Integrity Monitoring and Server Hardening through AIX 6.1 Trusted Execution (White Paper)

AIX 6.1 introduced multiple security features to help customers enhance the security of their environment. One of the key features is called Trusted Execution (TE). This feature not only allows customer to monitor the system for integrity violations, but also provides for locking down the system in regards to execution of programs and loading of libraries
and kernel extensions.

While the White Paper attached this page was created for AIX 6.1, the information is still very useful for AIX clients on 7.1 and 7.2

• Users can also read current IBM Documentation to learn of newer features or options.
  • AIX 7.3: Trusted Execution

This document explains the policies of Trusted Execution and provides outlines in regards to way administrator can use to protect their system environment.

Some of the concepts explained in detail in this document include:

1. Trusted Signature Database (TSD), which stores the baseline integrity data
2. Volatile files and Trusted Signature Database
3. Monitor for non approved kernel extension loads
4. Lock down the production system
5. Trusted Execution Paths and Trusted Library Paths
6. Finding Trojan Horses
7. Relationship between tcbck and trustchk
8. Integration with Role Based Access Control /Trusted AIX.
9. Create and ship security attributes in a package

TIP:  Check out @Christian Sonnemans Trusted Execution blogs!!

• AIX and TE (Trusted Execution): an underestimated security feature? part1
  • https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/02/08/aix-and-te-sec-part1?CommunityKey=daa942cb-b783-4fd3-ba27-a2d7462f9530
• AIX and TE (Trusted Execution): an underestimated security feature? Part two
  • https://community.ibm.com/community/user/power/blogs/christian-sonnemans1/2024/02/22/aix-and-te-trusted-execution-an-underestimated-sec