HPE Community
Operating System - HP-UX
1753834 Members
7951 Online
108806 Solutions
New Discussion юеВ

Re: Security tightening on our HP systems.

 
Adam Noble
Super Advisor

тАО10-18-2005 04:33 AM

тАО10-18-2005 04:33 AM

Security tightening on our HP systems.

We have the following default user accounts on our HP systems:-

daemon
bin
sys
adm
uucp
lp
nuucp
hpdb
www

I assume these accounts are neccesary however do they pose any additional security threats and can we lock them down in any particular way.

Cheers

0 Kudos
Reply
5 REPLIES 5
Marvin Strong
Honored Contributor

тАО10-18-2005 04:57 AM

тАО10-18-2005 04:57 AM

Re: Security tightening on our HP systems.

Most of those accounts should already be locked by default.

Other security things you might want to look into.

permissions on /tmp /var/tmp /var/preserve
are typically wrong on HP, by being 777 instead of 1777.

comment unused things out of inetd.conf.

and you may also want to add some stuff in nddconf.


0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО10-18-2005 05:13 AM

тАО10-18-2005 05:13 AM

Re: Security tightening on our HP systems.

Have a look a Basitlle - it will close down security stuff for you:

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО10-18-2005 05:17 AM

тАО10-18-2005 05:17 AM

Re: Security tightening on our HP systems.

The accounts themselves are not dangerous.

www for example ois for a webserver and you need to be careful with how you run that service.

Bastille is good, because it comes with security_patch_check and requires PERL5 to run.

Bastille's gui makes hardening a system very easy. It also lets you shut down archaic daemons and such. A good start.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ranjith_5
Honored Contributor

тАО10-18-2005 05:25 AM

тАО10-18-2005 05:25 AM

Re: Security tightening on our HP systems.

Hi Adam,


Change the /etc/passwd file for these users as folows.

daemon:*:1:5::/:/usr/bin/false
bin:*:2:2::/usr/bin:/usr/bin/false
sys:*:3:3::/:/usr/bin/false
adm:*:4:4::/var/adm:/usr/bin/false
uucp:*:5:3::/var/spool/uucppublic:/usr/bin/false
lp:*:9:7::/var/spool/lp:/usr/bin/false
nuucp:*:11:11::/var/spool/uucppublic:/usr/bin/false
hpdb:*:27:1:ALLBASE:/:/usr/bin/false
www:*:30:1::/:/usr/bin/false
smbnull:*:101:101:DO NOT USE OR DELETE - needed by Samba:/home/smbnull:/usr/bin/
false
webadmin:*:40:1::/usr/obam/server/nologindir:/usr/bin/false


Regards,
Syam
0 Kudos
Reply
Ranjith_5
Honored Contributor

тАО10-18-2005 05:29 AM

тАО10-18-2005 05:29 AM

Re: Security tightening on our HP systems.

Hi Adam,

You can have additional security with bastille hardening tool for HPUX. The documentation on how to achieve this is attached.

I am sure that this will help you in implementing security policies on ur systems.


regards,
Syam
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.