Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

AIX Hardening

News

See also

Redbooks IBM Links Recommended Links Recommended Papers FAQs Security Log administration
Man pages Security Hardening for Tivoli servers  Classic unix Tools Patches

Open source software

Admin Horror Stories

 Random Findings Humor  Etc

While Solaris hardening is a well-established procedure usually based on JASS, AIX hardening is a very fuzzy area with few good papers and even less good scripts.  Many component exists here and their but integration is not here. It's not easy to make a machine-hardening script written for Solaris to run on AIX, but still it's possible. One version of Titan can harden AIX but of course it needs serious modification and tuning before you can run it on production AIX 5.3 server (unless you have some grudges against your current company :-)

Some random points:

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

AIX Security Expert

AIX 5.3 enables the root user to create multiple instances of AIX on a single root volume group (rootvg).

A new utility, /usr/sbin/multibos, is supplied in AIX 5L Version 5.3 with the 5300-03 Recommended Maintenance package package to create and manage a new instance of the operating system, so that there are two distinct and bootable instances within a single rootvg. The running instance, called the active base operating system (BOS), can be in production. Meanwhile, multibos operations are used to modify the non-running instance, which is called the standby BOS. The multibos utility enables the root user to set up, access, maintain, update, and customize the new instance of the BOS.

Securing an AIX system Stanford university

Actually this is about hardening
  1. Install the latest patches
    AIX uses the fixperms program to download patches. Go to:
    http://service.software.ibm.com/cgi-bin/support/rs6000.support/downloads
    NOTE: THIS DOES NOT INSTALL THE PATCHES. YOU MUST INSTALL THEM VIA smit AFTER DOWNLOAD

    More Information and Help on Patches

  2. Install AFS
    Although AFS isn't essential for secure computing at stanford, it provides an easy mechanism for integrating users across machines. It also provides trusted binaries and various security packages so you won't have to compile them yourself.

    AFS is available via WebAuth (i.e. authenticated with your leland ID) at:
    http://lelandsystems.stanford.edu/dist/afs-clients/supported/

    After downloading, follow the instructions for installing: http://lelandsystems.stanford.edu/services/afs/sysadmin/install/aix/

  3. Install Kerberos
    Now that you have installed AFS, all you have to do is run:

    If you have decided not to install AFS, please see:
    Kerberos without AFS.

    If any of the above didn't make sense, please see:
    More Information and Help on Kerberos

  4. Configure TCP Wrappers
    Add ".stanford.edu" to your /etc/hosts.allow file. It should look like:
    sendmail: ALL
    ALL: LOCAL, .stanford.edu

    Your /etc/hosts.deny file should disallow anything not explicitly stated in /etc/hosts.allow, i.e.:
    ALL: ALL

    Easy Installation - Download the hosts.allow and hosts.deny file and copy then to /etc.

    More Information on TCP Wrappers

  5. Double check your inetd.conf file
    We recommend that the inetd.conf file look like:
    # Kerberos services 
    eklogin stream tcp nowait root /usr/sbin/tcpd /etc/leland/klogind -ke 
    kshell  stream tcp nowait root /usr/sbin/tcpd /etc/leland/kshd -k 
    ident   stream tcp nowait root /usr/sbin/tcpd /etc/leland/sidentd 
    kftgtd  stream tcp nowait root /usr/sbin/tcpd /etc/leland/kftgtd
    telnet  stream tcp nowait root /usr/sbin/tcpd /etc/leland/telnetd -a user
    daytime stream tcp nowait root internal
    
    Remember: After changed inetd.conf, you must send the inetd process a HUP signal so it re-reads the file and takes effect:
    # kill -HUP (inetd pid)

    Note: If you want to run the kerberos popper server, you will need another srvtab specifically for that service in order for certain mail readers to work. Please contact srvtab-request@leland for the srvtab.pop srvtab.

    Easy Installation - Download the file and copy it over /etc/inet/inetd.conf

    More Information and Help on inetd

  6. Install the latest sendmail
    The latest sendmail version can be installed from http://www.sendmail.org .

    More Information and Help on Sendmail

  7. Configure Logging Appropriately

    AIX by default does not log very much. Instead, I suggest the following /etc/syslog.conf file:
    mail.debug                                              /var/adm/maillog
    mail.none                                               /var/adm/maillog
    auth.notice                                             /var/adm/authlog
    lpr.debug                                               /var/adm/lpd-errs
    kern.debug                                              /var/adm/messages
    *.emerg;*.alert;*.crit;*.warning;*.err;*.notice;*.info  /var/adm/messages
    
    Of course if the files mentioned in the right hand side don't exist, you will have to "touch" then to create them.

    More Information and Help on Logging

  8. Run the "fixperms" script
    The fixperms script will fix the file permissions on your system with security in mind. The fixperms script is available at /usr/pubsw/sbin/fixperms.

    More Information on AIX Permissions

  9. Install ifstatus

    ifstatus will report when an ethernet card is in promiscuous mode. Since it only generates output when a card is in promiscuous mode it is much easier to put in crontab, say every hour, than ifconfig. To add to crontab, type:
    30 * * * * /usr/pubsw/sbin/ifstatus
    to run ifstatus at half past every hour.

    ifstatus is also available for download: http://security.stanford.edu/tools/ifstatus-2.1.tar.Z
    More Information on Promiscuous Mode and Detection

  10. Request a Security Scan

    Have your systems security posture evaluate by the outside. We will scan your system for any potential or real signs of weakness.

SANS Reading Room

[PDF] AIX Benchmark v1.0.1

Basic list of steps to harden AIX. Not much interesting. No scripts yet.

AIX Security Expert

AIX Security Expert provides a center for all security settings (TCP, NET, IPSEC, system, and auditing).

AIX Security Expert is a system security hardening tool. AIX Security Expert provides simple menu settings for High Level Security, Medium Level Security, Low Level Security, and AIX Standard Settings security that integrate over 300 security configuration settings while still providing control over each security element for advanced administrators. AIX Security Expert can be used to implement the appropriate level of security, without the necessity of reading a large number of papers on security hardening and then individually implementing each security element.

AIX Security Expert can be used to take a security configuration snapshot. This snapshot can be used to set up the same security configuration on other systems. This both saves time and ensures that all systems have the proper security configuration in an enterprise environment.

AIX Security Expert can be run from Web-based System Manager, SMIT, or you can use the aixpert command.

Strengthening AIX Security A System-Hardening Approach

March 2002. AIX is an open UNIX operating environment that provides increased levels of integration, flexibility, and reliability that are essential for meeting the high demands of today's e-business applications. This focus on versatility allows AIX to be used under a wide variety of workloads, from running on a symmetric multiprocessor, capable of managing thousands of transactions per minute, to running on a single-node workstation used for application development.

Because one of the goals of AIX is to achieve this level of versatility and power, many services are immediately available when you finish installing the operating system. However, this can result in a configuration that is vulnerable to security exposures if the system is not configured appropriately. To minimize the number of possible security exposures, the system administrator must be able to identify the workload characteristics of the environment. System hardening is a global philosophy of system security that focuses strongly not only on detection, but also on prevention. It involves removing unnecessary services from the base operating system, restricting user access to the system, enforcing password restrictions, controlling user and group rights, and enabling system accounting.

GeodSoft How-To Hardening Systems, Users, Groups and Security

PAM Under AIX Information Page

AIX has its own authentication framework, which is called the Loadable Authentication Module (LAM) system. So when using PAM under AIX, there are actually two different authentication systems in use. Both provide similar functionality, and both are modular, but they're designed very differently in terms of application API, module API, and config file format.

If you have an application that uses the PAM application API, it will use the PAM modules configured in /etc/pam.conf; if you have an application that uses the LAM application API, it will use the LAM modules configured in /usr/lib/security/methods.cfg.

The LAM module API for AIX 5.2 is documented here:

http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixprggd/kernextc/sec_load_mod.htm
The LAM module API was not documented in AIX 4.3, but my guess is that it was probably the same.

AIX 4.3 does not include PAM. However, I've written a patch for building Linux-PAM under AIX.

The patch includes a PAM module called pam_aix that "converts" PAM calls into the corresponding LAM calls, so that PAM-aware applications can make use of LAM even though they don't have any knowledge of the LAM application API. Because LAM provides AIX's default authentication mechanism, pam_aix can be used as the default module in /etc/pam.conf, much as pam_unix is on other platforms. For example:

other   auth     required       /usr/local/lib/security/pam_aix.so
other   account  required       /usr/local/lib/security/pam_aix.so
other   session  required       /usr/local/lib/security/pam_aix.so
other   password required       /usr/local/lib/security/pam_aix.so

The stock AIX 5.1 CDs do not include PAM. Starting with ML01, the PAM library is included. However, no PAM modules are supplied and there is no default /etc/pam.conf file.

To address this problem, IBM has backported their implementation of the pam_aix module from AIX 5.2 and made it available for AIX 5.1:

https://techsupport.services.ibm.com/server/nav/pam
Note that IBM's implementation of pam_aix was done completely independently of the one I wrote for AIX 4.3. It does not support the same options, but it works the same otherwise.

AIX 5.2 has full support for PAM. It ships with the PAM library, the pam_aix module, and a default /etc/pam.conf file.

Similarly to the way that pam_aix "converts" from PAM to LAM, AIX 5.2 also includes a LAM module that "converts" from LAM to PAM. The IBM documentation refers to this as the "PAM module", which is extremely confusing; to avoid this, I will refer to this module using its full path, /usr/lib/security/PAM.

As mentioned above, pam_aix is a PAM module that you configure in /etc/pam.conf, and it allows PAM-aware applications to make use of LAM even though they don't have any knowledge of the LAM application API. Conversely, /usr/lib/security/PAM is a LAM module that you configure in /usr/lib/security/methods.cfg, and it allows LAM-aware applications to make use of PAM even though they don't have any knowledge of the PAM application API.

The /usr/lib/security/PAM LAM module is documented here:

http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixbman/security/pam_overview.htm
Unfortunately, /usr/lib/security/PAM is not a very elegent solution, because it requires major modifications on the part of any PAM module that you want to use with it. Because the LAM API does not support the notion of a conversation function, all PAM modules must be modified to use the pam_get_item() and pam_set_item() calls to communicate with the application.

(If you're familiar with the PAM and LAM APIs, it's pretty obvious why this is a problem. PAM uses an out-of-band mechanism (the conversation function) to communicate with the application, while the LAM API uses iterative calls to the authenticate() function. Even if /usr/lib/security/PAM supplied its own conversation function for communicating with PAM, there's no reasonable way for the conversation function to jump back into the initial stack frame of the original authenticate() call without losing state between each iteration.)

Unfortunately, because the native AIX binaries (e.g., /bin/login and /bin/su) still call LAM directly, there is no reasonable way for them to use existing off-the-shelf PAM modules. The only alternative is to try to replace the native AIX binaries with open source alternatives that are PAM-aware, but that's a fairly complicated proposition, and I don't know of anyone who's actually tried to do that.

AIX 5.3 finally has native PAM support in all of the native AIX binaries (e.g., /bin/login, /bin/su, etc). By default, these binaries will still use the historic AIX authentication mechanism, but they can be configured to use PAM instead by changing a setting in /etc/security/login.cfg. For details, see:
http://publib.boulder.ibm.com/infocenter/pseries/index.jsp?topic=/com.ibm.aix.doc/aixbman/security/pam_overview.htm

Securing an AIX system

AIX Network Hardening

pSeries and AIX Information Center

AIX® security services can be configured to call PAM modules through the use of the existing AIX loadable authentication module framework.

Note: Prior to AIX 5.3 a loadable authentication module PAM was used to provide PAM authentication to native AIX applications. Due to differences in behavior between this solution and a true PAM solution, the PAM loadable authentication module is no longer the recommended means to provide PAM authentication to native AIX applications. Instead, the auth_type attribute in the usw stanza of /etc/security/login.cfg should be set to PAM_AUTH to enable PAM authentication in AIX. For more information on the auth_type attribute, see /etc/security/login.cfg. Use of the PAM loadable authentication module is still supported, but it is deprecated. You should use the auth_type attribute to enable PAM authentication.

When the /usr/lib/security/methods.cfg file is set up correctly, the PAM load module routes AIX security services (passwd, login, and so on) to the PAM library. The PAM library checks the /etc/pam.conf file to determine which PAM module to use and then makes the corresponding PAM SPI call. Return values from PAM are mapped to AIX error codes and returned to the calling program.

Figure 1. AIX Security Service to PAM Module Path

This illustration shows the path that an AIX security service call takes when PAM is configured correctly. The PAM modules shown (pam_krb, pam_ldap, and pam_dce) are listed as examples of third-party solutions.

The PAM load module is installed in the /usr/lib/security directory and is an authentication-only module. The PAM module must be combined with a database to form a compound load module. The following example shows the stanzas that could be added to the methods.cfg file to form a compound PAM module with a database called files. The BUILTIN keyword for the db attribute designates the database as UNIX® files.

PAM:
        program = /usr/lib/security/PAM

PAMfiles:
        options = auth=PAM,db=BUILTIN
Creating and modifying users is then performed by using the -R option with the administration commands and by setting the SYSTEM attribute when a user is created. For example:
mkuser -R PAMfiles SYSTEM=PAMfiles registry=PAMfiles pamuser
This action informs further calls to AIX security services (login, passwd, and so on) to use the PAM load module for authentication. While the files database was used for the compound module in this example, other databases, such as LDAP, can also be used if they are installed. Creating users as previously described will result in the following mapping of AIX security to PAM API calls:
         AIX                     PAM API
        =====                   =========
        authenticate       -->  pam_authenticate
        chpass             -->  pam_chauthtok
        passwdexpired      -->  pam_acct_mgmt
        passwdrestrictions -->  No comparable mapping exists, success returned

Customizing the /etc/pam.conf file allows the PAM API calls to be directed to the desired PAM module for authentication. To further refine the authentication mechanism, stacking can be implemented.

Data prompted for by an AIX security service is passed to PAM through the pam_set_item function because it is not possible to accommodate user dialog from PAM. PAM modules written for integration with the PAM module should retrieve all data with pam_get_item calls and should not attempt to prompt the user to input data because this is handled by the security service.

Loop detection is provided to catch possible configuration errors in which an AIX security service is routed to PAM and then a PAM module in turn attempts to call the AIX security service to perform the operation. Detection of this loop event will result in an immediate failure of the intended operation.

Note: The /etc/pam.conf file should not be written to make use of the pam_aix module when using PAM integration from an AIX security service to a PAM module because this will result in a loop condition.

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

[PDF] AIX 5L Version 5.3: Security  -- IBM redbook. Pretty current but semi-useful...

AIX Network Hardening

Center for Internet Security - AIX Benchmark

[PDF] AIX 5L Version 5.3: Security Guide

http://www.bull.de/pub/

Elements of Security: AIX 4.1
 
AIX inventory scripts from various sources
 
AIX 4.3 Bastion Host Guidelines Nishchal Bhalla June 5, 2001 (outdated)
 
http://www.faqs.org/faqs/aix-faq/
 
Comp.Unix.Aix newsgroup archive
 
Syslog and errorlog tools ( Cinnamon, Error reporter, Sysinfo script )
 
Mail Service Setup for AIX Systems

IBM AIX Security white paper

AIX Security Checklist

Recommended Papers

[PDF] AIX Benchmark v1.0.1

Basic list of steps to harden AIX. Not much interesting. No scripts yet.

[PDF] Implementing and maintaining AIX security policies by Andre Derek Protas (36 pages)

This paper is meant to serve as an introductory guide to the basic security and server hardening functions present in AIX. Many of the features and functions shown throughout this guide are applicable to AIX 4.3 and above, but are more directed toward AIX 5.2. This guide attempts to cover a lot of ground and offers useful and necessary insight for anyone administering AIX machines.

Strengthening AIX Security A System-Hardening Approach

March 2002. AIX is an open UNIX operating environment that provides increased levels of integration, flexibility, and reliability that are essential for meeting the high demands of today's e-business applications. This focus on versatility allows AIX to be used under a wide variety of workloads, from running on a symmetric multiprocessor, capable of managing thousands of transactions per minute, to running on a single-node workstation used for application development.

Because one of the goals of AIX is to achieve this level of versatility and power, many services are immediately available when you finish installing the operating system. However, this can result in a configuration that is vulnerable to security exposures if the system is not configured appropriately. To minimize the number of possible security exposures, the system administrator must be able to identify the workload characteristics of the environment. System hardening is a global philosophy of system security that focuses strongly not only on detection, but also on prevention. It involves removing unnecessary services from the base operating system, restricting user access to the system, enforcing password restrictions, controlling user and group rights, and enabling system accounting.

[DOC] Building and securing an Intranet mail server with AIX 5

SecurityDocs Comment on Implementing and Maintaining AIX Security Policies

This paper is meant to serve as an introductory guide to the basic security and server hardening functions present in AIX. Many of the features and functions shown throughout this guide are applicable to AIX 4.3 and above, but are more directed toward AIX 5.2. Since security is and will always remain a major issue in server environments, it is crucial that system administrators have a strong working knowledge of security policy implementation and hardening features. This knowledge can be applied to new systems, or to bring older systems up to date.

All administrators should have a thorough understanding of what is presently installed and running on their system. But, with the wide range of server applications, administration specialization is often necessary. Therefore, it is imperative that at least one primary and one secondary administrator per team maintain a strong working knowledge of security. By staffing administrators with security emphasis, the system will be maintained with the newest updates, programs, and patches that deal with security or server hardening issues.

Keep in mind that security is defined on a server-by-server basis. Administrators should not implement any of these security features without personal research as some may cause software conflicts. Each feature must be fully understood and the system checked to ensure that the server will properly handle the security change. All tests should be made on a Proof of Concept box prior to production, as well as making sure all changes have gone through Change Management prior to implementation. Also, a backup of important files with a well-documented backout plan should always be utilized, especially when dealing with larger installs of security features on production servers.

Network security is very sturdy but should not be relied upon to the point of ignoring stand- alone security or server hardening features. Do not depend only on network security to safeguard the servers. This is the last line of defense, not the first. Many times networking can be bypassed internally within a company, or externally by accessing one vulnerable machine present on the network and running telnet/rsh to another server. One vulnerable node is very likely to be able to take down an entire network. Network security is very powerful, but should be used as a supplement, not a crutch.

Hardening AIX Unix by Seán Boran

Just an a very raw outline.

NOTE: This is an early working draft, and as such is not very easy to read. I apologise for this, but the idea is to produce an outline, which then can be improved up and refined.

AIX Security Mechanisms



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: June 04, 2016