- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: What is the security scan tool in HP-UX now?
Operating System - HP-UX
1753802
Members
8213
Online
108805
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2009 06:02 AM
тАО05-15-2009 06:02 AM
Re: What is the security scan tool in HP-UX now?
VK2COT mentioned CIS. CIS has a scoring tool that will grade your system (get points for turning off telnet, loose points for having NFS). It is very good.
Nessus is good, but I would run it from a different machine. Make sure IPFilter is turned off on target when you run it.
A good list of items to try is located:
http://sectools.org/tools3.html
Regards,
Fred
Nessus is good, but I would run it from a different machine. Make sure IPFilter is turned off on target when you run it.
A good list of items to try is located:
http://sectools.org/tools3.html
Regards,
Fred
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-15-2009 03:03 PM
тАО05-15-2009 03:03 PM
Re: What is the security scan tool in HP-UX now?
Hello,
In fact, as part of my own Operations Acceptance Testing, I check
Bastille, Nessus, nmap, IPFilter,
and CIS Tool are installed, and if so,
what their status is.
Here is part of the report that CIS
tool created on a brand new HP-UX 11.31
March 2009 server that I just build,
in more or less default state, for
students (I am currently a Senior Instructor
at HP, teaching various Unix, Linux,
ServiceGuard, Data Protector, Network Node
Manager, and other courses):
CHECKING CENTER FOR INTERNET SECURITY BENCHMARK SCORING TOOL
____________________________________________________________
AUDIT-PASS: CIS benchmark toolkit installed
*****************************************************************************
******************* CIS Security Benchmark Checker v1.2.5 *******************
* *
* Lead Developer : Jay Beale *
* HP-UX Benchmark Coordinator : Chris Calabrese *
* Unix Benchmark Coordinator and Gadfly : Hal Pomeranz *
* *
* Copright 2001 - 2004 The Center for Internet Security www.cisecurity.org *
* *
* Please send feedback to hpux-scan@cisecurity.org. *
*****************************************************************************
Investigating system...this will take a few minutes...
ERROR: Couldn't open /opt/CIS/cis_ruler_world_writable_files_hp-ux_11.31 -- list
of standard world-writable files for HP-UX B.11.31 .
NOTE: If you can generate a standard list of world-writable files for this versi
on, please e-mail to jay@bastille-linux.org.
******
Now a final check for non-standard world-writable files, Set-UID and Set-GID
programs -- this can take a whole lot of time if you have a large filesystem.
Your score if there are no extra world-writable files or SUID/SGID programs
found will be 4.86 / 10.00 . If there are extra SUID/SGID programs or
world-writable files, your score could be as low as 4.43 / 10.00 .
You can hit CTRL-C at any time to stop at this remaining step.
The preliminary log can be found at: /var/opt/CIS/tester.logs/cis-most-recent-lo
g
******
Rating = 4.57 / 10.00
*****************************************************************************
To learn more about the results, do the following:
All results/diagnostics:
more /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:29.1075
Positive Results Only:
egrep "^Positive" /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:
29.1075
Negative Results Only:
egrep "^Negative" /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:
29.1075
For each item that you score or fail to score on, please reference the
corresponding item in the CIS Benchmark Document.
For additional instructions/support, please reference the CIS web page:
http://www.cisecurity.org
My script is at:
http://www.circlingcycle.com.au/Unix-sources/HP-UX-check-OAT.pl.txt
Best regards from windy Sydney in Australia,
VK2COT
In fact, as part of my own Operations Acceptance Testing, I check
Bastille, Nessus, nmap, IPFilter,
and CIS Tool are installed, and if so,
what their status is.
Here is part of the report that CIS
tool created on a brand new HP-UX 11.31
March 2009 server that I just build,
in more or less default state, for
students (I am currently a Senior Instructor
at HP, teaching various Unix, Linux,
ServiceGuard, Data Protector, Network Node
Manager, and other courses):
CHECKING CENTER FOR INTERNET SECURITY BENCHMARK SCORING TOOL
____________________________________________________________
AUDIT-PASS: CIS benchmark toolkit installed
*****************************************************************************
******************* CIS Security Benchmark Checker v1.2.5 *******************
* *
* Lead Developer : Jay Beale *
* HP-UX Benchmark Coordinator : Chris Calabrese *
* Unix Benchmark Coordinator and Gadfly : Hal Pomeranz *
* *
* Copright 2001 - 2004 The Center for Internet Security www.cisecurity.org *
* *
* Please send feedback to hpux-scan@cisecurity.org. *
*****************************************************************************
Investigating system...this will take a few minutes...
ERROR: Couldn't open /opt/CIS/cis_ruler_world_writable_files_hp-ux_11.31 -- list
of standard world-writable files for HP-UX B.11.31 .
NOTE: If you can generate a standard list of world-writable files for this versi
on, please e-mail to jay@bastille-linux.org.
******
Now a final check for non-standard world-writable files, Set-UID and Set-GID
programs -- this can take a whole lot of time if you have a large filesystem.
Your score if there are no extra world-writable files or SUID/SGID programs
found will be 4.86 / 10.00 . If there are extra SUID/SGID programs or
world-writable files, your score could be as low as 4.43 / 10.00 .
You can hit CTRL-C at any time to stop at this remaining step.
The preliminary log can be found at: /var/opt/CIS/tester.logs/cis-most-recent-lo
g
******
Rating = 4.57 / 10.00
*****************************************************************************
To learn more about the results, do the following:
All results/diagnostics:
more /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:29.1075
Positive Results Only:
egrep "^Positive" /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:
29.1075
Negative Results Only:
egrep "^Negative" /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:
29.1075
For each item that you score or fail to score on, please reference the
corresponding item in the CIS Benchmark Document.
For additional instructions/support, please reference the CIS web page:
http://www.cisecurity.org
My script is at:
http://www.circlingcycle.com.au/Unix-sources/HP-UX-check-OAT.pl.txt
Best regards from windy Sydney in Australia,
VK2COT
VK2COT - Dusan Baljevic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-17-2009 05:12 PM
тАО05-17-2009 05:12 PM
Re: What is the security scan tool in HP-UX now?
Thanks a lot for all of you.
- « Previous
-
- 1
- 2
- Next »
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP