cancel
Showing results for 
Search instead for 
Did you mean: 

securing hpux box

SOLVED
Go to solution
sharif naser_1
Frequent Advisor

securing hpux box

Hi guys ,
i have nclass servers with hpux 11 installed .
could any body of you tell me how can i secure my hpux box or is there any software which can help me in assesing my hpux box security.

Regards,
Sharif
8 REPLIES
Thierry Poels_1
Honored Contributor
Solution

Re: securing hpux box

Hi,

there's a whitepaper available titled "How to build a bastion server". It's a very good basis to build a secure server.

regards,
Thierry.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Sridhar Bhaskarla
Honored Contributor

Re: securing hpux box

Sharif,

There is C2-security available with HP-UX but not by default. You need to enable it. You can convert the system to trusted by running the command /usr/lbin/tsconvert. Then you can implement enhanced password restrictions, auditing etc., etc.,.

Check this URL for more details.

http://docs.hp.com/hpux/onlinedocs/B2355-90672/B2355-90672.html

All the best,

-Sri


-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Rainer von Bongartz
Honored Contributor

Re: securing hpux box

Take a look at this document

http://www.hp.com/products1/unix/operating/hpux11i/alwayssecure.html

Regards
rainer
He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
Thierry Poels_1
Honored Contributor

Re: securing hpux box

hi again,

got address and exact title:

http://people.hp.se/stevesk/bastion11.html
"Building a Bastion Host Using HP-UX 11" by Kevin Steves

good luck,
Thierry
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Rita C Workman
Honored Contributor

Re: securing hpux box

That is a very broad subject. But even before I started reading I might:
...first protect myself from outside sources getting in. So have a firewall installed and configured (by someone who is familiar with this process if you are not).
The next thing I would do is configure my /var/adm/inetd.sec file to allow or deny only certain IP's or hosts to use certain protocols.
Make sure your root password is secure AND double check your /etc/passwd file to ensure nobody has a GUID=0 except root and who you know should.
If your concerned already you may have folks trying things then setup inetd to log info to your syslog, so you can monitor for this. And keep an eye on your /var/adm/sulog file to see who's trying to crack the password.
...Now you still have a long way to go...so start reading and set up what security measures will work best for your shop.

Just a thought,
Rit
linuxfan
Honored Contributor

Re: securing hpux box

Hi,

Others have already suggested quite a few good white papers.

There is another tool called armor (which is a script) which secures a hp box. Might want to check it out

http://armor.sourceforge.net/

Here's a FAQ about armor
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/~checkout~/armor/armor/FAQ?rev=HEAD&content-type=text/plain

Here's another thread where some of the folks here in the forum were planning to come up with another script.

http://forums.itrc.hp.com/cm/QuestionAnswer/1,11866,0x42b8cf38d6bdd5118ff10090279cd0f9,00.html

-HTH
Ramesh
They think they know but don't. At least I know I don't know - Socrates
Roger Baptiste
Honored Contributor

Re: securing hpux box

Hi Nasir,

this is a wide topic.
For starters:

1) You can convert your
system to a Trusted mode.
It can be done through
SAM or command line(tsconvert). Trusted
system implements features
like auditing, shadowpassword
file in a trusted database.
Basically, it gives a
strict control over password
and auditing policies of the
system.

2) the next step is the tuning of connection services.
Go into /etc/services
and /etc/inetd.conf and
disable any service which
you feel is not required.
But, be very sure and careful
before you disable any services.

3) Then, use SSH/SFTP
instead of telnet/ftp .
telnet does not encrypt
passwords when it sends
it on the network.
SSH is a secure version
of connection to the system.

There are many more steps
to secure your system.
It depends on your requirements. Not all the
systems are secured to
a detailed extent.

HTH
raj
Take it easy.