topic Re: security policy in Operating System - HP-UX

security policy

SanthoshMenon — Thu, 13 Jul 2006 07:04:18 GMT

iam planning to prepare security document for hp , can u tell me the approach is correct.
ididnt understand the first line in the sysntax can some one help me please

Prevent Syslog from accepting messages from network
---------------------------------------------
By default the system logging daemon, syslogd, listens for log messages from other systems on network port 514/udp. Unfortunately, the protocol used to transfer these messages does not include any form of authentication, so a malicious outsider could simply barrage the local system's Syslog port with spurious traffic—either as a denial-of-service attack on the system, or to fill up the local system's logging file systems so that subsequent attacks will not be logged.

SYSLOGD_OPTS="`sh -c` /etc/rc.config.d/syslogd ;
echo "$SYSLOGD_OPTS"'`"
ch_rc -a -p SYSLOGD_OPTS="-N $SYSLOGD_OPTS" \
/etc/rc.config.d/syslogd

Re: security policy

Steven E. Protter — Thu, 13 Jul 2006 07:11:51 GMT

Shalom oracle,

Not just an ITRC user but a database?

You are correct there is no authentication for syslog in the standard configuration.

Most systems write their own logs to local disk and sit in protected networks with firewalls.

Further, you can run a product on HP-UX called ipfilter which can limit what hosts are permitted to write to the local syslog.

That is adequate protection, even for servers on the public Internet.

SEP

Re: security policy

SanthoshMenon — Thu, 13 Jul 2006 07:26:49 GMT

Thanks a lot dir

your really great