https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593288#M231698 Hi Pedro,<BR />take a look on this:<BR /><BR /><A href="http://sabernet.home.comcast.net/papers/hp-ux10.html#1.0" target="_blank">http://sabernet.home.comcast.net/papers/hp-ux10.html#1.0</A><BR /><BR />For more specific details tell us some more specific information about your system and its functionalities.<BR /><BR />Rgds,<BR />Alex Mon, 01 Aug 2005 02:19:38 GMT Alessandro Pilati 2005-08-01T02:19:38Z https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593286#M231696 In order to optimize the security in my server HP-UX who ports and services disable ???. Thank you very much Sun, 31 Jul 2005 19:29:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593286#M231696 Pedro Tapia_2 2005-07-31T19:29:23Z https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593287#M231697 If you posted what applications and versions you run you might get a more exact answer. If you get too crazy with it you could break applications or parts of the OS. Mon, 01 Aug 2005 01:53:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593287#M231697 generic_1 2005-08-01T01:53:14Z https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593288#M231698 Hi Pedro,<BR />take a look on this:<BR /><BR /><A href="http://sabernet.home.comcast.net/papers/hp-ux10.html#1.0" target="_blank">http://sabernet.home.comcast.net/papers/hp-ux10.html#1.0</A><BR /><BR />For more specific details tell us some more specific information about your system and its functionalities.<BR /><BR />Rgds,<BR />Alex Mon, 01 Aug 2005 02:19:38 GMT https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593288#M231698 Alessandro Pilati 2005-08-01T02:19:38Z https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593289#M231699 Hi Pedro,<BR /> <BR />it depends on the purpose of your host.<BR /> <BR />There's been quite a good document about hardening a HP-UX 11 host like for a DMZ bastion host reappearing on various websites.<BR /> <BR />Here is one of those links:<BR /> <BR /><A href="http://www.unixadm.net/hp/bastioning_hpux.11.html" target="_blank">http://www.unixadm.net/hp/bastioning_hpux.11.html</A><BR /> <BR /> <BR />You may get some ideas of what could be done to increase services' security.<BR /> <BR />Also you could try the program Bastille which I read about will aid in hardening.<BR />It even might be on the HP's Internet Express.<BR /> <BR />You could also run checks from a Nessus server against your host.<BR />Nessus has tons of plug-ins for all kinds of security checks.<BR />And if your still dissatesfied it has an own interpreter with syntax close to C that would enable you to write your own check plug-ins. Mon, 01 Aug 2005 02:25:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593289#M231699 Ralph Grothe 2005-08-01T02:25:52Z https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593290#M231700 Addendum,<BR />HP already have included Bastille in their toolbox as I found out here<BR /> <BR /><A href="http://docs.hp.com/en/5990-6737/ch07s06.html" target="_blank">http://docs.hp.com/en/5990-6737/ch07s06.html</A><BR /> <BR />and they also included Nessus in their Internet Express<BR /> <BR /><A href="http://docs.hp.com/en/5990-8580/ch01s02.html" target="_blank">http://docs.hp.com/en/5990-8580/ch01s02.html</A> Mon, 01 Aug 2005 02:36:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593290#M231700 Ralph Grothe 2005-08-01T02:36:25Z https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593291#M231701 First that nothing, thank you very much by the attention and its answers. The server is rp7410 with HP-UX 11.11 and IBM Informix 7.31 FD8 as database engine. This server this within my LAN and supports to applications Client/Server and WEB. The users in a 95% connect via ODBC<BR />Thanks Mon, 01 Aug 2005 12:02:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593291#M231701 Pedro Tapia_2 2005-08-01T12:02:09Z https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593292#M231702 If I could make a further pith for Bastille.<BR /><BR />It comes with 11.23 and up, but is free to download for 11.00 and 11.11;<BR /><A href="http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA" target="_blank">http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA</A><BR /><BR />I think it does exactly what you're asking for (disabling services), it is more recent than the Bastion host whitepaper, has an easy-to-use, educational GUI, and can even help you set up a host-based firewall (with IPFilter) to allow you do specify which ports you *want* exposed to the net vs. the other way around. It has ~79 things it does total, including the services disablement you mention.<BR /><BR />(can you tell I'm on the Bastille team :-) )<BR /><BR />Anyway, let me know if the tool doesn't meet your needs. We're always interested in feedback.<BR /><BR /> Mon, 01 Aug 2005 16:13:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/services-security/m-p/3593292#M231702 Robert Fritz 2005-08-01T16:13:13Z