https://community.hpe.com/t5/operating-system-hp-ux/security-features/m-p/3698536#M740076 The Nessus security scanner is also a good tool to scan for vulnerabilities. See: <A href="http://www.nessus.org/" target="_blank">http://www.nessus.org/</A> Wed, 28 Dec 2005 04:29:41 GMT Andrew Cowan 2005-12-28T04:29:41Z https://community.hpe.com/t5/operating-system-hp-ux/security-features/m-p/3698532#M740072 Hi there, actually i just deployed a new hp/ux server. It is in a network and i want to put in security features (firewalls) etc, to make sure it stays secure. Any suggestions as to any patches or software i could install <BR /> to achieve that??? Tue, 27 Dec 2005 13:38:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-features/m-p/3698532#M740072 khilari 2005-12-27T13:38:50Z https://community.hpe.com/t5/operating-system-hp-ux/security-features/m-p/3698533#M740073 Look into Bastille.<BR /><BR />There is an HP port of this product.<BR /> Tue, 27 Dec 2005 14:18:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-features/m-p/3698533#M740073 Rick Garland 2005-12-27T14:18:19Z https://community.hpe.com/t5/operating-system-hp-ux/security-features/m-p/3698534#M740074 Shalom Mujtaba,<BR /><BR />Bastille is a good start.<BR /><A href="http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA" target="_blank">http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA</A><BR />It requires Perl 5<BR /><BR /><A href="http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PERL" target="_blank">http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=PERL</A><BR /><BR />There are several options to be aware of with Bastille.<BR /><BR />1) It can shut down vulnerable, little used deamons that one wonders why are installed in the first place. This also boosts system peformrance.<BR />2) You can automatically set up security_patch_check and have your systems checked against the lastest required security patches from HP. This is actually a requirement in many service contracts and should not be ignored.<BR /><BR />3) You can set up the ipfilter firewall and have a firewall directly on your HP server. This is probably better done with a hardware solution, but if there is no hardware solution or Linux box around, this will do.<BR /><BR />If you use Bastille to disable the Berkley protocols, this may interfere with Serviceguard and will interfere with Ignite, DR, so tread cautiously.<BR /><BR />Security is a never ending job of searchs and tweaks and sofware upgrades.<BR /><BR />You might also find a commercial product, Tripwire useful for you security. It makes sure binaries are not altered my malicoius users and such.<BR /><BR />SEP Tue, 27 Dec 2005 14:49:29 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-features/m-p/3698534#M740074 Steven E. Protter 2005-12-27T14:49:29Z https://community.hpe.com/t5/operating-system-hp-ux/security-features/m-p/3698535#M740075 Hi,<BR /><BR />Please try Internet System Scanner from ISS and do a security base line by scanning you entire system for security vulnerabilities for hpux. <BR /><BR />thanks <BR />wip Wed, 28 Dec 2005 01:22:49 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-features/m-p/3698535#M740075 wip 2005-12-28T01:22:49Z https://community.hpe.com/t5/operating-system-hp-ux/security-features/m-p/3698536#M740076 The Nessus security scanner is also a good tool to scan for vulnerabilities. See: <A href="http://www.nessus.org/" target="_blank">http://www.nessus.org/</A> Wed, 28 Dec 2005 04:29:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/security-features/m-p/3698536#M740076 Andrew Cowan 2005-12-28T04:29:41Z