- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- system hardening
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-01-2011 01:20 PM
08-01-2011 01:20 PM
system hardening
Hi All,
I am new to this board and look to the group for some guidance. I have been tasked with doing some server hardening for our HP-UX 11.x PA/IA machines. I've read everything I've found on the subject but most docs seem to be pretty outdated. I am familiar with Bastille and creating Trusted systems but at this point I would like to start by shutting down unnecessary services and ports.
Can anyone point me to documentation/information about HP-UX 11.x default installed services and their purposes?
I know many services can be turned off with the /etc/rc.config.d/* scripts but regarding /sbin/rc*.d links, is changing the capital K or S to lower case sufficient to shut off the service? In other words, will lower case first characters cause the link to be ignored?
Thank you in advance, any guidance is greatly appreciated.
Best regards,
PDY
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-01-2011 01:35 PM
08-01-2011 01:35 PM
Re: system hardening
>I know many services can be turned off with the /etc/rc.config.d/* scripts
That's what you should first use.
>but regarding /sbin/rc*.d links, is changing the capital K or S to lower case sufficient to shut off the service?
It might work. But better to remove them or move them elsewhere.
You should also look at inetd(1M) and inetd.conf(4).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2011 05:46 AM
08-02-2011 05:46 AM
Re: system hardening
Hey;
>>I know many services can be turned off with the /etc/rc.config.d/* scripts but regarding /sbin/rc*.d links, is changing the capital K or S to lower case sufficient to shut off the service? In other words, will lower case first characters cause the link to be ignored?
Yes, the lower case characters 'will cause the links ot be ignored'. If you look at the rc script itself, on/about line 17 of /sbin/rc, is a function called get_scripts. The logic is a fairly easy to folllow if you're familiar with scripting; however, the key part for this discussion is:
case $name in
${mode}*)
${mode} will either be 'S' or 'K'
So, moving the link to a lower case will eliminate it from consideration which is also in line with the standard method on other OSs.
All that being said, if there is an /etc/rc.config.d script, edit that. Some apps don't use those, though, so you should be aware of this method as well.
Hope that helps.
Doug O'Leary
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2011 08:38 AM
08-02-2011 08:38 AM
Re: system hardening
Hi,
Thank you for the replies, they are very helpful.
Does anyone know of a source that describes the default HP-UX /etc/rc.config.d/* services and their use/purpose? I am currently researching to find information on each but if there is a doc on the subject it would be a great help.
Thanks in advance,
PDY
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2011 12:54 AM
08-03-2011 12:54 AM
Re: system hardening
>Does anyone know of a source that describes the default HP-UX /etc/rc.config.d/* services and their use/purpose?
You could ask each init script to print its purpose:
$ /sbin/init.d/nfs.client start_msg
Start NFS client subsystem