Hi Friends:
Before to use BigFix, the AIX administrators team has been using manually patch, but in their experience they have found steps with the AIX OpenSSH patch:
- Servers with settings in UsePAM yes
With this setting, after restart the service, their users couldn’t log on into the servers. - Have an open session.
- Restart the service (for apply the patch).
Now, we would like to apply the patch through Bigfix:
http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq?mode=18&ID=4419&myns=pwraix61&mync=E
AIX OpenSSH vulnerability CVE-2015-5352
In the IBM web, it said about the patch:
Reboot required? NO
Workarounds? NO
Protected by FPM? NO
Protected by SED? NO
Do we need to take careful with the “UsePAM yes” setting? If it is necessary, is there an “analysis” for found the servers with that configuration?
Do we need to have an open session?
Do we need to restart the service after the patch?
Many thanks for your answers.
Regards
Hectorio