IBM Cloud Docs
Managing the Workload Protection agent in AIX on PowerVS

Managing the Workload Protection agent in AIX on PowerVS

After you provision an instance of the IBM Cloud® Security and Compliance Center Workload Protection service in IBM Cloud, you can deploy the Workload Protection agent on your AIX hosts on IBM® Power® Virtual Server to validate your AIX operating system security.

Workload Protection provides the following features to protect your standalone AIX hosts on Power Virtual Server:

  • Posture management: scan host configuration files for compliance and benchmarks such as CIS AIX Benchmark.

Deploying the agent by running the binary

Complete the following steps to configure a Workload Protection agent on AIX for validating your operating system posture. This agent will forward the security findings to an instance of the Workload Protection service:

  1. Obtain the access key.

  2. Obtain the public or private ingestion URL. For more information, see Collector endpoints.

  3. Download the binary:

    curl https://s3.us-east-1.amazonaws.com/download.draios.com/dependencies/kspm-analyzer/1.44.17/kspm-analyzer-aix-ppc64 -o /tmp/kspm-analyzer-aix-ppc64

    Note: This command stores the binary under /tmp, you can use your desire directory.

  4. Configure the service:

    mkssys -p /tmp/kspm-analyzer-aix-ppc64 -s kspm_analyzer -u 0 -e /tmp/kspm-analyzer.log -i /tmp/kspm-analyzer.log -o /tmp/kspm-analyzer.log

    Where:

    • -p is the full path of your kspm-analyzer binary you have downloaded in step 3.
    • -s is the service name.
    • -i, -o and -e to write logs under /tmp/kspm-analyzer.log. You can use any other file for writing the service logs.

  5. Add execution permissions to the binary:

    chmod +x /tmp/kspm-analyzer-aix-ppc64

  6. Start the service. Make sure to replace <HOSTNAME>, <REGION> and <ACCESS KEY>:

    startsrc -s kspm_analyzer -e 'NODE_NAME=<HOSTNAME> API_ENDPOINT=<REGION>.security-compliance-secure.cloud.ibm.com ACCESS_KEY=<ACCESS KEY>'

    Where:

    • HOSTNAME: it will be used for showing results and your server in Inventory.
    • REGION: depending on the region your have deployed Workload Protection. Check step 2.
    • ACCESS KEY: from step 1.

    An example would be: startsrc -s kspm_analyzer -e 'NODE_NAME=myhostname API_ENDPOINT=us-east.security-compliance-secure.cloud.ibm.com ACCESS_KEY=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'

  7. Configure the service to run during startup (inittab):

    mkitab "fkcmd:2:respawn:startsrc -s kspm_analyzer -e 'NODE_NAME=<HOSTNAME> API_ENDPOINT=<REGION>.security-compliance-secure.cloud.ibm.com ACCESS_KEY=<ACCESSKEY>'"

  8. Verify the service is running by checking the logs under /tmp/kspm-analyzer.log.

Applying CIS benchmark for AIX to your server

IBM Cloud® Security and Compliance Center Workload Protection provides the CIS benchmarks for AIX as posture policies. Follow these steps to find the AIX policies and assign them to your hosts.