  ù 7 8ISO8859-1                 h  .  {  7  ª  $  â  P    d  X  .  ½  e  ì 	 c  R 
 :  ¶  N  ñ  A  @  t  ‚    $  ÷  i     † À  œ }  ]      Û  F  è    /  #  B  |  f    1  ã S    <   i    =   ¦ ù   ä  D  "Þ  ó  ##      $    $2  :  $Ã  C  $þ  <  %B  8  %  8  %¸      %ñ  ,  &  $  &/  %  &T  	  &z    &„    &—  &  &­ 	 .  &Ô 
 &  '  1  '*  /  '\  /  'Œ  ,  '¼  .  'é  #  (    (<    (X  !  (t  "  (–      (¹  0  (Î  0  (ÿ  :  )0 	   /  )k  ƒ  )›  õ  * 
     +  =  +, O  +j    ,º  <  -X  ¶  -• X  .L  ‚  /¥ 	   0( 
 Ò  0¨ X  1{  7  2Ô  5  3  Z  3B   3  •  4·    5M .  5Í  F  6ü ã  7C    V  9'  Š  9~  ò  :	  P    :ü  +  ;  (  ;:  .  ;c  (  ;’    ;»  6  ;Û  :  < 	 e  <M 
 O  <³  *  =  <  =.  0  =k  1  =œ  4  =Î  p  >  ]  >t  ‘  >Ò  K  ?d  8  ?°  )  ?é  c  @  .  @w  R  @¦  ?  @ù  L  A9  *  A†  J  A±  =  Aü  J  B:    B…   K  Bœ ! ~  Bè " I  Cg # 1  C± $ g  Cã % R  DK & ;  Dž ' O  DÚ ( S  E* ) f  E~ * )  Eå + W  F , c  Fg - c  FË . V  G/ / V  G† 0 $  GÝ 1 K  H 2 C  HN 3 a  H’ 4 E  Hô 5 X  I: 6 -  I“ 7 W  IÁ 8 D  J 9 ;  J^ : T  Jš ; @  Jï < \  K0 = U  K > 4  Kã ? Z  L @ P  Ls A )  LÄ B P  Lî C   M? D 1  M\ E 1  MŽ F 8  MÀ G 0  Mù H *  N* I j  NU J 2  NÀ K G  Nó L G  O; M M  Oƒ N E  OÑ O E  P P U  P]  #  "  P³ Ó  PÖ  ù  Rª    S¤  P  S¾  P  T  <  T`  <  T 	 -  TÚ 
 -  U  Y  U6  ¦  U  ²  V7 9  Vê  Ú  X$  °  Xÿ  ¸  Y° K  Zi  ß  [µ  Ø  \•  Ã  ]n F  ^2  î  _y  º  `h  Ì  a#  Ò  að  S  bÃ  Q  c  X  ci    cÂ  ’  dÃ   O  eV ! ”  e¦ " m  f; # £  f©      gM  V  ga    g¸    gØ    gø    h    5  h8  B  hn  %  h± ,  h×  8  j  ,  j=  .  jj  '  j™ 	 %  jÁ 
 L  jç  @  k4  A  ku  k  k·  `  l#  K  l„  I  lÐ  p  m  d  m‹  e  mð    nV  „  næ    !  ok S  o    pá    p÷  
    q	  K  q  ¡  qe    r    r    r5  "  rG    rj 	 )  r‚ 
 c  r¬      s Ÿ  s-  #  tÍ  *  tñ  6  u  '  uS  L  u{  =  uÈ 	   v 
 +  v&  )  vR  /  v|  *  v¬  E  v×  6  w  5  wT    wŠ  )  w¢    6  wÌ  Ÿ  x    x£    x´    '  xÑ A  xù   z;      {Ì  (  {Û    $  | q  |)    }›  $  }¬      }Ñ  M  }æ  ]  ~4  ?  ~’  ;  ~Ò  E    o  T  T  Ä 	 4  € 
 K  €N  ”  €š  ?  /  9  o  A  ©  <  ë  :  ‚(  *  ‚c  @  ‚Ž  @  ‚Ï  l  ƒ  0  ƒ}  K  ƒ®  x  ƒú      „s  +  „ƒ  Z  „¯  Û  …
  @  …æ  M  †'    7  †u )  †­  g  Š×  ›  ‹? `  ‹Û  ”  <  ]  Ñ  a  Ž/ 	   Ž‘ 
 .  Ž¨  »  Ž×  t  “  B    p  K  1  *  ¼  N  ç  (  ‘6  (  ‘_    ‘ˆ  6  ‘¨  :  ‘ß  O  ’ 	 p  ’j 
 ‘  ’Û  K  “m  )  “¹  c  “ã  .  ”G  R  ”v  L  ”É  *  •  J  •A  =  •Œ  J  •Ê  K  –  ~  –a  I  –à  1  —*  g  —\  R  —Ä  O  ˜  S  ˜g  f  ˜»  )  ™"  W  ™L   c  ™¤ ! V  š " $  š_ # C  š„ $ a  šÈ % X  ›* & -  ›ƒ ' W  ›± ( ;  œ	 ) T  œE * \  œš + U  œ÷ , 4  M - Z  ‚ . )  Ý / P  ž 0   žX 1 1  žu  1  -  ž§  K  žÕ  (  Ÿ!  (  ŸJ    Ÿs  6  Ÿ“  :  ŸÊ  O    	 p   U 
 ‘   Æ  K  ¡X  )  ¡¤  c  ¡Î  .  ¢2  R  ¢a  L  ¢´  *  £  J  £,  =  £w  J  £µ  K  ¤   ~  ¤L  I  ¤Ë  1  ¥  g  ¥G  R  ¥¯  O  ¦  S  ¦R  f  ¦¦  )  §  W  §7   c  § ! V  §ó " $  ¨J # C  ¨o $ a  ¨³ % X  © & -  ©n ' W  ©œ ( ;  ©ô ) T  ª0 * \  ª… + U  ªâ , 4  «8 - Z  «m . )  «È / P  «ò 0   ¬C 1 1  ¬`    \  ¬’  q  ¬ï    ­a    ­}    ­‰      ­•  +  ­¥      ­Ñ  j  ­ã  $  ®N  $  ®s  %  ®˜  Z  ®¾    ¯  )  ¯9 	 ,  ¯c 
 &  ¯  .  ¯·  +  ¯æ  4  °  1  °G  '  °y    °¡  !  °À  .  °â       ±  J  ±#  2  ±n  -  ±¡ ! 	    ±Ï  )  ±Ý    ²    ²"    ²A    ²`  "  ²     ²¢ 	    ²Ã "   5  ²ä ³  ³  H  ´Î  x  µ #   4  µ   µÅ  G  ¶Ô  w  · $   2  ·”  w  ·Ç  v  ¸? %   3  ¸¶ B  ¸ê  6  º-  V  ºd  j  º»  j  »&  k  »‘  E  »ý 	 K  ¼C 
   ¼  /  ½  2  ½?  4  ½r  T  ½§  r  ½ü  ¹  ¾o  _  ¿)  ^  ¿‰  Y  ¿è  ^  ÀB  5  À¡  :  À×  i  Á &     Á|  )  ÁŒ    Á¶    Á¾    ÁÆ    ÁÎ '   '  ÁÖ 4  Áþ  :  Ã3  ³  Ãn (   m  Ä" L  Ä  	  ÆÝ  	  Æç    Æñ )     Æþ  +  Ç *     Ç<  -  ÇN    Ç|    Çœ    Ç»    ÇÎ  &  Çß    È 	   È 
   È*  &  È:    Èa    Èt    È…    È•     È¦    È§    È¸    È¿    ÈÛ    Èî    Èÿ    É  &  É,    ÉS    Éc +     É  -  É‘  F  É¿    Ê ,     Ê  2  Ê%  ^  ÊX -   M  Ê·  M  Ë .     ËS  @  Ëe  v  Ë¦  F  Ì /     Ìd  2  Ì}  ±  Ì°  O  Íb  O  Í²  b  Î  c  Îe  m  ÎÉ 0   1  Ï7  ö  Ïi  6  Ð`  R  Ð—  S  Ðê  T  Ñ>  R  Ñ“  Y  Ñæ 	 9  Ò@ 
 7  Òz    Ò²  j  ÒÉ  h  Ó4 $  Ó   ÔÂ  c  ÕÜ 1   7  Ö@ D  Öx  $  ×½ 2 
    ×â  3  ×ù  #  Ø-    ØQ  %  Øp    Ø–    Ø¬    Ø¾ 	   ØÔ 
   Øà 3     Øï  (  Øþ    Ù' 4   6  Ù/  ®  Ùf  /  Ú 5     ÚE  +  ÚW    Úƒ    Ú™    Úµ    ÚÈ    ÚÛ    Úî 	   Û 
 '  Û    ÛF 6 	    ÛN  ,  Ûa    ÛŽ    Û¤    ÛÀ    ÛÒ  #  Ûä  &  Ü 	   Ü/ 7 	    Ü7  @  ÜP    Ü‘    Ü§    ÜÃ    ÜÒ    Üâ    Üô 	   Ý 8     Ý  *  Ý    ÝJ    Ýj    ÝŠ    Ýž    Ý¯acctctl parameters Parameter definition for the 'acctctl' command Start and stop advanced accounting if it is not running Starts or stops advanced Accounting. Manages the transactions to control the type of accounting data that is produced Enable or disable e-mail notifications. Mail must be configured for e-mail notification to function. Sets the e-mail address for the notifications. Enables process interval accounting every n minutes or disables process interval accounting entirely. Enables system interval accounting every n minutes or disables system interval accounting entirely. Enables or disables system-wide aggregation for processes. Enables or disables system-wide aggregation for third party kernel extensions. Enables or disables system-wide aggregation for ARM transactions. Enables or disables the accounting based on Scaled Performance Utilization Resources Register (SPURR) in turbo mode. System security level configuration. The aixpert command sets a variety of system configuration settings to enable the desired security level. The following coarse-grain security settings are available:
High Level Security.
Medium Level Security.
Low Level Security.
Default Security: Original system default security.
SOX-COBIT Best Practices Security: Commonly accepted security configuration for SOX-COBIT compliance. The following coarse-grain security settings are available:
High Level Security.
Medium Level Security.
Low Level Security.
Default Security: Original system default security.
SOX-COBIT Best Practices Security: Commonly accepted security configuration for SOX-COBIT compliance.
DoD - U.S. Department of defence profile.
PCI - Payment Card Industry Data Security Standard profile.
Hipaa - Health Insurance Portability and Accountability Act profile. The following coarse-grain security settings are available:
High Level Security.
Medium Level Security.
Low Level Security.
Default Security: Original system default security.
SOX-COBIT Best Practices Security: Commonly accepted security configuration for SOX-COBIT compliance.
DoD - U.S. Department of defense profile.
DoDv2 - U.S. Department of defense profile version 2.0.
PCI - Payment Card Industry Data Security Standard profile.
PCIv3 - Payment Card Industry Data Security Standard profile version 3.0.
Hipaa - Health Insurance Portability and Accountability Act profile.
NERC - North American Electric Reliability CIP Compliance. alog Command Creates and maintains fixed-size log files created from standard input Name of a log file Size limit of the log file in bytes Verbosity attribute for LogType defined in the alog configuration database. Verbosity attribute can have a value from 0 to 9 Configured authentication methods for the system. The chauthent command sets the desired configuration based on the flags the user sets. The authentication methods are set in the order in which the flags are given to the command. If none of the flags are set, then the rcmds will be disabled from functioning. If the -std flag is set, it must be the last flag set or the command will fail. Authentication method (Standard Aix, Kerberos 4, Kerberos 5) RBAC (Role-Based Access Control) user-defined Authorizations. The operating system uses authorization strings to determine eligibility before performing a privileged operation. Related checks can be performed from within the code explicitly or can be done by the loader when running protected privileged executables.
In addition to system-defined and non-modifiable authorizations, RBAC allows system administrators to define their own custom authorizations in the authorization database (/etc/security/authorizations). These are known as user-defined authorizations. Send the authorizations database to the KST (Kernel Security Tables) The /etc/security/authorizations file stores the list of valid, user-defined authorizations available on a system. An authorization administrator can modify user-defined authorizations. System-defined authorizations do not appear in this file. System console parameters. The chcons command changes the system console effective on the next system startup. The current operation of the system console is not affected. Redirects the system console to a specified device or file Specifies the full path name to use for the console output log file Specifies the size, in bytes, of the console output log file Specifies the verbosity level for console output logging Specifies the verbosity level for console output tagging chdev parameters Parameter definition for the 'chdev' command Enable SW distribution of interrupts Automatically REBOOT OS after a crash CPU Guard Enhanced RBAC Mode Enable full CORE dump Continuously maintain DISK I/O history Log predictive memory page deallocation events Maximum login name length at boot time Maximum number of pages in block I/O BUFFER CACHE Maximum Kbytes of real memory allowed for MBUFS HIGH water mark for pending write I/Os per file Maximum number of PROCESSES allowed per user LOW water mark for pending write I/Os per file ARG/ENV list size in 4K byte blocks NFS4 ACL Compatibility Mode Use pre-430 style CORE dump Pre-520 tuning compatibility mode Stack Execution Disable (SED) Mode chlicense parameters Parameter definition for the 'chlicense' command Changes the number of fixed licenses on a system Changes the status of the floating licensing of the system Changes the contents of the /etc/services file. Changes the contents of the /etc/services file: the chservices command adds, deletes, or changes entries in the /etc/services file. The entries in the /etc/services file are related to known services used in the DARPA Internet and also related to information used by the inetd server. The entries for the inetd server determine how the system handles Internet service requests. subsystems definitions Changes a subsystem definition in the subsystem object class. Specifies any arguments that must be passed to the program executed as the subsystem. These command Arguments are passed by the SRC to the subsystem according to the same rules used by the shell. Quoted strings are passed as a single argument, and blanks outside a quoted string delimit arguments. Single and double quotes can be used. Specifies if an inactive subsystem is displayed or not when the lssrc -a command request (status all) or the lssrc -g command request (status group) is made. Specifies where the subsystem standard error data is placed. Specifies the Nice value. The Nice parameter changes the execution priority of the subsystem. The valid values are 0 through 39 (ordinary Nice values mapped to all positive numbers). Specifies the signal sent to the subsystem when a forced stop of the subsystem is requested. Use only when the subsystem uses signals for communication. The chssys command is unsuccessful if the StopForce parameter specifies an invalid signal. If you set this parameter, you must also set StopNormal and set the communication method to signals. Specifies that the subsystem belongs to the group specified by the Group parameter and responds to all group actions on the group. Specifies where the subsystem StandardInput is routed. This field is ignored when the subsystem uses sockets for communication. Specifies the MessageMtype key that the subsystem expects on packets sent to the subsystem by the SRC. Use only when the subsystem uses message queues for communication. The MessageMtype must be greater than 0. Specifies the signal sent to the subsystem when a normal stop of the subsystem is requested. Use only when the subsystem uses signals for communication. The chssys command is unsuccessful if the StopNormal parameter specifies an invalid signal. If you set this parameter, you must also set StopForce and set the communication method to signals. Specifies where the subsystem StandardOutput is placed. Specifies the absolute Path to the subsystem program. Specifies if the subsystem can or cannot have multiple instances running at the same time. Specifies the new name that uniquely identifies the subsystem. Any subservers or notify methods defined for the old subsystem's name are redefined for the NewSubsystem name. The chssys command is unsuccessful if the NewSubsystem name is already known in the subsystem object class. Specifies an alternate name for the subsystem. The chssys command is unsuccessful if the Synonym name is already known in the subsystem object class. Specifies the user ID for the subsystem. The UserID that creates the subsystem is used for security auditing of that subsystem. Specifies the time, in seconds, allowed to elapse between a stop cancel (SIGTERM) signal and a subsequent SIGKILL signal. Also used as the time limit for restart actions. If the subsystem stops abnormally more than twice in the time limit specified by the Wait value, it is not automatically restarted. Specifies if the subsystem is restarted or not if it stops abnormally. Specifies if the subsystem uses sockets, signals or a message queue as its communication method. You cannot define subservers for the subsystem name when your communication method is signals. If a subserver is defined for the subsystem, the subserver definitions are deleted from the subserver object class. When using signals, you must set StopForce and StopNormal. When using message queue, you must set MessageType. Possible values are 'sockets', 'signals' or a message queue key. Changes the contents of the /etc/inetd.conf file or similar system configuration file. Adds, deletes, or changes entries in the /etc/inetd.conf system configuration file, which is the default, or a similar configuration file. The entries in the /etc/inetd.conf are related to known services used in the DARPA Internet and also related to information used by the inetd server. The entries for the inetd server determine how the system handles Internet service requests. chuser parameters Parameter definition for the chuser command Indicates if the user account is locked. Defines the administrative status of the user. Lists the groups the user administrates. Lists the user's audit classes. Lists the primary methods for authenticating the user. Lists the secondary methods used to authenticate the user. Defines the system privileges (capabilities) which are granted to a user by the login or su commands. Specifies the soft limit for the largest core file a user's process can create. Enables or disables core file compression. Specifies the largest core file a user's process can create. Selects a choice of core file naming strategies. Enables or disables core file path specification. Specifies a location to be used to place core files. Identifies the soft limit for the largest amount of system unit time (in seconds) that a user's process can use. Identifies the largest amount of system unit time (in seconds) that a user's process can use. Indicates whether the user specified by the Name parameter can run programs using the cron daemon or the src (system resource controller) daemon. Specifies the soft limit for the largest data segment for a user's process. Specifies the largest data segment for a user's process. Specifies the default roles for the user. Defines the password dictionaries used by the composition restrictions when checking new passwords. Identifies the expiration date of the account. Defines the soft limit for the largest file a user's process can create or extend. Defines the largest file a user's process can create or extend. Supplies general information about the user specified by the Name parameter. Identifies the groups the user belongs to. Defines the period of time (in weeks) that a user cannot reuse a password. Defines the number of previous passwords a user cannot reuse. Identifies the home directory of the user specified by the Name parameter. Specifies the user ID. Indicates whether the user can log in to the system with the login command. Defines the number of unsuccessful login attempts allowed after the last successful login before the system locks the account. Defines the days and times that the user is allowed to access the system. Defines the maximum age (in weeks) of a password. Defines the maximum time (in weeks) beyond the maxage value that a user can change an expired password. Defines the maximum number of times a character can be repeated in a new password. Specifies the maximum number of concurrent logins per user. Defines the minimum age (in weeks) a password must be before it can be changed. Defines the minimum number of alphabetic characters that must be in a new password. Defines the minimum number of characters required in a new password that were not in the old password. Defines the minimum length of a password. Defines the minimum number of non-alphabetic characters that must be in a new password. Defines the soft limit for the number of file descriptors a user process may have open at one time. Defines the hard limit for the number of file descriptors a user process may have open at one time. Defines the soft limit on the number of processes a user can have running at one time. Defines the hard limit on the number of processes a user can have running at one time. Identifies the user's primary group. Defines the list of projects to which the user's processes can be assigned. Defines the password restriction methods enforced on new passwords. Defines the number of days before the system issues a warning that a password change is required. Controls the remote execution of the r-commands (rsh, rexec, and rcp) Permits access to the account from a remote location with the telnet or rlogin commands. Lists the administrative roles for this user. The soft limit for the largest amount of physical memory a user's process can allocate. The largest amount of physical memory a user's process can allocate. Defines the program run for the user at session initiation. Specifies the soft limit for the largest process stack segment for a user's process. Specifies the largest process stack segment of a user's process. Indicates whether another user can switch to the specified user account with the su command. Lists the groups that can use the su command to switch to the specified user account. Identifies the system-state (protected) environment. Specifies the soft limit for the largest number of threads that a user process can create. Specifies the largest possible number of threads that a user process can create. Indicates the user's trusted path status. Lists the terminals that can access the account specified by the Name parameter. Determines file permissions. Defines the user-state (unprotected) environment. Specifies the database type of the user keystore. Represents the database type for the efs_admin keystore. Specifies the initial mode of the user keystore. Specifies whether the mode can be changed. Specifies the algorithm that is used to generate the private key of the user during the keystore creation. Specifies the encryption algorithm for user files. Defines the minimum sensitivity-clearance level that the user can have. Defines the maximum sensitivity-clearance level that the user can have. Defines the default sensitivity level that the user is assigned during login. Defines the minimum integrity clearance level that the user can have. Defines the maximum integrity clearance level that the user can have. Defines the default integrity clearance level that the user is assigned during login. Workload Management (WLM) classes. WLM classes and their set of attributes and resource limits.
The processes are assigned to classes based on criteria provided by the system administrator. The resource entitlements and limits are enforced at the class level. This method of defining classes of service and regulating the resource utilization of each class of applications prevents applications with very different resource use patterns from interfering with each other when they share a single server. Updates the WLM. A single update operation can change the attributes, limits and shares of existing classes. If the running configuration is a set, this operation refreshes the set description along with the content of all configurations of the set. Description of the class. A number between 0 and 9 used to prioritize resource allocation between classes. Specifies whether a child process inherits the class assignment from its parent. Delegates the right to manually assign a process to a class. Delegates the right to manually assign a process to a class. Delegates the administration of a superclass. Delegates the administration of a superclass. Limits the set of resources a given class has access to in terms of CPUs (processor set). The CPU consumption shares for a class represent how much total CPU cycles all the threads belonging to a class should get, relative to the other classes in its tier. Minimum amount of CPU that should be made available to the class. If the actual class consumption is below this value, the class will be given highest priority access to the CPU. Maximum amount of CPU that a class can consume when there is contention for CPU. If the class consumption exceeds this value, the class will be given the lowest priority in its tier. If there is no contention for CPU (from other classes in the same tier), the class will be allowed to consume as much as it wants. Maximum amount of CPU that a class can consume, even when there is no contention. If
the class reaches this limit, it will not be allowed to consume any more CPU until its consumption p
ercentage falls below the limit. The physical memory utilization shares for a class represent how much memory pages all the processes belonging to a class should get, relative to the other classes in its tier. Minimum amount of memory that should be made available to the class. If the actual class consumption is below this value, the class will be given highest priority access to the memory. Maximum amount of memory that a class can consume when there is contention for memory. If the class consumption exceeds this value, the class will be given the lowest priority in its tier. If there is no contention for memory resource (from other classes in the same tier), the class will be allowed to consume as much as it wants. Maximum amount of memory that a class can consume, even when there is no contention. If the class reaches this limit, it will not be allowed to consume any more memory until its consumption percentage falls below the limit. The disk I/O bandwidth shares for a class represent how much bandwidth on each disk device accessed by the class the I/Os started by threads belonging to a class should get, relative to the other classes in its tier. Minimum amount of disk I/O bandwidth that should be made available to the class. If the actual class consumption is below this value, the class will be given highest priority access to
bandwidth. Maximum amount of disk I/O bandwidth that a class can consume when there is contention. If the class consumption exceeds this value, the class will be given the lowest priority in its tier. If there is no contention for bandwidth (from other classes in the same tier), the class will be allowed to consume as much as it wants. Maximum amount of disk I/O bandwidth that a class can consume, even when there is no contention. If the class reaches this limit, it will not be allowed to consume any more bandwidth until its consumption percentage falls below the limit. Cumulative total amount of CPU that can be consumed during the lifetime of any individual process belonging to the class. Once the process exceeds this amount, the process is terminated. Cumulative total amount of blocks of disk I/O that can be transmitted during the lifetime of any individual process belonging to the class. Once the process exceeds this amount, the process is terminated. Cumulative total amount of connect time by a login session that can be used during the lifetime of any individual process belonging to the class. Once the process exceeds this amount, the process is terminated. Maximum absolute number of processes that can exist in a class at any given moment. Maximum absolute number of threads that can exist in a class at any given moment. Maximum absolute number of login sessions that can exist in a class at any given moment. Total amount of virtual memory that the processes belonging to a class can use. In the case where this amount is exceeded, either all the processes in the class or only the offending process is terminated, depending on the value of the vmenforce parameter. Total amount of virtual memory that a processe belonging to a class can use. In the case where this amount is exceeded, the process is terminated. Prevents memory segments belonging to one class from migrating to Shared class. Indicates whether to kill all processes in a class ("class"), or only the offending process ("proc"), when a class reaches its virtual memory limit. Deletes the shared memory segments if the last referencing process is killed due to the virtual memory limit. Specifies the priority assigned to I/O requests issued by the threads classified to the class. This priority is used to prioritize I/O buffers at the device level. Core file settings. Core file settings can either be set for a specific user, or for the system's defaults Setting for core file location. Setting for core file location. Setting for core file location. Setting for core file location. Specifies whether dump legacy components are enabled. Specifies the system dump level using a decimal value from 0 to 9. Specifies a copy directory path name. If a dump must be copied from paging space at boot time, and there is not enough space in the copy directory, you are prompted to copy the dump to removable media if the forcecopy value is yes. If the value is no, the dump is not copied and the system boots normally, although the dump might be lost. Specifies whether the key sequences always cause a dump. Specifies the primary dump device path name. Specifies the secondary dump device path name. Specifies whether live dump is enabled. Specifies a live dump directory name. Specifies live dump free space threshold using a decimal value from 0 to 99. Specifies the live dump level using a decimal value from 0 to 9. Specifies live dump heap size using a decimal value in megabytes. Specifies duplicate dump suppression type. The following are the possible values: * all * pre * post * none Specifies the maximum recommended system freeze interval using a decimal number in milliseconds. Live kernel update custom parameter Specifies whether live dump is enabled. Live kernel update custom parameter Specifies a live dump directory name. Live kernel update custom parameter Specifies live dump free space threshold using a decimal value from 0 to 99. Live kernel update custom parameter Specifies the live dump level using a decimal value from 0 to 9. Live kernel update custom parameter Specifies live dump heap size using a decimal value in megabytes. Live kernel update custom parameter Specifies duplicate dump suppression type. The following are the possible values: * all * pre * post * none Live kernel update custom parameter Specifies the maximum recommended system freeze interval using a decimal number in milliseconds. Handling of environment variables This catalog allows to get and modify environment variables existing in the /etc/environment profile (as individual variables), and of the file /etc/profile taken as a whole. The new environement variables will be taken into account at next reboot, or if the user re-executes the file in his session (. /etc/environment and . /etc/profile) /etc/environment file /etc/profile file errdemon Daemon Starts error logging daemon (errdemon) and writes entries to the error log. Uses the error log file specified by the File variable. The specified file name is saved in the error log configuration database and is immediately put into use. Log size in bytes Memory buffer size in bytes Duplicate Removal Duplicate Interval in milliseconds Duplicate Error Maximum Enablement of the pureScale error logging Name of the log stream (the object that contains the centralized logs) within the pureScale service Enterprise Workload Manager. Enterprise Workload Manager (EWLM) is a robust performance management tool that allows you to monitor and manage work that runs within your environment. EWLM is robust in that it allows you to define specific performance goals. In addition, EWLM allows you to monitor application-level transactions separate from operating system processes. Furthermore, EWLM allows you to assign performance goals to specific work. Enablement of EWLM management tool. Maximum number of registered applications. Maximum number of registered applications per process. Maximum number of started applications. Maximum number of started applications instances per registered application. Maximum number of started applications instances per process. Maximum number of transactions. Maximum number of transactions per process. Maximum number of blocks per transaction. Maximum number of bind threads per transaction. Maximum number of registered transactions. Maximum number of registered transactions per registered application. Maximum number of registered transactions per process. Maximum amount of memory available for EWLM services. Completion buffer size. Priority of the managed server component. First Failure Data Capture (FFDC) features management. The First Failure Data Captures features include the following:
Lightweight Memory Trace (LMT).
Run-time Error Checking (RTEC).
Component Trace (CT).
Live Dump Bosboot required Enablement of FFDC features. Definition of IP Security filter rules. Network traffic will be filtered through the filter rules list from top (rule # 0) to bottom, and the first matching rule will determine what tunnel, if any, the network traffic will use. Filtering can also be used without tunnels, to deny or permit traffic on specific criteria such as IP address, protocol or interface. The IP filter rules table contains the list of predefined and manual filter rules. A collection of rules determine what packets are accepted in and out of the machine and how they are directed. Filter rules can control many aspects of communications, including source and destination addresses and masks, protocol, port number, direction, fragment control, source routing, tunnel, and interface type. ioo parameters Parameter definition for the ioo command Management of Kernel Recovery state. The kernel may optionally recover from errors in selected routines, avoiding an unplanned system outage. The system might pause for a short time (generally less than two seconds) before a kernel recovery action. Immediately after a kernel recovery action, the system console displays a warning message; an entry is added to the error log; and AIX generates a live dump. Bosboot required Enablement of Kernel Recovery State. login.cfg parameters Parameter definition for the /etc/security/login.cfg file using chsec command Specifies the initial message to be printed out when getty or login prompts for a login name. Defines the login message printed after a failed login attempt. The delay (in seconds) between unsuccessful login attempts. The number of unsuccessful login attempts before this port is locked. The number of seconds during which logindisable unsuccessful login attempts must occur for a port to be locked. The number of minutes after a port is locked that it will be automatically unlocked. Defines the times a user can use this port to login. Defines the password prompt message printed when requesting password input. Defines whether users are allowed to access the trusted path through this port through the use of the secure attention key sequence (ctrl-x ctrl-r). Defines the set of ports which are synonyms for the given port. Defines whether the user name should be echoed on a port. Defines the minimum sensitivity level (SL) assigned to this port. Defines the maximum sensitivity level assigned to this port. Defines the integrity level that is assigned to this port. The list of valid login shells for a user. The maximum number of simultaneous logins allowed on the system. The number of seconds the user is given to enter their password. Determines whether PAM or the standard UNIX authentication mechanism will be used by PAM-aware applications. The maximum number of roles allowed per session. Defines the loadable password algorithm to use when storing user passwords. Defines the system configuration for resolving ID collision for creating/modifying user/group accounts among registries. lvmo parameters Parameter definition for the 'lvmo' command The number of pbufs that will be added when a physical volume is added to the volume group The maximum number of pbufs that can be allocated for the volume group. This parameter does not affect the rootvg volume group. The volume group must be varied off and varied on again for the value change to take effect The current total number of pbufs available for the volume group The maximum number of pbufs that can be allocated for the rootvg volume group Sets the required values for starting TCP/IP on a host. The mktcpip command sets the required minimal values required for using TCP/IP on a host machine. These values are written to the configuration database.
       Note: The mktcpip command currently supports IPv4 only.

       The basic functions of the mktcpip command include:
       *    Setting the host name in both the configuration database and the running machine.
       *    Setting the IP address of the interface in the configuration database.
       *    Making entries in the /etc/hosts file for the host name and IP address.
       *    Setting the domain name and IP address of the nameserver, if applicable.
       *    Setting the subnetwork mask, if applicable.
       *    Adding a static route to both the configuration database and the running machine, if applicable.
       *    Starting the specified TCP/IP daemons.

       You can use the Network application in Web-based System Manager (wsm) to change network characteristics. You could also use the System Management
       Interface Tool (SMIT) smit mktcpip fast path to run this command. The name of the host. If using a domain naming system, the domain and any subdomains must be specified. The Internet address of the host. Specify the address in dotted decimal notation. Each network interface on the host should have a unique Internet address. Specifies the mask the gateway should use in determining the appropriate subnetwork for routing. The subnet mask is a set of 4 bytes, as in the Internet address. The subnet mask consists of high bits (1s) corresponding to the bit positions of the network and subnetwork address, and low bits (0s) corresponding to the bit positions of the host address. Specifies the Internet address of the name server the host uses for name resolution, if applicable. The address should be entered in dotted decimal. Specifies the domain name of the name server the host should use for name resolution, if any. The default gateway address to the routing table. Specify the address in dotted decimal notation. Cost for default route Active dead gateway detection on default route Specifies cable size for Standard Ethernet or IEEE 802.3 Ethernet networks. Valid values for the CableType variable are dix for thick cable, bnc for thin cable, or N/A for Not Applicable. Specifies the ring speed for a token-ring adapter. Valid values for the RingSpeed variable are either 4- or 16-Mbps. Specifies the subchannel address for a System/370 channel adapter. The destination address for a static route. Specify the address in dotted decimal notation. Routes can be viewed mkuser.default parameters for admin stanza Describes the default parameters when creating a user with the admin property. Indicates if the user account is locked. Lists the groups the user administrates. Lists the user's audit classes. Lists the primary methods for authenticating the user. Lists the secondary methods used to authenticate the user. Specifies the soft limit for the largest core file a user's process can create. Identifies the soft limit for the largest amount of system unit time (in seconds) that a user's process can use. Indicates whether the user specified by the Name parameter can run programs using the cron daemon or the src (system resource controller) daemon. Specifies the soft limit for the largest data segment for a user's process. Specifies the default roles for the user. Defines the password dictionaries used by the composition restrictions when checking new passwords. Identifies the expiration date of the account. Defines the soft limit for the largest file a user's process can create or extend. Supplies general information about the user specified by the Name parameter. Identifies the groups the user belongs to. Defines the period of time (in weeks) that a user cannot reuse a password. Defines the number of previous passwords a user cannot reuse. Identifies the home directory of the user specified by the Name parameter. Indicates whether the user can log in to the system with the login command. Defines the number of unsuccessful login attempts allowed after the last successful login before the system locks the account. Defines the days and times that the user is allowed to access the system. Defines the maximum age (in weeks) of a password. Defines the maximum time (in weeks) beyond the maxage value that a user can change an expired password. Defines the maximum number of times a character can be repeated in a new password. Defines the minimum age (in weeks) a password must be before it can be changed. Defines the minimum number of alphabetic characters that must be in a new password. Defines the minimum number of characters required in a new password that were not in the old password. Defines the minimum length of a password. Defines the minimum number of non-alphabetic characters that must be in a new password. Defines the soft limit for the number of file descriptors a user process may have open at one time. Defines the soft limit on the number of processes a user can have running at one time. Identifies the user's primary group. Defines the password restriction methods enforced on new passwords. Defines the number of days before the system issues a warning that a password change is required. Permits access to the account from a remote location with the telnet or rlogin commands. Lists the administrative roles for this user. The soft limit for the largest amount of physical memory a user's process can allocate. Defines the program run for the user at session initiation. Specifies the soft limit for the largest process stack segment for a user's process. Indicates whether another user can switch to the specified user account with the su command. Lists the groups that can use the su command to switch to the specified user account. Identifies the system-state (protected) environment. Specifies the soft limit for the largest number of threads that a user process can create. Indicates the user's trusted path status. Lists the terminals that can access the account specified by the Name parameter. Determines file permissions. Defines the user-state (unprotected) environment. mkuser.default parameters for the user stanza Describes the default values for parameters when creating a non-admin user. Indicates if the user account is locked. Lists the groups the user administrates. Lists the user's audit classes. Lists the primary methods for authenticating the user. Lists the secondary methods used to authenticate the user. Specifies the soft limit for the largest core file a user's process can create. Identifies the soft limit for the largest amount of system unit time (in seconds) that a user's process can use. Indicates whether the user specified by the Name parameter can run programs using the cron daemon or the src (system resource controller) daemon. Specifies the soft limit for the largest data segment for a user's process. Specifies the default roles for the user. Defines the password dictionaries used by the composition restrictions when checking new passwords. Identifies the expiration date of the account. Defines the soft limit for the largest file a user's process can create or extend. Supplies general information about the user specified by the Name parameter. Identifies the groups the user belongs to. Defines the period of time (in weeks) that a user cannot reuse a password. Defines the number of previous passwords a user cannot reuse. Identifies the home directory of the user specified by the Name parameter. Indicates whether the user can log in to the system with the login command. Defines the number of unsuccessful login attempts allowed after the last successful login before the system locks the account. Defines the days and times that the user is allowed to access the system. Defines the maximum age (in weeks) of a password. Defines the maximum time (in weeks) beyond the maxage value that a user can change an expired password. Defines the maximum number of times a character can be repeated in a new password. Defines the minimum age (in weeks) a password must be before it can be changed. Defines the minimum number of alphabetic characters that must be in a new password. Defines the minimum number of characters required in a new password that were not in the old password. Defines the minimum length of a password. Defines the minimum number of non-alphabetic characters that must be in a new password. Defines the soft limit for the number of file descriptors a user process may have open at one time. Defines the soft limit on the number of processes a user can have running at one time. Identifies the user's primary group. Defines the password restriction methods enforced on new passwords. Defines the number of days before the system issues a warning that a password change is required. Permits access to the account from a remote location with the telnet or rlogin commands. Lists the administrative roles for this user. The soft limit for the largest amount of physical memory a user's process can allocate. Defines the program run for the user at session initiation. Specifies the soft limit for the largest process stack segment for a user's process. Indicates whether another user can switch to the specified user account with the su command. Lists the groups that can use the su command to switch to the specified user account. Identifies the system-state (protected) environment. Specifies the soft limit for the largest number of threads that a user process can create. Indicates the user's trusted path status. Lists the terminals that can access the account specified by the Name parameter. Determines file permissions. Defines the user-state (unprotected) environment. Domain name server entries for local resolver routines in the system configuration database. Directly manipulates domain name server entries for local resolver routines in the system configuration database. Name servers (IP addresses) Domain name Search list nfso parameters Parameter definition for the 'nfso' command nfs configuration Configuration parameter definition for the 'chnfs', 'chnfsdom', 'chnfsim', 'chnfsrtd', 'chnfssec' commands Controls the number of biod daemons. Controls the number of nfsd daemons. Controls the number of lockd daemons. Controls (enable/disable) the enhanced security offered by RPCSEC_GSS, such as Kerberos 5. Enables/Disables NFS Version 4. Controls the NFS version 4 root location. Controls the NFS version 4 public directory. Controls the NFS version 4 lease time. Enables or disables NFS version 4 replication. Controls the NFSv4 Grace Period enablement. Controls the NFSv4 Grace Period automatic extension. Controls the NFSv4 Grace Period SS path location. Controls the NFSv4 Grace Period bypass. Local NFS domain of the system Local NFS realm-to-domain mapping Default security flavor used by the NFS client nis configuration Configuration parameters definition for the 'chypdom', 'chclient' commands Changes the current NIS domain name of the system. Changes the current NIS server of the system. no parameters Parameter definition for the 'no' command General network parameters TCP network tunable parameters UDP Network Tunable Parameters IP Network Tunable Parameters. ARP/NDP Network Tunable Parameters Stream Header Tunable Parameters Other Network Tunable Parameters RBAC (Role-Based Access Control) Privileged Commands. A privileged command is a command stored in the privileged command database. The privileged command database grants access and powers to users for commands they would not otherwise be able to run or for which they would not have the proper privilege to perform the task. The database saves the authorization information for a particular command as well as the privileges that are granted to the process if authorization checks succeed. Send the privileged command database to the KST (Kernel Security Tables) The /etc/security/privcmds file is an ASCII stanza file that contains privileged commands and their security attributes. RBAC (Role-Based Access Control) Privileged Devices. The privileged device database stores the list of privileges that are allowed to read from or write to a device. This database provides a mechanism for an administrator to further control access to a device than can be managed through traditional device access controls. Send the privileged device database to the KST (Kernel Security Tables) The /etc/security/privdevs file is an ASCII stanza file that contains privileged devices and their security attributes. RBAC (Role-Based Access Control) Privileged Files. The privileged file database provides a method to use authorizations to determine access to system configuration files. The /etc/security/privfiles file is an ASCII stanza file that contains privileged files and their security attributes. Configuration of dynamic trace sessions (ProbeVue). The ProbeVue tool analyzes the operating system and user programs by dynamically enabling the user-specified probes, starting the actions that are associated with the probes when they are triggered, and presenting the captured trace data. The ProbeVue dynamic tracing parameters and the ProbeVue sessions are configurable. Specifies whether the ProbeVue is enabled or disabled. Specifies the maximum pinned memory in MB consumable by the entire ProbeVue framework. Specifies the default size of the per-processor trace buffers in KB. This is rounded to the next 4KB page. Specifies the default period in milliseconds that the ProbeVue buffers will be read by the trace consumer. Specifies the size of the per-processor computation stack in KB. This will be rounded to the next 4KB page. Specifies the maximum concurrent sessions allowed for a regular user. Specifies the maximum pinned memory in MB consumable by a ProbeVue session. Specifies the minimum period in milliseconds that a regular user can request the trace consumer to read from its trace buffers. Specifies the size of the per-CPU local tables. Specifies the number of page faults to be handled. Specifies the number of threads that will be traced. Specifies the minimum time interval allowed for global root user in interval probes. Specifies the percentage of memory that can be allocated to the dynamic data structure for dynamic type variables. Specifies the size of network buffer used by network probe manager for BPF probe points. This buffer is used to copy the data when packet data is spanned across multiple packet buffers. Specifies the maximum probe execution time for systrace probes when fired in interrupt context. Specifies the maximum probe execution time for sysproc probes when fired in interrupt context. Specifies the maximum probe execution time for io probes when fired in interrupt context. Specifies the maximum probe execution time for network probes when fired in interrupt context. Specifies the asynchronous statistics fetch interval. Specifies that fetch statistics only in asynchronous mode. Specifies the maximum probe execution time for CPU bound interval probes when fired in interrupt context. raso parameters Parameter definition for the raso command bosboot bosboot bosboot bosboot RBAC (Role-Based Access Control) Roles. Roles are the mechanism used to assign roles to a user and to group a set of system administration tasks together. An AIX role is primarily a container for a collection of authorizations.
Assigning a role to a user allows the user to access the role and use the authorizations that are contained in the role. Send the role database to the KST (Kernel Security Tables) Roles consist of authorizations that allow a user to run functions that normally would require root-user permission. The /etc/security/roles file contains the list of valid roles. Directly manipulates entries in three separate system databases that control foreign host access to programs. The ruser low-level command adds or deletes entries in three separate system databases. Which database you are manipulating is determined by using the -p,
       -r, or -f flags. In addition, the ruser command can show one or all entries in one of the databases. Each database is a list of names. The three databases
       are as follows:
       *    /etc/ftpusers file
       *    /etc/hosts.equiv file
       *    /etc/hosts.lpd file Note: The -p and -r options can be used together to add a name to databases at the same time, but the -f option cannot be used
            with either. FTP users LPD users Remote users schedo parameters Parameter definition for the schedo command shconf parameters Parameter definition for the 'shconf' command Enable Process Priority Problem Log Error in the Error Logging Detection Time-out Process Priority Display a warning message on a console Detection Time-out Process Priority Terminal Device Launch a recovering login on a console Detection Time-out Process Priority Terminal Device Launch a command  Process Priority Script Automatically REBOOT system Detection Time-out Process Priority Enable Lost I/O Detection Detection Time-out Display a warning message on a console Terminal Device Automatically REBOOT system smtctl parameters Parameter definition for the 'smtctl' command This parameter enable or disable the simultaneous multi-threading mode bosboot syscorepath parameters Parameter definition for the 'syscorepath' command Specifies a single system-wide directory where all core files of any processes will be dumped. Changes the primary or secondary dump device designation in a running system. Changes the primary or secondary dump device designation in a running system. traces parameters Parameter definition for the 'traceson' and 'tracesoff' commands Turns on or off tracing of a subsystem or a group of subsystems. Exactly one of the three target classes must be used. Turns on or off tracing of a subsserver. The type target is mandatory. System trace parameters. Management of the system trace control parameters. Specifies the default trace buffer size. The original default values are 128 KB and 256 KB for a 32- or 64-bit kernel. Setting a new default value will apply it to both kernels. Specifies the default log file path. The default value is /var/adm/ras/trcfile. Specifies the default log file path. The default value is /var/adm/ras/trcfile. Specifies the maximum buffer size a non-root user may specify. The default is 1 MB, 1048576 bytes. Specifies the default Component Trace log directory path. The default value is /var/adm/ras/trc_ct. Specifies the default Lightweight Memory Trace log directory path. The default value is /var/adm/ras/mtrcdir. Administration of the Trusted Execution function. Enable or disable the runtime integrity-verification function that is responsible for verifying of a file's cryptographic hash before being started. Enable or disable different security policies that are used with the Trusted Execution mechanism. Check that the clic.rte kernel extension is installed. Trusted Execution. Policies can only be activated when the TE option is set to ON. Checks the integrity of executable file that belongs to the TSD before starting it. Checks the integrity of shared libraries that belong to the TSD before loading them. Checks the integrity of shell scripts that belong to the TSD before starting them. Checks the integrity of the kernel extensions that belong to the TSD before loading them. Stops the loading of files that do not belong to the TSD. Stops the loading of files whose integrity check fails. Lock current policies. Disables opening of files belonging to the TSD in write mode. You cannot make any change to any TSD files. Disallows opening of a TSD file (/etc/security/tsd/tsd.dat) in write mode to disable editing of the TSD. The Trusted Execution path consists of a list of colon-separated absolute paths, for example, the /usr/bin:/usr/sbin. The files belonging to only these directory paths are allowed to be started. If an executable program that does not belong to the TEP is to be loaded, the program is blocked. The Trusted Library Path consists of a list of colon-separated absolute paths, for example, the /usr/lib:/usr/ccs/lib. The libraries belonging to only these directory paths can be loaded. If a program tries to load a library that does not belong to the TLP, the program is blocked. Hashing algorithm used to compute the hash_value field of the file definitions included in the TSD. Administration of the Trusted Signature Database (TSD). The Trusted Signature Database (TSD), which resides in /etc/security/tsd/tsd.dat, is used to store critical security parameters of trusted files present on the system. A trusted file is a file that is critical from the security perspective of the system, and if compromised, can jeopardize the security of the entire system. The Trusted Signature Database file. VIOS device attributes Some attributes of devices fcsX and hdiskX for VIOS Configure FCS Maximum Transfer Size Dynamic Tracking of FC Devices FC Fabric Event Error RECOVERY Policy Health Check Interval Health Check Mode Maximum TRANSFER Size Queue DEPTH Reserve Policy vmo parameters Parameter definition for the vmo command bosboot Parameter cannot be applied to a different device type Parameter cannot be applied to a device in the "Available" state. Either put the device in the "Defined" state, or set the parameter's applyType to "nextboot" in the profile. Parameter cannot be applied to a different node ctctrl parameters Parameter definition for the ctctrl command Name of the component Name of the component alias memory trace state memory trace level system trace state system trace level Buffer size of the component Has the component buffer been allocated bosboot errctrl parameters Parameter definition for the errctrl command Name of the component Name of the component alias Error check state Error check level disposition for low severity errors disposition for medium severity errors bosboot dumpCompTrace parameters Parameter definition for the dumpctrl command for all components Name of the component Name of the component alias Livedump state Live dump level System dump state System dump level bosboot skctl parameters Parameter definition for the skctl command Maximum number of hardware keys Number of hardware keys enabled Number of user keys Kernel key state bosboot 