https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841715#M273418 Tim,<BR />it's probably down to what you get used to.<BR />Even if the data is not critical, the machine would still give access to your network.<BR />I would certainly go ahead with your suggested changes, even only to get the new systems to the standard required in your company.<BR />May be worhtwhile running a few checks on the systems to ensure they were not compromised. Audit all the users and get them to chnage passwords etc.. Fri, 11 Aug 2006 03:55:13 GMT Peter Godron 2006-08-11T03:55:13Z https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841712#M273415 Hi,<BR /><BR />I have been asked to look at 2 HPUX 11 servers in a company we have taken over &amp; have some queries.<BR /><BR />1. Neither system is set up as a trusted system with no password ageing etc. Passwords held in encrypted form in /etc/passwd. My own servers are trusted systems since day 1. Am I correct in recommending that they should be trusted.<BR /><BR />2. Root should only be able to login at console &amp; not ftp - correct? All users are allowed ftp which I don't agree with. No secure ftp<BR />There is no Web console.<BR /><BR />3. Ignite not being run - this should be run regularly &amp; the files copied to the oposite server. This is what I do on my servers &amp; need to know if this is correct.<BR /><BR />4. Finally, I run SysInfo on my servers once a week on the crontab &amp; copy off the output. There is no SysInfo on these servers. Does this need to be downloaded &amp; installed.<BR /><BR />Thanks,<BR /><BR />Tim<BR /><BR /><BR /> Fri, 11 Aug 2006 03:38:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841712#M273415 Tim O'Connell 2006-08-11T03:38:53Z https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841713#M273416 All correct. go ahead and do that. You may also want to check that ignite versions are latest on these systems. Fri, 11 Aug 2006 03:42:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841713#M273416 RAC_1 2006-08-11T03:42:59Z https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841714#M273417 Shalom Tim,<BR /><BR />So long as you are not using NIS going for trusted systems is a good idea.<BR /><BR />Ignite should be run on all systems once a week . If the system has a tape drive, I advocate make_tape_recovery, if not use make_net_recovery to a NFS shared mount point.<BR /><BR />I also recommend downloading and installing Bastille and PERL5 from <A href="http://software.hp.com" target="_blank">http://software.hp.com</A> in order to make your system more secure.<BR /><BR />root should NEVER have ftp access. Its a major security flaw to permit it and because ftp sends paswords back and forth in clear text, its a great way to get your root password hacked.<BR /><BR />Secure Shell (software.hp.com) should be used in place of telnet.<BR /><BR />SEP Fri, 11 Aug 2006 03:52:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841714#M273417 Steven E. Protter 2006-08-11T03:52:54Z https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841715#M273418 Tim,<BR />it's probably down to what you get used to.<BR />Even if the data is not critical, the machine would still give access to your network.<BR />I would certainly go ahead with your suggested changes, even only to get the new systems to the standard required in your company.<BR />May be worhtwhile running a few checks on the systems to ensure they were not compromised. Audit all the users and get them to chnage passwords etc.. Fri, 11 Aug 2006 03:55:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841715#M273418 Peter Godron 2006-08-11T03:55:13Z https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841716#M273419 Hi Tim,<BR />I agree with the earlier replies, but be a bit careful with question number 1.<BR />If you are going to Trusted System mode and are running e.g Baan, you can cause quite a lot of trouble for users and admins since some applications do'nt "talk" with the OS/security system, Fri, 11 Aug 2006 03:59:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841716#M273419 G Svedvall 2006-08-11T03:59:31Z https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841717#M273420 Hi All,<BR /><BR />Thanks for all the replies. The system is only running Oracle so moving to a trusted system shouldn't be a problem.<BR /><BR />Where do I get SysInfo to install<BR /><BR />Many Thanks,<BR /><BR />Tim Fri, 11 Aug 2006 04:11:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841717#M273420 Tim O'Connell 2006-08-11T04:11:25Z https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841718#M273421 Hi Tim, <BR /><BR />Here it is : <A href="http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sysinfo-3.3.1/" target="_blank">http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sysinfo-3.3.1/</A><BR /><BR />-Arun Fri, 11 Aug 2006 04:19:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841718#M273421 Arunvijai_4 2006-08-11T04:19:19Z https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841719#M273422 Many thanks,<BR /><BR />Points assigned<BR /><BR />Tim Fri, 11 Aug 2006 04:50:25 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-queries/m-p/3841719#M273422 Tim O'Connell 2006-08-11T04:50:25Z