- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Modifications to /etc/rc.config.d/nddconf
Operating System - HP-UX
1821808
Members
3191
Online
109638
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2002 04:42 AM
тАО07-21-2002 04:42 AM
Recently I was made aware that there will be a network security inspection done on my system (an RP-5470 with HP-UX 11.00).
I am using as a reference the "Center for Internet Security" (CIS) HP-UX Benchmark v1.0.3 document and tool to find out where there may be some gaps (this can be found here: http://www.cisecurity.org).
I am not very familiar with some of the files for which they recommended changes to be made here, one of these is the nddconf file. The following modifications are advised in the document:
=============================================
5.2 Network parameter Modifications
Action (for HP-UX 11.x systems):
cd /etc/rc.config.d
cp ???p nddconf nddconf.save
cat <> nddconf
TRANSPORT_NAME[0]=ip
NDD_NAME[0]=ip_forward_src_routed
NDD_VALUE[0]=0
TRANSPORT_NAME[1]=ip
NDD_NAME[1]=ip_forward_directed_broadcasts
NDD_VALUE[1]=0
TRANSPORT_NAME[2]=tcp
NDD_NAME[2]=tcp_conn_request_max
NDD_VALUE[2]=4096
TRANSPORT_NAME[3]=tcp
NDD_NAME[3]=tcp_syn_rcvd_max
NDD_VALUE[3]=4096
TRANSPORT_NAME[4]=tcp
NDD_NAME[4]=tcp_ip_abort_cinterval
NDD_VALUE[4]=60000
TRANSPORT_NAME[5]=ip
NDD_NAME[5]=ip_send_redirects
NDD_VALUE[5]=0
TRANSPORT_NAME[6]=arp
NDD_NAME[6]=arp_cleanup_interval
NDD_VALUE[6]=60000
EOF
chmod go-w,ug-s nddconf nddconf.save
5.3 Disable IP packet forwarding, if possible
Question:
Is this system going to be used as a firewall or gateway to pass network traffic
between different networks?
If the answer to this question is yes, then do not proceed with the actions below.
Action (for HP-UX 11.x systems):
cat <> /etc/rc.config.d/nddconf
TRANSPORT_NAME[8]=ip
NDD_NAME[8]=ip_forwarding
NDD_VALUE[8]=0
EOF
=============================================
Can anyone expand more on these (explain them in a little more of detail) and the impact they will cause on my system? (I attached the document!)
Thanks,
I am using as a reference the "Center for Internet Security" (CIS) HP-UX Benchmark v1.0.3 document and tool to find out where there may be some gaps (this can be found here: http://www.cisecurity.org).
I am not very familiar with some of the files for which they recommended changes to be made here, one of these is the nddconf file. The following modifications are advised in the document:
=============================================
5.2 Network parameter Modifications
Action (for HP-UX 11.x systems):
cd /etc/rc.config.d
cp ???p nddconf nddconf.save
cat <
TRANSPORT_NAME[0]=ip
NDD_NAME[0]=ip_forward_src_routed
NDD_VALUE[0]=0
TRANSPORT_NAME[1]=ip
NDD_NAME[1]=ip_forward_directed_broadcasts
NDD_VALUE[1]=0
TRANSPORT_NAME[2]=tcp
NDD_NAME[2]=tcp_conn_request_max
NDD_VALUE[2]=4096
TRANSPORT_NAME[3]=tcp
NDD_NAME[3]=tcp_syn_rcvd_max
NDD_VALUE[3]=4096
TRANSPORT_NAME[4]=tcp
NDD_NAME[4]=tcp_ip_abort_cinterval
NDD_VALUE[4]=60000
TRANSPORT_NAME[5]=ip
NDD_NAME[5]=ip_send_redirects
NDD_VALUE[5]=0
TRANSPORT_NAME[6]=arp
NDD_NAME[6]=arp_cleanup_interval
NDD_VALUE[6]=60000
EOF
chmod go-w,ug-s nddconf nddconf.save
5.3 Disable IP packet forwarding, if possible
Question:
Is this system going to be used as a firewall or gateway to pass network traffic
between different networks?
If the answer to this question is yes, then do not proceed with the actions below.
Action (for HP-UX 11.x systems):
cat <
TRANSPORT_NAME[8]=ip
NDD_NAME[8]=ip_forwarding
NDD_VALUE[8]=0
EOF
=============================================
Can anyone expand more on these (explain them in a little more of detail) and the impact they will cause on my system? (I attached the document!)
Thanks,
Contrary to popular belief, Unix is user friendly. It's just very particular about who it makes friends with
Solved! Go to Solution.
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2002 06:43 PM
Not applicable
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2002 10:21 PM
тАО07-21-2002 10:21 PM
Re: Modifications to /etc/rc.config.d/nddconf
ndd -h
gives a SUPPORTED ndd tunable parameters on HP-UX
ndd -h $TUNABLE
gives a oneliner about $TUNABLE
gives a SUPPORTED ndd tunable parameters on HP-UX
ndd -h $TUNABLE
gives a oneliner about $TUNABLE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-22-2002 10:25 AM
тАО07-22-2002 10:25 AM
Re: Modifications to /etc/rc.config.d/nddconf
apart from ndd -h, there is also ftp://ftp.cup.hp.com/dist/networking/briefs/annotated_ndd.txt
which may be of some use. i'm a little surprised they suggest changing the tcp_ip_abort_cinterval and the arp_cleanup_interval, but I suppose the settings they suggest are OK.
which may be of some use. i'm a little surprised they suggest changing the tcp_ip_abort_cinterval and the arp_cleanup_interval, but I suppose the settings they suggest are OK.
there is no rest for the wicked yet the virtuous have no pillows
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-22-2002 10:26 AM
тАО07-22-2002 10:26 AM
Re: Modifications to /etc/rc.config.d/nddconf
I have used the same paper to update my system D250 running Oracle 8.0.5. under 11.0. After rebooting I found my that I was unable to connect internal in Oracle, hence unable to start the database upon power up. At this point I had implemented upto page 26 of the document.
I had to backout a group of changes, in order to get oracle running again.
1) I used my backed to update inetd.conf.
2) I set the /etc/rc.config.d/namesvrs { NAMED=1 }.
I have yet to experiment as to what exactly caused it. This issue is still open in my task list.
I had to backout a group of changes, in order to get oracle running again.
1) I used my backed to update inetd.conf.
2) I set the /etc/rc.config.d/namesvrs { NAMED=1 }.
I have yet to experiment as to what exactly caused it. This issue is still open in my task list.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-22-2002 10:45 AM
тАО07-22-2002 10:45 AM
Re: Modifications to /etc/rc.config.d/nddconf
Just as a side note, you DON'T EVER want to keep backup copies of files in the /etc/rc.config.d directory. If you want a backup of a file in /etc/rc.config.d make sure you put it in a different directory.
The reason for this? When the system boots up, ALL the files in /etc/rc.config.d get sourced. So if you have 2 copies of nddconf, or any other file, you could make changes to one, but the changes could get un-done when the backup of the file is sourced.
The reason for this? When the system boots up, ALL the files in /etc/rc.config.d get sourced. So if you have 2 copies of nddconf, or any other file, you could make changes to one, but the changes could get un-done when the backup of the file is sourced.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP