System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Parameters for HP-UX servers

Fenglin
Regular Advisor

Parameters for HP-UX servers

Hi

How to find the following options in a HP-UX server?

tcp_syn_rcvd_max
arp_cleanup_interval
ip_forward_src_routed
ip_forward_directed_broadcasts
ip_respond_to_timestamp
ip_respond_to_timestamp_broadcast
ip_respond_to_address_mask_broadcast
ip_respond_to_echo_broadcast
tcp_isn_passprase
ip_send_redirects
ip_forwarding
Non executable stack area
Kernel level auditing is enabled
Logging from inet.d is enabled
Log permissions prevent log modification
Minimum length
Password maximum age
Password minimum age
Strong password policies are enforced
Password warn age
Nobody access to RPC is disabled
No "." or World writable directory in roots $PATH
All user dot-files are not world writable
su is not used for system management
sudo is configured
sudo configuration prevents execution of su
sudo configuration prevents direct execution of shell

The partitions are mounted with specific options
/home nosuid ?
/var nosuid ?
/tmp defaults ?
/var/log nosuid ?

Regards
Feng Lin
5 REPLIES
P Muralidhar Kini
Honored Contributor
Bill Hassell
Honored Contributor

Re: Parameters for HP-UX servers

This is a wide variety of information, no single answer. Since you did not provide any information about your system, I will have to assume that you are running 11.11 on a PARISC computer. Many answers will change if you are running 11.31 on an Itanium box.

> tcp_syn_rcvd_max
> arp_cleanup_interval
> ip_forward_src_routed
> ip_forward_directed_broadcasts
> ip_respond_to_timestamp
> ip_respond_to_timestamp_broadcast
> ip_respond_to_address_mask_broadcast
> ip_respond_to_echo_broadcast
> tcp_isn_passprase
> ip_send_redirects
> ip_forwarding

Run the command: ndd -h

> Non executable stack area
> Kernel level auditing is enabled
> Logging from inet.d is enabled
>Log permissions prevent log modification
> Minimum length
> Password maximum age
> Password minimum age
> Strong password policies are enforced
> Password warn age

Run the command: sam
and look at the Auditing and Security areas.

> Nobody access to RPC is disabled

Run the command: showmount -e

> No "." or World writable directory in roots $PATH

Finding "." in $PATH is determined by examining the string. However, "." is implied by two :: in $PATH or by a single : at the end of the PATH. The attached script will make this job much easier. It will also find duplicate paths, paths that are symlinks and will look at both /etc/PATH as well as the current $PATH.

> All user dot-files are not world writable

Not really a complete description, so I will assume you don't mean every file on the system but only files in user $HOME directories. This is a simple command for /home directories only. If you use non-standard $HOME directories, you'll need to add more code.

find /home -type f -perm -002 -name ".*" -exec ls -la {} \*

> su is not used for system management

That is a procedure and not something that is turned on or off. You can look in /var/adm/sulog to see when su was used but there is no log kept beyond the start of su. Ask all the people who have the root password.

> sudo is configured
> sudo configuration prevents execution of su
> sudo configuration prevents direct execution of shell

First, determine if sudo is even installed:

swlist -l product | grep -i sudo

However, if someone built sudo from open source code, then you'll have to search for it. As far as configuration, read the contents of the sudoers file using the command visudo. You'll need an understanding of sudo keywords and parameters (man sudooers).

> The partitions are mounted with specific options
> /home nosuid ?
> /var nosuid ?
> /tmp defaults ?
> /var/log nosuid ?

Use the command: mount


Bill Hassell, sysadmin
Fenglin
Regular Advisor

Re: Parameters for HP-UX servers

Hi

I got the following results after typing 'mount'
/ on /dev/vg00/lvol3 ioerror=nodisable,log,dev=40000003 on Wed Apr 14 17:35:42 2010
/stand on /dev/vg00/lvol1 defaults,dev=40000001 on Wed Apr 14 17:35:43 2010
/var on /dev/vg00/lvol8 ioerror=mwdisable,delaylog,dev=40000008 on Wed Apr 14 17:35:46 2010
/usr on /dev/vg00/lvol7 ioerror=mwdisable,delaylog,dev=40000007 on Wed Apr 14 17:35:46 2010
/tmp on /dev/vg00/lvol6 ioerror=mwdisable,delaylog,dev=40000006 on Wed Apr 14 17:35:47 2010
/opt on /dev/vg00/lvol5 ioerror=mwdisable,delaylog,dev=40000005 on Wed Apr 14 17:35:47 2010
/home on /dev/vg00/lvol4 ioerror=mwdisable,largefiles,delaylog,dev=40000004 on Wed Apr 14 17:35:47 2010
/archive on /dev/vg01/lvarchive ioerror=mwdisable,largefiles,delaylog,dev=40010001 on Wed Apr 14 17:35:47 2010
/app on /dev/vg01/lvapp ioerror=mwdisable,largefiles,delaylog,dev=40010002 on Wed Apr 14 17:35:47 2010

So what's the answer for the following
> /home nosuid ?
> /var nosuid ?
> /tmp defaults ?
> /var/log nosuid ?

----

> Non executable stack area
> Kernel level auditing is enabled
> Logging from inet.d is enabled
>Log permissions prevent log modification

Run the command: sam
and look at the Auditing and Security areas.

I can't find the answer for the above 4 items.

Regards
Feng Lin
Kapil Jha
Honored Contributor

Re: Parameters for HP-UX servers

nosuid/default
these are the options with which file system has been mounted.
#nosuid Set-user-ID execution not allowed.
#defaults Use all default options

read man page for more information.

BR,
Kapil+
I am in this small bowl, I wane see the real world......
Dennis Handly
Acclaimed Contributor

Re: Parameters for HP-UX servers

>Non executable stack area
>Kernel level auditing is enabled
>Logging from inetd is enabled
>I can't find the answer for the above 4 items.

See executable_stack(5).

See audsys(1M), audevent(1M) and audisp(1M).

See -l option of inetd(1m).