HPE Community
Operating System - HP-UX
1752705 Members
6234 Online
108789 Solutions
New Discussion юеВ

Harden Linux, HPUX and Solaris servers

 
Grayh
Trusted Contributor

тАО07-26-2008 08:14 AM

тАО07-26-2008 08:14 AM

Harden Linux, HPUX and Solaris servers

Hi Gurus,

Could you help me in hardening Linux, HPUX and Solaris servers starting from scratch.May be some tips or some docs. should be of good help to me.

Thank you.
0 Kudos
12 REPLIES 12
James R. Ferguson
Acclaimed Contributor

тАО07-26-2008 08:22 AM

тАО07-26-2008 08:22 AM

Re: Harden Linux, HPUX and Solaris servers

Hi:

Bastille !

In recent HP-UX releases, this get be setup to run during installation.

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

Follow the links in the product overview for more information on HP-UX systems.

See also:

http://sourceforge.net/projects/bastille-linux/

http://bastille-linux.sourceforge.net/

Regards!

...JRF...

0 Kudos
Grayh
Trusted Contributor

тАО07-26-2008 08:33 AM

тАО07-26-2008 08:33 AM

Re: Harden Linux, HPUX and Solaris servers

Thanks James for the info.

As I understand from the docs... to harden a HP-UX Box...

I have to install the HP-UX Bastille from the below web-site.

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

After installing this tool the server is said to be hardened.

JRS... plz let me know if my understanding is correct else plz help me understand it better.
0 Kudos
Jeeshan
Honored Contributor

тАО07-26-2008 08:40 AM

тАО07-26-2008 08:40 AM

Re: Harden Linux, HPUX and Solaris servers

ya bastille is the good one for HP-UX. also you can use PAM.

PAM, SELinux, TCP Wrapper, IPTABLES is the best way to hardenning in Linux.

In Solaris you can use bastille also.
a warrior never quits
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО07-26-2008 08:52 AM

тАО07-26-2008 08:52 AM

Re: Harden Linux, HPUX and Solaris servers

Hi (again):

> After installing this tool the server is said to be hardened.

No. You need to read the documentation I suggested including the links in the HP-UX product spec-sheet.

For example, if you are cold-installing HP-UX 11.23 or later, Bastille is included by default:

http://docs.hp.com/en/5992-1978/ch03s05.html#babhdgia

Bastille can be run to first produce a report of suggested actions. Based on *your* specific needs (including adjustments your users may need to make) you then decide what to harden or lockout. At that point, you run Bastille to actually perform the configuration changes. You need to understand what you want to achieve, why and how is impacts your running environment.

Regards!

...JRF...
0 Kudos
Grayh
Trusted Contributor

тАО07-26-2008 08:53 AM

тАО07-26-2008 08:53 AM

Re: Harden Linux, HPUX and Solaris servers

could you plz tell me the procedure to harden a hp-ux box
0 Kudos
Grayh
Trusted Contributor

тАО07-26-2008 09:09 AM

тАО07-26-2008 09:09 AM

Re: Harden Linux, HPUX and Solaris servers

Hi James ....

thanks for the info..

what is ment by "lockdown of a system".
0 Kudos
James R. Ferguson
Acclaimed Contributor

тАО07-26-2008 09:32 AM

тАО07-26-2008 09:32 AM

Re: Harden Linux, HPUX and Solaris servers

Hi (again):

> what is ment by "lockdown of a system".

"Lockdown" is the action or process of prventing use or intrusion.

Some of the tables in one of the links I offered will help you understand:

http://docs.hp.com/en/5992-1978/ch03s05.html#babhdgia

Please don't forget to provide feedback when you are satisfied with the help you have received:

http://forums11.itrc.hp.com/service/forums/helptips.do?#33

Regards!

...JRF...
0 Kudos
Grayh
Trusted Contributor

тАО07-26-2008 10:11 AM

тАО07-26-2008 10:11 AM

Re: Harden Linux, HPUX and Solaris servers

Now Correct me If I am wrong:-

Hardning a HP-UX OS

0.Login as root
1.Install HP-UX Bastille with Ignite-UX from the OE cd.
2.First time use it interactivelly (Bastille -X) to build system security config.
3.Answer the Questions which explains a security issue as desired by myself for the perticular Server.
4.Select security levels(Sec10Host;Sec20MngDMZ or Sec30DMZ).
5.Save the configuration and apply changes.

Plz correct me if I am wrong either in the procedure or the sequence of steps if they are incorrect.

Monday I will be Hardning my first Server.. So just wanted to be on the safe side that I have understood the whole thing.

Also I need to know the how to do the same on a SUN & a LinuX Box.Plz help me.
0 Kudos
George_Dodds
Honored Contributor

тАО07-26-2008 02:19 PM

тАО07-26-2008 02:19 PM

Re: Harden Linux, HPUX and Solaris servers

Here's an old but still handy resource for linux hardening

http://www.ibm.com/developerworks/linux/library/l-seclnx3/

There's plenty of linux docs out there, just use google.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.