https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599640#M855476 Sharif,<BR /><BR />There is C2-security available with HP-UX but not by default. You need to enable it. You can convert the system to trusted by running the command /usr/lbin/tsconvert. Then you can implement enhanced password restrictions, auditing etc., etc.,.<BR /><BR />Check this URL for more details.<BR /><BR /><A href="http://docs.hp.com/hpux/onlinedocs/B2355-90672/B2355-90672.html" target="_blank">http://docs.hp.com/hpux/onlinedocs/B2355-90672/B2355-90672.html</A><BR /><BR />All the best,<BR /><BR />-Sri<BR /><BR /><BR />-Sri Tue, 23 Oct 2001 12:58:16 GMT Sridhar Bhaskarla 2001-10-23T12:58:16Z https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599637#M855473 Hi guys ,<BR />i have nclass servers with hpux 11 installed .<BR />could any body of you tell me how can i secure my hpux box or is there any software which can help me in assesing my hpux box security.<BR /><BR />Regards,<BR />Sharif<BR /> Tue, 23 Oct 2001 12:49:40 GMT https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599637#M855473 sharif naser_1 2001-10-23T12:49:40Z https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599638#M855474 Hi,<BR /><BR />there's a whitepaper available titled "How to build a bastion server". It's a very good basis to build a secure server.<BR /><BR />regards,<BR />Thierry. Tue, 23 Oct 2001 12:53:36 GMT https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599638#M855474 Thierry Poels_1 2001-10-23T12:53:36Z https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599639#M855475 Hi Sharif,<BR /><BR />Take a look at thread below.<BR /><BR /><A href="http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90742/B2355-90742_top.html&amp;con=/hpux/onlinedocs/B2355-90742/00/00/60-con.html&amp;toc=/hpux/onlinedocs/B2355-90742/00/00/60-toc.html&amp;searchterms=security&amp;queryid=20011023-065709" target="_blank">http://docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/B2355-90742/B2355-90742_top.html&amp;con=/hpux/onlinedocs/B2355-90742/00/00/60-con.html&amp;toc=/hpux/onlinedocs/B2355-90742/00/00/60-toc.html&amp;searchterms=security&amp;queryid=20011023-065709</A><BR /><BR />Here are the security software from hp.<BR /><BR /><A href="http://www.hp.com/security/home.html" target="_blank">http://www.hp.com/security/home.html</A><BR /><BR />Hope this helps.<BR /><BR />Thanks<BR /> Tue, 23 Oct 2001 12:57:22 GMT https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599639#M855475 Sanjay_6 2001-10-23T12:57:22Z https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599640#M855476 Sharif,<BR /><BR />There is C2-security available with HP-UX but not by default. You need to enable it. You can convert the system to trusted by running the command /usr/lbin/tsconvert. Then you can implement enhanced password restrictions, auditing etc., etc.,.<BR /><BR />Check this URL for more details.<BR /><BR /><A href="http://docs.hp.com/hpux/onlinedocs/B2355-90672/B2355-90672.html" target="_blank">http://docs.hp.com/hpux/onlinedocs/B2355-90672/B2355-90672.html</A><BR /><BR />All the best,<BR /><BR />-Sri<BR /><BR /><BR />-Sri Tue, 23 Oct 2001 12:58:16 GMT https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599640#M855476 Sridhar Bhaskarla 2001-10-23T12:58:16Z https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599641#M855477 Take a look at this document<BR /><BR /><A href="http://www.hp.com/products1/unix/operating/hpux11i/alwayssecure.html" target="_blank">http://www.hp.com/products1/unix/operating/hpux11i/alwayssecure.html</A><BR /><BR />Regards<BR />rainer Tue, 23 Oct 2001 13:00:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599641#M855477 Rainer von Bongartz 2001-10-23T13:00:11Z https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599642#M855478 hi again,<BR /><BR />got address and exact title:<BR /><BR /><A href="http://people.hp.se/stevesk/bastion11.html" target="_blank">http://people.hp.se/stevesk/bastion11.html</A><BR />"Building a Bastion Host Using HP-UX 11" by Kevin Steves<BR /><BR />good luck,<BR />Thierry Tue, 23 Oct 2001 13:02:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599642#M855478 Thierry Poels_1 2001-10-23T13:02:10Z https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599643#M855479 That is a very broad subject. But even before I started reading I might:<BR />...first protect myself from outside sources getting in. So have a firewall installed and configured (by someone who is familiar with this process if you are not).<BR />The next thing I would do is configure my /var/adm/inetd.sec file to allow or deny only certain IP's or hosts to use certain protocols.<BR />Make sure your root password is secure AND double check your /etc/passwd file to ensure nobody has a GUID=0 except root and who you know should.<BR />If your concerned already you may have folks trying things then setup inetd to log info to your syslog, so you can monitor for this. And keep an eye on your /var/adm/sulog file to see who's trying to crack the password.<BR />...Now you still have a long way to go...so start reading and set up what security measures will work best for your shop.<BR /><BR />Just a thought,<BR />Rit Tue, 23 Oct 2001 13:06:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599643#M855479 Rita C Workman 2001-10-23T13:06:11Z https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599644#M855480 Hi,<BR /><BR />Others have already suggested quite a few good white papers.<BR /><BR />There is another tool called armor (which is a script) which secures a hp box. Might want to check it out<BR /><BR /><A href="http://armor.sourceforge.net/" target="_blank">http://armor.sourceforge.net/</A><BR /><BR />Here's a FAQ about armor<BR /><A href="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/~checkout~/armor/armor/FAQ?rev=HEAD&amp;content-type=text/plain" target="_blank">http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/~checkout~/armor/armor/FAQ?rev=HEAD&amp;content-type=text/plain</A><BR /><BR />Here's another thread where some of the folks here in the forum were planning to come up with another script.<BR /><BR /><A href="http://forums.itrc.hp.com/cm/QuestionAnswer/1,11866,0x42b8cf38d6bdd5118ff10090279cd0f9,00.html" target="_blank">http://forums.itrc.hp.com/cm/QuestionAnswer/1,11866,0x42b8cf38d6bdd5118ff10090279cd0f9,00.html</A><BR /><BR />-HTH<BR />Ramesh Tue, 23 Oct 2001 13:08:35 GMT https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599644#M855480 linuxfan 2001-10-23T13:08:35Z https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599645#M855481 Hi Nasir,<BR /><BR /> this is a wide topic.<BR />For starters:<BR /><BR />1) You can convert your<BR />system to a Trusted mode.<BR />It can be done through<BR />SAM or command line(tsconvert). Trusted<BR />system implements features<BR />like auditing, shadowpassword<BR />file in a trusted database.<BR />Basically, it gives a<BR />strict control over password<BR />and auditing policies of the<BR />system.<BR /><BR />2) the next step is the tuning of connection services.<BR />Go into /etc/services<BR />and /etc/inetd.conf and<BR />disable any service which<BR />you feel is not required.<BR />But, be very sure and careful<BR />before you disable any services.<BR /><BR />3) Then, use SSH/SFTP<BR />instead of telnet/ftp .<BR />telnet does not encrypt<BR />passwords when it sends<BR />it on the network. <BR />SSH is a secure version<BR />of connection to the system.<BR /><BR /> There are many more steps<BR />to secure your system.<BR />It depends on your requirements. Not all the<BR />systems are secured to <BR />a detailed extent.<BR /><BR />HTH<BR />raj Tue, 23 Oct 2001 15:27:45 GMT https://community.hpe.com/t5/operating-system-hp-ux/securing-hpux-box/m-p/2599645#M855481 Roger Baptiste 2001-10-23T15:27:45Z