- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Bastille configuration
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-10-2005 10:07 PM
тАО10-10-2005 10:07 PM
after having installed bastille is happening an unwanted thing: now our monitoring tool (Big Brother) that is running with the bb user is producing an html page with read privilege just for bb itself so when I open the web page in a browser but with another accout than bb, I'm getting "Forbidden" message.
Yes, I can change mode on the file, but how can I set it into bastille, is there any configuration file ?
Solved! Go to Solution.
- Tags:
- bastille
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-10-2005 10:10 PM
тАО10-10-2005 10:10 PM
Solution- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-10-2005 10:24 PM
тАО10-10-2005 10:24 PM
Re: Bastille configuration
Otherwise you should be able to just change permissions on the file/folder or the user umask.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-11-2005 03:18 AM
тАО10-11-2005 03:18 AM
Re: Bastille configuration
Now all newly created files have RW privilege for the owner only.
How can I solve it ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-12-2005 05:10 AM
тАО10-12-2005 05:10 AM
Re: Bastille configuration
Installing Bastille by itself (or one of the ITS levels) won't actually change your system. Only by going throught the interface, and requesting changes, will Bastille help configure the system.
I agree with Steven that the most likely source of issue is around the Apache chroot question. If requested, Bastille runs the /opt/hpws/apache/util/chroot_os_cp.sh, that comes from Apache.
This does a lot of the work of setting up a chroot jail for Apache, but you still have to put in the resources / files you want Apache to serve out in order to make pages functional. As Steven mentioned, these instructions are in: /var/opt/sec_mgmt/bastille/TODO.txt. Either you or another admin must have followed these instructions to get the page to work at all. The manual actions is where I'd expect the permission issue to have been introduced. There's no "configuration file" since moving the files is a manual exercise.
Now, similarly, Bastille can't "revert" actions it wasn't involved in, so if it notices a jail it helped create during a revert "-r", it undoes what it did, then gives you instructions on how to complete the rest of the revert in: /var/opt/sec_mgmt/bastille/TOREVERT.txt
I'll admit not knowing how Big Brother works... so I'll toss in one more, probably unlikely, possibility... if Big Brother uses a world-writeable directory... that also could be changed via the corresponding question in Bastille, by manually editing and running the script that Bastille generates, per teh TODO.txt instructions. Did you run this script? Was a Big Brother directory in that script?
-Hope that helps,
-Robert
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-12-2005 05:21 AM
тАО10-12-2005 05:21 AM
Re: Bastille configuration
The umask setting in Bastille would also affect permissions on newly created files. Old files would persist with their more restrictive permissions, and new files would continue to be created with the new perms even after revert, until the bb account session was logged out/in.
The umask setting can be changed granularly in Bastille (exact perms).