- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Secure OS Software for Linux
- >
- HP-LX opinions
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-01-2001 02:59 AM
тАО11-01-2001 02:59 AM
HP-LX opinions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-05-2001 07:26 PM
тАО11-05-2001 07:26 PM
Re: HP-LX opinions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-06-2001 05:20 AM
тАО11-06-2001 05:20 AM
Re: HP-LX opinions
Please do share your experiences so far, and questions. When the new group is created, we will move this and any other related threads to it.
Hal Rottenberg
Technical Support Engineer
Hewlett-Packard
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-08-2001 11:17 AM
тАО11-08-2001 11:17 AM
Re: HP-LX opinions
How can i get a copy?
Gideon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-08-2001 11:27 AM
тАО11-08-2001 11:27 AM
Re: HP-LX opinions
http://www.hp.com/security/products/linux/
-hal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-08-2001 01:23 PM
тАО11-08-2001 01:23 PM
Re: HP-LX opinions
Thank Hal.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-08-2001 02:55 PM
тАО11-08-2001 02:55 PM
Re: HP-LX opinions
Shortly after the release of 1.0, I downloaded a copy and installed it on an LP1000R I managed to er, "borrow". This is one of the officially supported platforms. I have a PIII 1GHz, with 256MB, plus 3*18GB disk.
It was no trouble to install - exactly the same as any RedHat install, except you have the option to install SSH keys. I used the CD install, with a graphical interface.
You will want to make sure you have the documentation with you. I believe the release notes are included with the boxed set, and the admin/install guides are on the CD. You can also get them from docs.hp.com. It is handy to have these with you, they can make things easier.
If you are going to be remotely administering from a Windows client, get ssh installed - the install guide tells you how to get/use Cygwin/Openssh. I recommend uploading the keys at install time, it will make things easier.
You'll probably want to apply the released patch before doing anything else.
After install, you may want to go through and install Apache/Tomcat/MCGA. They are on the CDs, and the install guide shows you how to do it. They will give you an idea of where to go from here.
After that, I installed a few other things in compartments - NFS and ntp. Once you get your head around what is happening, it is relatively straightforward to add new applications, with or without using compartments.
I think what people need to keep in mind is that it is not useful only for acting as a web server. It is appropriate for any sort of network services you wish to offer - e.g NFS, DNS, DHCP, etc. By placing apps in chrooted environments, and locking down their access almost totally, you can minimise any possible damage if an app gets compromised.
I prefer this approach to security - rather than just patching apps to fix a known problem, try and change things so apps are not vulnerable to both known and as yet undiscovered vulnerabilities. The Secure Linux approach also works to prevent other apps/data being compromised when one is compromised. When you consider the number of boxes that have been completely exposed due to one vulnerable service, it makes sense to take this approach.
I have also tried compiling my own kernel, following the instructions available. This proved to be a fairly straightforward exercise, not really much different to a standard roll-your-own kernel.
I think it is a good product, and the real key for me is that it is _not_ just for web servers.
- Lindsay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2001 06:38 AM
тАО11-09-2001 06:38 AM
Re: HP-LX opinions
Overall: I am very impressed and totally agree with the approach that HP has taken to security with HP-LX. It looks like HP has really done their homework and has setup
a solid base for the kind of server that the security paranoid don't mind placing on the Internet.
Setup: The setup runs very like a 'normal' Red Hat 7.1 install with some
modifications for security settings. You can only choose the 'server' install (for those of you familiar with the typical Red Hat categories), but this makes sense due to the market that HP is trying to reach here. Unfortunately, you cannot choose to
install individual packages - according to the documentation, this feature "will be enabled in a forthcoming software product release." After the installation I looked over the list of 305 installed packages and didn't see any packages that seemed improper for a server install, so I guess that this missing feature can be tolerated.
HP added Tripwire and ssh integration to the Red Hat install procedure to round things off.
Docu: I downloaded the documentation from docs.hp.com thinking that any changes
since release would be reflected online. This wasn't the case though as the Release Notes have a correction to the Administration Guide, but the online version was not
any more up to date than the version on my HP-LX CD. Otherwise the documentation was easy to follow and I think that anyone able to administer a standard Linux distro
should have no trouble getting underway with the help of the documentation.
In answer to Vrijhoeven's question, I received a test version from HP. I have not been able to procure a boxed set through normal distribution channels yet. It seems (to me) that the sales strategy is still being refined.
Things still to test:
- I plan on taking bind and setting up its own compartment. I am really interested to see how easily a standard rpm can be integrated into the HP-LX structure.
- HP-LX comes with kernel 2.4.5. I will be testing how easily an upgrade to 2.4.x goes. I have seen that this is documented with the open source kernel patches located
at ftp://ftp.hp.com/pub/security/hplx_source/
Random thoughts:
- The patches are a little hidden. To find them go to www.itrc.com -> maintenance and support -> individual patches -> patches for applications on other platforms -> INTEL LINUX patches
- I find it interesting that nmap does not know what OS is running. From the TCP/IP fingerprint you can tell it's Linux, but that's it. Has HP changed some of the TCP/IP options?
- No journaling file system is installed with the system. Is there a journaling file system available for Linux that is _really_ ready for prime time? I have mixed emotions on this issue.
- Support on non-HP hardware. I was told at a HP conference that HP will support HP-LX on any hardware, but they will double check that the same problem occurs with HP-LX running on a HP NetServer. If not, you're on your own. I did my testing on a Fujitsu-Siemens PC and everything works fine.
Neil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2001 09:48 AM
тАО11-09-2001 09:48 AM
Re: HP-LX opinions
You should just be able to ask a local HP sales rep to order you a boxed set. Although I downloaded my copy (internal systems), we ordered a boxed set for a customer, and it arrived very quickly (like less than a week, which when you understand shipping US->NZ, is very fast)
- Lindsay
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-12-2001 01:39 AM
тАО11-12-2001 01:39 AM
Re: HP-LX opinions
I don't want to brag, but the uptime on my HP-LX server says:
10:39am up 100 days, 19:04, 1 user, load average: 0.00, 0.00, 0.00
By now we also use it internally as Squid-Proxy for a not trustworthy network. I also integrated ntp, dns, postgres and a counterstrikeserver on it. What didn't work out was dhcp because LX seems to have problems with raw-sockets. I started bringing OpenCA to work, but have some trouble which is a OpenCA and not a LX problem. Otherwise I think it is fun to work with and it satisfies my paranoia. Oh BTW, we have it running even on a P1.