hello , guys

recently , I come across a problem about the xmanager login the AIX 6 server.
xmanger use the protocal XDM query to login AIX x-window.  after login , i type the command "echo $LANG" , it show me the result: LANG=En_US.  That result is different from the record in /etc/environment . in /etc/environment record shows LANG=en_US.   i am very confuse that i try to login in that system used VNC to connect the server  or directly telnet that server, that can work, command "echo $LANG" show "LANG=en_US" not "LANG=En_US". 

i wonder if anyone come across that issue.. can give some hint to how to find out why that happened ? thanks

For details of what to do with passwords, see the headers in the files /etc/security/user & /etc/security/login.cfg.

For services, as in network services,
the file /etc/inetd.conf controls the "transient" ones - comment out anything you don't want to start,
for other permanently running daemons see the files /etc/rc.tcpip or /etc/rc.nfs, and so on.

There is no supplied way to block (network) packets with AIX.  There was once a firewall product that could
be installed on AIX or Windows, but that fell by the wayside in the face of competition from other types of firewall
often specialised integrated devices.  You still have unrelated things like tunnels and encryption.

This server uses our own "blockip" tool to block specific offending IP addresses - details here:
www.rootvg.net/blockip.html (http://www.rootvg.net/blockip.html)

am using AIX 5.3

root@node1#uname -a
AIX node1 3 5 00073759D600

Depends on your level of AIX.

For AIX 5.2 (and less with some modifications) a good start is this redbook: AIX 5L Version 5.2 Security Supplement (http://www.redbooks.ibm.com/abstracts/sg246066.html). In particular, for your question I reccomend reading the Appendix A.

This book is a supplement for the AIX Security "whitebook" that can be found for each version of AIX via the Information Center links (use the rootvg weblink on the right for your version of AIX).

If you have AIX 5.3 or AIX 6.1, one relatively easy way to harden AIX is to use AIX Security Expert (command line: aixpert).

If you have more (specific) questions - just ask.

can you please point out ways to protect AIX system from intruders and move it to a secure enviroment i.e. (password, disable services, blockpackets,...etc)

This week I have been experimenting with different ways to Install Linux on Power.

1) Downloaded lots of .iso files (redhat, fedora, suse, opensuse, debian, IBM Toolkit)

2) Played with the IBM Toolkit
For Suse and Redhat it assists with the install. First you boot from the IBM Toolkit DVD, then you have choice of proceeding from command line only, or starting a browser (and going back to console when requested). Installs, adding IBM Tools all worked as expected.

3) played with debian net install.
The install goes well, attaches to network and loads packages. HOWEVER, 1) Debian still does not know to to boot from a logical partition as shared storage; 2) I have not found the ssh install and installation using the net install image. 3) console is not activated on reboot.

I have read some hints, instructions on these points with debian. If someone knows how to resolve these - please post!!

Thank you for your reply.

I only mentioned AIX as an example I knew, and wanted to be sure you were using two VIO servers. I have seen situations where multipath was expected, but only one path was available.

To assume, is to fail in some situations.

Glad you got it working - and regarding your suggestion for a default setting - comment on Suse's site. I have generally gotten good responses from Suse support.

Generally, what I have done is create a seperate directory and then hard link all the files from the old (original) lpp_source, to the new directory.

suppose /export/lpp/5305 is the original lpp_source

mkdir -p /export/lpp/5308/installp/ppc
cd /export/lpp/5305/installp/ppc
ln * /export/lpp/5308/installp/ppc
inutoc /export/lpp/5308/installp/ppc

cd /export/lpp/5305

ls

The other directories, iirc usr and RPMS (if it is small) I just copy using cp -r to the new directory.

Once I have done that I use the nim commands to create the new nim lpp_source, and then update it as you suggested, and create a new spot.

Why - you may have been asking. Well, until all your old mksysb images, etc. are replaced with new ones - you may need that old spot for installing, or maint booting your current installations. Some updates modify boot images.

Goiing from 5305 to 5306 or higher (TL5 to TL6+) generally means you will need to create an image_data resource.

Using NIM in AIX 5.3 I am wanting to update my current nim resources (lpp_source, spot) with a new technology level.  Can someone help me with the steps to do this?

I'm thinking that I would do...  smitty nim > perform nim admin tasks > manage resources > Perform Operations on Resources >   select my lpp resource i want to update> select update from the following menu > select add > then put the path to the directory containing the TL with all the .bff files?

Then I'd probably need to update my spot object as well?  not sure how to do this as I've only made NIM resources from disk so far.


Any help is appreciated

Thanks,

I finaly got the xclock and graphical smit to show up connecting with cygwin to my aix partition. thanks for your help.

i'm now trying to lauch CDE (installed by default) or another cool graphical interface.

thanks for any further help.