topic HP-UX Security in Operating System - HP-UX

HP-UX Security

Daniel Fourie — Mon, 08 Oct 2001 11:42:47 GMT

I would like to know how to tie-down my HP-UX 11 servers.

Re: HP-UX Security

Stefan Farrelly — Mon, 08 Oct 2001 11:51:04 GMT

1. Convert to a trusted system (menu option under SAM).
2. Install all the latest security patches; www.itrc.hp.com -> Individual patches -> Security patches.
3. Under 2. subscribe to latest security patches bulletin to continually receive news on new security patches.

Re: HP-UX Security

James R. Ferguson — Mon, 08 Oct 2001 11:53:40 GMT

Hi:

Here's a link that offers a number of threads for follow-up. In particular, note the "Building a Bastion Host" white paper:

http://www.hp.com/products1/unix/operating/hpux11i/alwayssecure.html

Regards!

...JRF...

Re: HP-UX Security

Ravi_8 — Mon, 08 Oct 2001 11:57:41 GMT

Hi,
ofcourse by converting to trusted system you can tie-down the hp system, at same time it has the disadvantage of not able to put on to nis network. choice is your's

Re: HP-UX Security

Darrell Allen — Mon, 08 Oct 2001 12:41:03 GMT

A trusted system offers a better level of security than a non-trusted however if you don't lock down what services you allow on your host then you are leaving a number of opportunities for hackers. JRF points you to the info about building a Bastion Host. I'd strongly suggest you follow up on it.

Darrell

Re: HP-UX Security

Chris Calabrese — Mon, 08 Oct 2001 13:52:46 GMT

Note that the Center for Internet Security will shortly be publishing guidelines for securing HP-UX servers (I know because I'm the project leader ;o). I'll post to this thread when I've got something I can share...

Re: HP-UX Security

harry d brown jr — Mon, 08 Oct 2001 15:57:07 GMT

This is the best way to secure a hp server:

http://www.kbeta.com/SecurityTips/Checklists/HPUX_11_Bastion_Guide.htm

Re: HP-UX Security

Craig Rants — Wed, 24 Oct 2001 15:13:20 GMT

Security is complex and takes time to learn. The best thing to do is to get a scan of your box from a tool like ISS or NESSUS. Then evaluate the report and take actions as necessary. Important things to consider:

1 Comment unused services out of inetd.conf
2 use inetd.sec for used services
3 get away from telnet/ftp and use ssh
4 lock down sendmail (edit sendmail.cf and use something about 8.8.6)
5 use securetty to control root logins
6 use ftpusers if ftp is required
7 log, log, log. Use the -l options in the /etc/rc.config.d/netdaemons file

the list goes on...

A good book on this is the O'Reily book on security. They have ton's of suggestions.

Hope this gets you going

Re: HP-UX Security

Lou Zirko_1 — Wed, 24 Oct 2001 17:00:16 GMT

Unplug it, use duct tape and then go enjoy a good book.

Sorry I just had to get this out.

Lou Zirko

Re: HP-UX Security

Bill Hassell — Wed, 24 Oct 2001 19:00:23 GMT

Get a copy of the brand new book:

"HP-UX 11i Security" by Chris Wong

Most of the book is applicable to 11.0 as well as 10.20 and summarizes a lot of the basic steps.