topic Re: tcpip security in Operating System - HP-UX

tcpip security

ROSS HANSON — Tue, 04 Sep 2001 22:02:58 GMT

Is there a script like AIX's securetcpip for HPUX?
If not what is the best way to secure my system
from rlogins, tftp ...

Re: tcpip security

Sridhar Bhaskarla — Tue, 04 Sep 2001 22:08:10 GMT

Ross,

You can disable services in /etc/services, modify configuraiton in /etc/inetd.conf etc.,.

The best way is to control the connections through /var/adm/inetd.sec where you can specify the services and allow or deny access to IPs,subnets etc.,

There are some examples in that file itself or you can do a man page of inetd.sec.

-Sri

Re: tcpip security

linuxfan — Wed, 05 Sep 2001 02:48:09 GMT

Hi Ross,

As with any other OS, the philosophy is to disable everything and then enable the things that you absolutely need.

Stay up to date with the security/cert advisories.

Stay up to date with patches atleast the security patches

A short security checklist
http://www.vennerable.com/securecheck.html

This is another thread which deals with the same issue
http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0x885f7e990647d4118fee0090279cd0f9,00.html

One of the better articles which deals completely with securing both HP-UX 10.x and HP-UX 11.X is
http://people.hp.se/stevesk/bastion.html

This is another article which gives lot of information about how/what to secure
http://www.sans.org/infosecFAQ/unix/HP-UX11.htm

Another good book to read is "Practical Unix security"
http://www.oreilly.com/catalog/puis/

Also last but not the least, HP is coordinating with Bastille linux folks (www.bastille-linux.org) to develop something similar for HP-UX. I am eagerly looking forward to that product (hopefully there would be a free downloadable version as well)

-Good luck
Ramesh

Re: tcpip security

linuxfan — Wed, 05 Sep 2001 03:08:21 GMT

Hi Ross,

I reread your question and you were only looking for something similar to securetcpip on aix.

Hmm.. like Sridhar said you could use inetd.sec or you could set up TCP wrappers

You can get TCP wrappers from
ftp://ftp.porcupine.org/pub/security/index.html

But if you are looking for a command, then AFAIK there is no such command on HP-UX

-Ramesh

Re: tcpip security

Neale Machin — Wed, 05 Sep 2001 06:37:10 GMT

I'd agree with the others but you might think about making your system a trusted one through sam. this gives you more security features