Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Showing results for 
Search instead for 
Did you mean: 

securing hpux box

Go to solution
sharif naser_1
Frequent Advisor

securing hpux box

Hi guys ,
i have nclass servers with hpux 11 installed .
could any body of you tell me how can i secure my hpux box or is there any software which can help me in assesing my hpux box security.

Thierry Poels_1
Honored Contributor

Re: securing hpux box


there's a whitepaper available titled "How to build a bastion server". It's a very good basis to build a secure server.

All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Sridhar Bhaskarla
Honored Contributor

Re: securing hpux box


There is C2-security available with HP-UX but not by default. You need to enable it. You can convert the system to trusted by running the command /usr/lbin/tsconvert. Then you can implement enhanced password restrictions, auditing etc., etc.,.

Check this URL for more details.

All the best,


You may be disappointed if you fail, but you are doomed if you don't try
Rainer von Bongartz
Honored Contributor

Re: securing hpux box

Take a look at this document

He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
Thierry Poels_1
Honored Contributor

Re: securing hpux box

hi again,

got address and exact title:
"Building a Bastion Host Using HP-UX 11" by Kevin Steves

good luck,
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Rita C Workman
Honored Contributor

Re: securing hpux box

That is a very broad subject. But even before I started reading I might:
...first protect myself from outside sources getting in. So have a firewall installed and configured (by someone who is familiar with this process if you are not).
The next thing I would do is configure my /var/adm/inetd.sec file to allow or deny only certain IP's or hosts to use certain protocols.
Make sure your root password is secure AND double check your /etc/passwd file to ensure nobody has a GUID=0 except root and who you know should.
If your concerned already you may have folks trying things then setup inetd to log info to your syslog, so you can monitor for this. And keep an eye on your /var/adm/sulog file to see who's trying to crack the password.
...Now you still have a long way to start reading and set up what security measures will work best for your shop.

Just a thought,
Honored Contributor

Re: securing hpux box


Others have already suggested quite a few good white papers.

There is another tool called armor (which is a script) which secures a hp box. Might want to check it out

Here's a FAQ about armor

Here's another thread where some of the folks here in the forum were planning to come up with another script.,11866,0x42b8cf38d6bdd5118ff10090279cd0f9,00.html

They think they know but don't. At least I know I don't know - Socrates
Roger Baptiste
Honored Contributor

Re: securing hpux box

Hi Nasir,

this is a wide topic.
For starters:

1) You can convert your
system to a Trusted mode.
It can be done through
SAM or command line(tsconvert). Trusted
system implements features
like auditing, shadowpassword
file in a trusted database.
Basically, it gives a
strict control over password
and auditing policies of the

2) the next step is the tuning of connection services.
Go into /etc/services
and /etc/inetd.conf and
disable any service which
you feel is not required.
But, be very sure and careful
before you disable any services.

3) Then, use SSH/SFTP
instead of telnet/ftp .
telnet does not encrypt
passwords when it sends
it on the network.
SSH is a secure version
of connection to the system.

There are many more steps
to secure your system.
It depends on your requirements. Not all the
systems are secured to
a detailed extent.

Take it easy.