EXAMPLE REPORT — real, unedited output (hostname sanitized) · AIX 7.3 executive← all reports
AIXray
by PowerTrue Systems · AIX · IBM Power · VIOS · Linux
Executive Summary

System health — aixdemo01

System: aixdemo01  ·  Scan date: 2026-07-03  ·  READ-ONLY — nothing was changed on the system
RED
70%
Your system needs attention now — see the top risks below.
Where things standby category
Lifecycle & support
1 to watch · 3 healthy
AMBER
Patch & vulnerability currency
8 healthy
GREEN
Storage & capacity
1 to fix · 16 healthy
RED
Performance & sizing
2 to watch · 8 healthy
AMBER
Errors & events
2 to watch · 7 healthy
AMBER
Availability & resilience
1 to fix · 2 to watch · 2 healthy
RED
Security & hardening
6 to fix · 5 to watch · 12 healthy
RED
Config hygiene
1 to fix · 2 to watch · 3 healthy
RED
Monitoring & operational readiness
3 to watch · 2 healthy
AMBER
Category results
CategoryHealthyWatchTo fixStatus
Lifecycle & support310AMBER
Patch & vulnerability currency800GREEN
Storage & capacity1601RED
Performance & sizing820AMBER
Errors & events720AMBER
Availability & resilience221RED
Security & hardening1256RED
Config hygiene321RED
Monitoring & operational readiness230AMBER
Top risksworst first
Critical
OS backup (mksysb) evidence
No recent OS backup evidence on this box — a rootvg loss means rebuild-from-scratch. (Local evidence only; confirm where mksysb lands and when it last ran.)
Addressable — see the technical report.
Critical
root account controls
root can log in directly over the network (rlogin=true) AND any user may attempt su to root (sugroups=ALL) — the classic 'root wide open' pair. Either alone is a gap; together, root is one guessed password away from a network login with no accountability. This is the OS account gate in /etc/security/user, separate from sshd's PermitRootLogin.
Addressable — see the technical report.
Critical
SSH root login
Direct SSH root login is open — a single brute-forceable credential with no accountability.
Addressable — see the technical report.
Critical
STIG network tunables
One or more kernel network options are set to a value the DISA STIG for IBM AIX 7.x flags — e.g. IP forwarding on a non-router, or TCP half-open connection cleanup disabled. Each is a documented hardening gap an auditor will flag.
Addressable — see the technical report.
Critical
STIG account policy
One or more account/password-policy attributes in /etc/security are weaker than the DISA STIG for IBM AIX 7.x mandates — each is a documented hardening gap an auditor will flag, and it applies to every account inheriting the default stanza.
Addressable — see the technical report.
What a scan cannot see

A scan reads what a system looks like right now. It cannot confirm that your backups actually restore, that monitoring alerts reach a person who acts on them, or that change-control, access reviews and day-to-day staff practices are being followed. This scan already flagged monitoring coverage as worth a closer look — the rest is a short conversation, not another tool.

This is the health of your systems, in plain terms. It is also what we do — every day, on systems like yours — and we watch them so the next finding never becomes an outage. Walk these results with an engineer (free, no obligation): powertruesystems.com.