https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779547#M753970 Hi, <BR /><BR />Check out the CIS (Centre for Internet Security) security benchmark for HP-UX at: <BR /><BR /><A href="http://www.cisecurity.org/bench_HPUX.html" target="_blank">http://www.cisecurity.org/bench_HPUX.html</A> <BR /><BR />It provides security guidelines (including permission settings) for HP-UX 11.00 in addition to HP-UX 10.20 and HP-UX 11.11. Pretty comprehensive. <BR /><BR />In addition to hardening, you would want to use a vulnerability scanner to verify your security settings across the network.<BR /><BR />Nessus is the ultimate opensource scanner if you want to audit your system across the network with the latest vulnerability checks. <BR /><BR /><A href="http://www.nessus.org" target="_blank">http://www.nessus.org</A> <BR /><BR />Because of its opensource and the huge pool of volunteers writing vulnerability checks for it (the scripting language to write vulnerability check is pretty easy to use), vulnerability checks always come available extremely quickly once a vulnerability is known, unlke many other similar software. <BR /><BR />Hope this helps. Regards. <BR /><BR />Steven Sim Kok Leong Tue, 06 Aug 2002 07:15:07 GMT Steven Sim Kok Leong 2002-08-06T07:15:07Z https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779542#M753965 Hi,<BR /><BR />I want to build a secure web server with a minimum os install and then configure minimum services. Does anybody know a good server build document for HPUX. <BR /><BR />Thanks,<BR /><BR />Colin. Mon, 05 Aug 2002 08:41:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779542#M753965 Warren griggs 2002-08-05T08:41:54Z https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779543#M753966 Check out this document:<BR /><BR /><A href="http://people.hp.se/stevesk/bastion11.html" target="_blank">http://people.hp.se/stevesk/bastion11.html</A><BR /><BR />Regards<BR />Rainer<BR /> Mon, 05 Aug 2002 08:52:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779543#M753966 Rainer von Bongartz 2002-08-05T08:52:01Z https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779544#M753967 RTFF!! This question has already been asked many times before...<BR /><BR /><BR /><A href="http://people.hp.se/stevesk/bastion11.html" target="_blank">http://people.hp.se/stevesk/bastion11.html</A><BR /><BR />good luck,<BR />Thierry. Mon, 05 Aug 2002 08:53:51 GMT https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779544#M753967 Thierry Poels_1 2002-08-05T08:53:51Z https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779545#M753968 Thanks for that, if anyone is interested this is Sun's equivelant.<BR /><BR /><A href="http://www.enteract.com/~lspitz" target="_blank">http://www.enteract.com/~lspitz</A><BR /><BR />This also has a lot of good security white papers and links.<BR /><BR />Cheers,<BR /><BR />Colin. Mon, 05 Aug 2002 09:08:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779545#M753968 Warren griggs 2002-08-05T09:08:52Z https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779546#M753969 Colin, <BR /><BR />you may actually use a "hardening script":<BR /><A href="http://www.bastille-linux.org/download.html" target="_blank">http://www.bastille-linux.org/download.html</A><BR /><BR />HP-UX depot updated 24 July 2002, includes a Beta copy of Perl with Tk, about 21MB total (Note: you will need to upgrade this version of Perl when the official version is released)<BR /><BR />more info and comments eg in <BR />HP-UX Bastille - lockdown-hardening tool <BR /><A href="http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xc2d291ccb36bd611abdb0090277a778c,00.html" target="_blank">http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xc2d291ccb36bd611abdb0090277a778c,00.html</A><BR /><BR />New Beta release of HP-UX Bastille <BR /><A href="http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xb43036e69499d611abdb0090277a778c,00.html" target="_blank">http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xb43036e69499d611abdb0090277a778c,00.html</A><BR /><BR />High level options for HP-UX Bastille <BR /><A href="http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x672536e69499d611abdb0090277a778c,00.html" target="_blank">http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x672536e69499d611abdb0090277a778c,00.html</A> Tue, 06 Aug 2002 07:11:12 GMT https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779546#M753969 Anonymous 2002-08-06T07:11:12Z https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779547#M753970 Hi, <BR /><BR />Check out the CIS (Centre for Internet Security) security benchmark for HP-UX at: <BR /><BR /><A href="http://www.cisecurity.org/bench_HPUX.html" target="_blank">http://www.cisecurity.org/bench_HPUX.html</A> <BR /><BR />It provides security guidelines (including permission settings) for HP-UX 11.00 in addition to HP-UX 10.20 and HP-UX 11.11. Pretty comprehensive. <BR /><BR />In addition to hardening, you would want to use a vulnerability scanner to verify your security settings across the network.<BR /><BR />Nessus is the ultimate opensource scanner if you want to audit your system across the network with the latest vulnerability checks. <BR /><BR /><A href="http://www.nessus.org" target="_blank">http://www.nessus.org</A> <BR /><BR />Because of its opensource and the huge pool of volunteers writing vulnerability checks for it (the scripting language to write vulnerability check is pretty easy to use), vulnerability checks always come available extremely quickly once a vulnerability is known, unlke many other similar software. <BR /><BR />Hope this helps. Regards. <BR /><BR />Steven Sim Kok Leong Tue, 06 Aug 2002 07:15:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/building-a-secure-server/m-p/2779547#M753970 Steven Sim Kok Leong 2002-08-06T07:15:07Z