- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - HP-UX
- >
- System Administration
- >
- system hardening
-
- Forums
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- OEM Solutions
- Servers: The Right Compute
- Shifting to Software-Defined
- Telecom IQ
- Transforming IT
- Infrastructure Solutions German
- L’Avenir de l’IT
- IT e Trasformazione Digitale
- Enterprise Topics
- ИТ для нового стиля бизнеса
- Blogs
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Forums
-
Blogs
-
InformationEnglish
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-01-2011 01:20 PM
08-01-2011 01:20 PM
system hardening
Hi All,
I am new to this board and look to the group for some guidance. I have been tasked with doing some server hardening for our HP-UX 11.x PA/IA machines. I've read everything I've found on the subject but most docs seem to be pretty outdated. I am familiar with Bastille and creating Trusted systems but at this point I would like to start by shutting down unnecessary services and ports.
Can anyone point me to documentation/information about HP-UX 11.x default installed services and their purposes?
I know many services can be turned off with the /etc/rc.config.d/* scripts but regarding /sbin/rc*.d links, is changing the capital K or S to lower case sufficient to shut off the service? In other words, will lower case first characters cause the link to be ignored?
Thank you in advance, any guidance is greatly appreciated.
Best regards,
PDY
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-01-2011 01:35 PM
08-01-2011 01:35 PM
Re: system hardening
>I know many services can be turned off with the /etc/rc.config.d/* scripts
That's what you should first use.
>but regarding /sbin/rc*.d links, is changing the capital K or S to lower case sufficient to shut off the service?
It might work. But better to remove them or move them elsewhere.
You should also look at inetd(1M) and inetd.conf(4).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-02-2011 05:46 AM
08-02-2011 05:46 AM
Re: system hardening
Hey;
>>I know many services can be turned off with the /etc/rc.config.d/* scripts but regarding /sbin/rc*.d links, is changing the capital K or S to lower case sufficient to shut off the service? In other words, will lower case first characters cause the link to be ignored?
Yes, the lower case characters 'will cause the links ot be ignored'. If you look at the rc script itself, on/about line 17 of /sbin/rc, is a function called get_scripts. The logic is a fairly easy to folllow if you're familiar with scripting; however, the key part for this discussion is:
case $name in
${mode}*)
${mode} will either be 'S' or 'K'
So, moving the link to a lower case will eliminate it from consideration which is also in line with the standard method on other OSs.
All that being said, if there is an /etc/rc.config.d script, edit that. Some apps don't use those, though, so you should be aware of this method as well.
Hope that helps.
Doug O'Leary
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-02-2011 08:38 AM
08-02-2011 08:38 AM
Re: system hardening
Hi,
Thank you for the replies, they are very helpful.
Does anyone know of a source that describes the default HP-UX /etc/rc.config.d/* services and their use/purpose? I am currently researching to find information on each but if there is a doc on the subject it would be a great help.
Thanks in advance,
PDY
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
08-03-2011 12:54 AM
08-03-2011 12:54 AM
Re: system hardening
>Does anyone know of a source that describes the default HP-UX /etc/rc.config.d/* services and their use/purpose?
You could ask each init script to print its purpose:
$ /sbin/init.d/nfs.client start_msg
Start NFS client subsystem
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2019 Hewlett Packard Enterprise Development LP