HPE Community
Operating System - HP-UX
1753802 Members
8213 Online
108805 Solutions
New Discussion юеВ

Re: What is the security scan tool in HP-UX now?

 
SOLVED
Go to solution
Fred K. Abell Jr._1
Regular Advisor

тАО05-15-2009 06:02 AM

тАО05-15-2009 06:02 AM

Re: What is the security scan tool in HP-UX now?

VK2COT mentioned CIS. CIS has a scoring tool that will grade your system (get points for turning off telnet, loose points for having NFS). It is very good.

Nessus is good, but I would run it from a different machine. Make sure IPFilter is turned off on target when you run it.

A good list of items to try is located:
http://sectools.org/tools3.html

Regards,

Fred
Reply
VK2COT
Honored Contributor

тАО05-15-2009 03:03 PM

тАО05-15-2009 03:03 PM

Re: What is the security scan tool in HP-UX now?

Hello,

In fact, as part of my own Operations Acceptance Testing, I check
Bastille, Nessus, nmap, IPFilter,
and CIS Tool are installed, and if so,
what their status is.

Here is part of the report that CIS
tool created on a brand new HP-UX 11.31
March 2009 server that I just build,
in more or less default state, for
students (I am currently a Senior Instructor
at HP, teaching various Unix, Linux,
ServiceGuard, Data Protector, Network Node
Manager, and other courses):

CHECKING CENTER FOR INTERNET SECURITY BENCHMARK SCORING TOOL
____________________________________________________________
AUDIT-PASS: CIS benchmark toolkit installed

*****************************************************************************
******************* CIS Security Benchmark Checker v1.2.5 *******************
* *
* Lead Developer : Jay Beale *
* HP-UX Benchmark Coordinator : Chris Calabrese *
* Unix Benchmark Coordinator and Gadfly : Hal Pomeranz *
* *
* Copright 2001 - 2004 The Center for Internet Security www.cisecurity.org *
* *
* Please send feedback to hpux-scan@cisecurity.org. *
*****************************************************************************

Investigating system...this will take a few minutes...
ERROR: Couldn't open /opt/CIS/cis_ruler_world_writable_files_hp-ux_11.31 -- list
of standard world-writable files for HP-UX B.11.31 .
NOTE: If you can generate a standard list of world-writable files for this versi
on, please e-mail to jay@bastille-linux.org.

******

Now a final check for non-standard world-writable files, Set-UID and Set-GID
programs -- this can take a whole lot of time if you have a large filesystem.
Your score if there are no extra world-writable files or SUID/SGID programs
found will be 4.86 / 10.00 . If there are extra SUID/SGID programs or
world-writable files, your score could be as low as 4.43 / 10.00 .

You can hit CTRL-C at any time to stop at this remaining step.

The preliminary log can be found at: /var/opt/CIS/tester.logs/cis-most-recent-lo
g
******
Rating = 4.57 / 10.00

*****************************************************************************
To learn more about the results, do the following:

All results/diagnostics:
more /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:29.1075
Positive Results Only:
egrep "^Positive" /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:
29.1075
Negative Results Only:
egrep "^Negative" /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:
29.1075

For each item that you score or fail to score on, please reference the
corresponding item in the CIS Benchmark Document.

For additional instructions/support, please reference the CIS web page:
http://www.cisecurity.org

My script is at:

http://www.circlingcycle.com.au/Unix-sources/HP-UX-check-OAT.pl.txt

Best regards from windy Sydney in Australia,

VK2COT
VK2COT - Dusan Baljevic
Reply
longvictory_1
Frequent Advisor

тАО05-17-2009 05:12 PM

тАО05-17-2009 05:12 PM

Re: What is the security scan tool in HP-UX now?

Thanks a lot for all of you.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.