is an IBM AIX security compliance and administration tool that simplifies and automates security administration tasks and compliance reporting requirements. Policy Minder allows you to document your security policy implementation and reduces the time and complexities associated with managing security and maintaining and reporting on compliance. The FixIt function allows you to easily set servers’ settings to
match your organization’s security policy and configuration requirements. Policy Minder for AIX uses agentless technology to allow you to easily manage multiple AIX servers through a graphical, browserbased
admin console.
What Policy Minder does:
Policy Minder examines your security configuration and compares it to your policy. Any item that does not match your policy is
“out of compliance.” Policy Minder examines not only the compliance details common to all operating systems, but also examines
the details unique to the IBM AIX operating system. You determine the areas to be examined and then schedule regular compliance
checks to ensure the servers’ configuration stay in compliance.
The areas that can be examined include:
- Global security settings:
- auditing attributes
- group attributes
- login defaults
- password attributes
- user account creation defaults
- other, misc settings
- User account settings:
-
- auditing attributes
- group attributes
- login defaults
- password attributes
- other, misc settings
- Directory and file permissions:
- Owner
- Primary group
- Other
- Attributes
- SUID
- SGID
- SVTX
- Extended permissions
- SUID / SGID files
-
- TCP/IP daemons
- Exported directories
Additional Features:
- Admin console allows you to administer one server or multiple servers at the same time.
- Comprehensive message log for administrative tracking and debug
- Policies can be initialized – that is, current settings can be discovered and used as the policy setting.
Reports
- Detailed policy documentation, including the capability to add additional documentation which can be used to document corporate policy adherence, justification for deviations from best practices, etc
- Compliance reports, showing the details of out-of-compliant items or the fact that the policy was checked and all items are in compliance.
- Fixit results including the command used to make the change as well as the previous value
- Formats: PDF, CSV
- Reports can be consolidated – the results of checking multiple servers rolled into one report, or an individual report per server and emailed to individuals or accessed through the central console.
Automating Security Administration
Ways Policy Minder enables you to automate your tasks:Identifying and managing inactive local user accounts
- Discovering new admin accounts
- Ensuring local user accounts remain configured correctly
- Applying an approved security configuration as new servers come online
- Managing the permissions of files and directories
- Establishing a baseline of files with SUID or SGID and running compliance checks to identify new files or changes to attributes such as ownership or group
- Returning global security settings to be in compliance with your policy using FixIt.
- Automation and management of the security policies and compliance with those policies on multiple systems via single screen in an easy-to-use browser-based GUI interface.
- Elimination of the manual process of gathering data from multiple servers, consolidating it, comparing values and generating a compliance report for auditors
- Ensuring consistent, accurate and repeatable tasks that prove compliance
- Ensuring reports are run – regardless of how busy administrators are
- Documenting your policies and your risk acceptance statements.
Policy Minder is designed to reduce the time and complexity of ensuring that your servers’ security configuration stays in compliance with your security policy.
Policy Minder runs on:
IBM AIX 5.3 and higher.
