IBM AIX Collections
AIR supports the following IBM AIX Evidence and Artifacts
IBM AIX Evidence List
1 | System | Cron Jobs | Collect cron jobs |
2 | System | ULimit Information | Collect ulimit information |
3 | Disk | Mounts | Collect mounts |
4 | File System | File System Enumeration | Dump file and folder information. |
5 | Processes | Processes | Collect process list |
6 | Users | User Groups | Collect user group list |
7 | Users | Users | Collect user list |
8 | SSH | SSH Known Hosts | Collect SSH known hosts |
9 | SSH | SSH Authorized Keys | Collect SSH authorized keys |
10 | SSH | SSH Configs | Collect SSH configurations |
11 | SSH | SSHD Configs | Collect SSHD configurations |
12 | Network | Hosts | Collect hosts |
13 | Network | DNS Resolvers | Collect DNS resolvers |
14 | Other Evidence | YUM Sources | Collect YUM sources |
15 | Other Evidence | YUM History | Collect YUM history |
16 | Other Evidence | SUID Binaries | Collect SUID binaries |
17 | Other Evidence | Shell History | Collect shell history |
18 | Other Evidence | System Artifacts | Collect system artifacts (Files of collected evidence. For example: /etc/passwd file) |
19 | Other Evidence | Log Files | Collect log files under /var/log/ |
IBM AIX Artifact List
1 | Server | MySQL Logs | Collect MySQL Logs |
2 | Server | SSH Server Logs | Collect SSH Server Logs |
3 | Server | DHCP Server Logs | Collect DHCP Server Logs |
4 | System | System Logs | Collect System Logs |
5 | System | Auth Logs | Collect Auth Logs |
6 | System | Boot Logs | Collect Boot Logs |
7 | System | Mail Logs | Collect Mail Logs |
Last updated