Scenario: You have one Oracle database with 3 different SID for different purposes: DR (disaster recovery), UAT (User Acceptance Testing) and SIT (System Integration Testing). You are tasked to configure the Database to open one port for each of the SID to control access. Piece of cake, you will only need to edit two oracle configuration files to achieve it. Read the rest of this entry »

Scenario: Your AIX server has OpenSSH installed and sFTP configured. How do you restrict sFTP users from accessing other shells (like ksh, bash, csh, scp, ftp, etc)? How do you prevent them from traversing through your directories and potentially doing all sorts of damage?

The answer: Set up rssh with chroot jail. Restricted shell (rssh) is a replacement for the standard shell (in AIX’s case, ksh) to be used with OpenSSH that lets you restrict shell access to only sftp and scp. It supports chroot jail which is a method to sandbox users and programs in a specific directory. Read the rest of this entry »