is removed, it only leaves only the text, HTML, or XML reports, which can be then be copied to another system for analysis.
  • No changes are made to the system (except for some temporary work files), and all that the software consumes are CPU-cycles, and the file-space required for the reports.
  • The web-reports can be created on a sensitive system (e.g. production), and then copied to another location where first line support, auditors, etc, can view the information with requiring any privileged access.

What makes SystemScan AIX unique?

  • We provide free utilities to scan your (IVM)VIO servers and HMC’s.
  • System Scan AIX can track changes to more than 100 sensitive configuration items and produce integrity-drift reports which can be used by auditors and/or system managers to ensure compliance with both internal company, and industry-wide, security standards.
  • Can be run silently from cron, and the details transferred to another system such as a PC for offline analysis, or supplied to a third party such as an auditor, or law-enforcement agency.
  • Produces text, HTML, and XML reports.
  • System Scan AIX is a living product designed to be as generic as possible, however we can work directly with a client to produce a customised version and/or modules that runs specific tests etc.
  • Reports are broken-down into convenient categories which can easily be printed or mailed separately to your stakeholders
  • A risk and problem summary report is included with each (web) report, and this can be used to highlight risks and problems, and as a plan of action.
  • Each of the (HTML) tests comes with a help file which can be used as a teaching-aid, or by first-line support to reduce their reliance on second-and third line personnel.
  • The product could be white/re-labelled using a customer’s own logos and style-sheets so as to appear as part of their own infrastructure.

How can SystemScan help me with tuning the system?

Many of the defaults set at install time are not necessarily the best for your system configuration, and there are potentially massive security gains, by simply changing some tunables. For example Oracle often requires more shared-memory and different mount options in order to run efficiently.

SystemScan AIX can help you to achieve this in the following ways:

  1. Using our AIX system survey tool to carry out more than 600 non-intrusive checks and produce a summary of all the system software configuration and security settings. ZoomSmart can be simply installed and removed, and simply generates text and HTML report files that can be copied to other systems for review, as and when required.
  2. Use IBM standard tools to produce a detailed system layout diagram and report.
  3. Produce a detailed performance and security configuration report that contains a summary of our findings and recommendations.

Should you decide to implement our recommendations we can work with you to produce a detailed update and implementation plan, and regular progress reports.