- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Parameters for HP-UX servers
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-17-2010 11:34 PM
тАО06-17-2010 11:34 PM
Parameters for HP-UX servers
How to find the following options in a HP-UX server?
tcp_syn_rcvd_max
arp_cleanup_interval
ip_forward_src_routed
ip_forward_directed_broadcasts
ip_respond_to_timestamp
ip_respond_to_timestamp_broadcast
ip_respond_to_address_mask_broadcast
ip_respond_to_echo_broadcast
tcp_isn_passprase
ip_send_redirects
ip_forwarding
Non executable stack area
Kernel level auditing is enabled
Logging from inet.d is enabled
Log permissions prevent log modification
Minimum length
Password maximum age
Password minimum age
Strong password policies are enforced
Password warn age
Nobody access to RPC is disabled
No "." or World writable directory in roots $PATH
All user dot-files are not world writable
su is not used for system management
sudo is configured
sudo configuration prevents execution of su
sudo configuration prevents direct execution of shell
The partitions are mounted with specific options
/home nosuid ?
/var nosuid ?
/tmp defaults ?
/var/log nosuid ?
Regards
Feng Lin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-17-2010 11:59 PM
тАО06-17-2010 11:59 PM
Re: Parameters for HP-UX servers
Check the following link -
http://docs.hp.com/en/1219/tuningwp.html
http://docs.hp.com/en/939/KCParms/KCparams.OverviewAll.html
In general for HPUX docs, refer -
http://h20000.www2.hp.com/bizsupport/TechSupport/Product.jsp?lang=en&cc=us&taskId=101&prodClassId=10008&contentType=SupportManual&docIndexId=64255&prodTypeId=18964&prodCatId=391525&prodSubCatId=3197900
Hope this helps.
Regards,
Murali
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2010 04:02 AM
тАО06-18-2010 04:02 AM
Re: Parameters for HP-UX servers
> tcp_syn_rcvd_max
> arp_cleanup_interval
> ip_forward_src_routed
> ip_forward_directed_broadcasts
> ip_respond_to_timestamp
> ip_respond_to_timestamp_broadcast
> ip_respond_to_address_mask_broadcast
> ip_respond_to_echo_broadcast
> tcp_isn_passprase
> ip_send_redirects
> ip_forwarding
Run the command: ndd -h
> Non executable stack area
> Kernel level auditing is enabled
> Logging from inet.d is enabled
>Log permissions prevent log modification
> Minimum length
> Password maximum age
> Password minimum age
> Strong password policies are enforced
> Password warn age
Run the command: sam
and look at the Auditing and Security areas.
> Nobody access to RPC is disabled
Run the command: showmount -e
> No "." or World writable directory in roots $PATH
Finding "." in $PATH is determined by examining the string. However, "." is implied by two :: in $PATH or by a single : at the end of the PATH. The attached script will make this job much easier. It will also find duplicate paths, paths that are symlinks and will look at both /etc/PATH as well as the current $PATH.
> All user dot-files are not world writable
Not really a complete description, so I will assume you don't mean every file on the system but only files in user $HOME directories. This is a simple command for /home directories only. If you use non-standard $HOME directories, you'll need to add more code.
find /home -type f -perm -002 -name ".*" -exec ls -la {} \*
> su is not used for system management
That is a procedure and not something that is turned on or off. You can look in /var/adm/sulog to see when su was used but there is no log kept beyond the start of su. Ask all the people who have the root password.
> sudo is configured
> sudo configuration prevents execution of su
> sudo configuration prevents direct execution of shell
First, determine if sudo is even installed:
swlist -l product | grep -i sudo
However, if someone built sudo from open source code, then you'll have to search for it. As far as configuration, read the contents of the sudoers file using the command visudo. You'll need an understanding of sudo keywords and parameters (man sudooers).
> The partitions are mounted with specific options
> /home nosuid ?
> /var nosuid ?
> /tmp defaults ?
> /var/log nosuid ?
Use the command: mount
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-20-2010 06:15 PM
тАО06-20-2010 06:15 PM
Re: Parameters for HP-UX servers
I got the following results after typing 'mount'
/ on /dev/vg00/lvol3 ioerror=nodisable,log,dev=40000003 on Wed Apr 14 17:35:42 2010
/stand on /dev/vg00/lvol1 defaults,dev=40000001 on Wed Apr 14 17:35:43 2010
/var on /dev/vg00/lvol8 ioerror=mwdisable,delaylog,dev=40000008 on Wed Apr 14 17:35:46 2010
/usr on /dev/vg00/lvol7 ioerror=mwdisable,delaylog,dev=40000007 on Wed Apr 14 17:35:46 2010
/tmp on /dev/vg00/lvol6 ioerror=mwdisable,delaylog,dev=40000006 on Wed Apr 14 17:35:47 2010
/opt on /dev/vg00/lvol5 ioerror=mwdisable,delaylog,dev=40000005 on Wed Apr 14 17:35:47 2010
/home on /dev/vg00/lvol4 ioerror=mwdisable,largefiles,delaylog,dev=40000004 on Wed Apr 14 17:35:47 2010
/archive on /dev/vg01/lvarchive ioerror=mwdisable,largefiles,delaylog,dev=40010001 on Wed Apr 14 17:35:47 2010
/app on /dev/vg01/lvapp ioerror=mwdisable,largefiles,delaylog,dev=40010002 on Wed Apr 14 17:35:47 2010
So what's the answer for the following
> /home nosuid ?
> /var nosuid ?
> /tmp defaults ?
> /var/log nosuid ?
----
> Non executable stack area
> Kernel level auditing is enabled
> Logging from inet.d is enabled
>Log permissions prevent log modification
Run the command: sam
and look at the Auditing and Security areas.
I can't find the answer for the above 4 items.
Regards
Feng Lin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-20-2010 07:40 PM
тАО06-20-2010 07:40 PM
Re: Parameters for HP-UX servers
these are the options with which file system has been mounted.
#nosuid Set-user-ID execution not allowed.
#defaults Use all default options
read man page for more information.
BR,
Kapil+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-21-2010 02:31 AM
тАО06-21-2010 02:31 AM
Re: Parameters for HP-UX servers
>Kernel level auditing is enabled
>Logging from inetd is enabled
>I can't find the answer for the above 4 items.
See executable_stack(5).
See audsys(1M), audevent(1M) and audisp(1M).
See -l option of inetd(1m).