Managing the Workload Protection agent in AIX on PowerVS

After you provision an instance of the IBM Cloud® Security and Compliance Center Workload Protection service in IBM Cloud, you can deploy the Workload Protection agent on your AIX hosts on IBM® Power® Virtual Server to validate your AIX operating system security.

Workload Protection provides the following features to protect your standalone AIX hosts on Power Virtual Server:

Posture management: scan host configuration files for compliance and benchmarks such as CIS AIX Benchmark.

Deploying the agent by running the binary

Complete the following steps to configure a Workload Protection agent on AIX for validating your operating system posture. This agent will forward the security findings to an instance of the Workload Protection service:

Obtain the access key.
Obtain the public or private ingestion URL. For more information, see Collector endpoints.

Download the binary:

curl https://s3.us-east-1.amazonaws.com/download.draios.com/dependencies/kspm-analyzer/1.44.17/kspm-analyzer-aix-ppc64 -o /tmp/kspm-analyzer-aix-ppc64

Note: This command stores the binary under /tmp, you can use your desired directory.

Configure the service:
```
mkssys -p /tmp/kspm-analyzer-aix-ppc64 -s kspm_analyzer -u 0 -e /tmp/kspm-analyzer.log -i /tmp/kspm-analyzer.log -o /tmp/kspm-analyzer.log
```
Where:
- -p is the full path of your kspm-analyzer binary you have downloaded in step 3.
- -s is the service name.
- -i, -o and -e to write logs under /tmp/kspm-analyzer.log. You can use any other file for writing the service logs.
Add execution permissions to the binary:
```
chmod +x /tmp/kspm-analyzer-aix-ppc64
```
Start the service. Make sure to replace <HOSTNAME>, <REGION> and <ACCESS KEY>:
```
startsrc -s kspm_analyzer -e 'NODE_NAME=<HOSTNAME> API_ENDPOINT=<REGION>.security-compliance-secure.cloud.ibm.com ACCESS_KEY=<ACCESS KEY>'
```
Where:
- HOSTNAME: it will be used for showing results and your server in Inventory.
- REGION: depending on the region your have deployed Workload Protection. Check step 2.
- ACCESS KEY: from step 1.
An example would be: startsrc -s kspm_analyzer -e 'NODE_NAME=myhostname API_ENDPOINT=us-east.security-compliance-secure.cloud.ibm.com ACCESS_KEY=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'

Configure the service to run during startup (inittab):

mkitab "fkcmd:2:respawn:startsrc -s kspm_analyzer -e 'NODE_NAME=<HOSTNAME> API_ENDPOINT=<REGION>.security-compliance-secure.cloud.ibm.com ACCESS_KEY=<ACCESSKEY>'"

Verify the service is running by checking the logs under /tmp/kspm-analyzer.log.

Applying CIS benchmark for AIX to your server

IBM Cloud® Security and Compliance Center Workload Protection provides the CIS benchmarks for AIX as posture policies. Follow these steps to find the AIX policies and assign them to your hosts.

Verifying results in the UI

After a few minutes, you can check the posture results for your AIX servers in the UI.

Access your Workload Protection instance:

Verify that your host appears under Inventory. You can filter by the hostname (Resource Name) or type of operating system (Platform).
The Workload Protection agent will evaluate AIX after you apply the corresponding policy. You can see all results in Posture/Compliance in the Entire Infrastructure zone or define specific zones for your AIX hosts under Policies/Zones.