HPE Community
Operating System - HP-UX
1847824 Members
4706 Online
104021 Solutions
New Discussion

Re: 11i security

 
Steve Blackburn_1
New Member

‎01-23-2002 05:34 PM

‎01-23-2002 05:34 PM

11i security

I'm building an 11i server for our DMZ. I want install a minimal OS, however, that option is gone. On the http://www.hp.com/products1/unix/operating/hpux11i/alwayssecure.html page there a link to building a bastion host that tells you to install a minimal OS. It uses 11.00 as an example as says to modify for 11i? I'm guessing I have to install the base and then begin removing filesets? Why is it gone?
0 Kudos
Reply
5 REPLIES 5
Steven Sim Kok Leong
Honored Contributor

‎01-23-2002 05:44 PM

‎01-23-2002 05:44 PM

Re: 11i security

Hi,

http://people.hp.se/stevesk/bastion11.html

In addition, use IDS/9000 to perform host-based intrusion detection on your HP-UX 11i.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Michael Tully
Honored Contributor

‎01-23-2002 05:52 PM

‎01-23-2002 05:52 PM

Re: 11i security

One thing to remember when using the bastion document is that just about all of the patches are out of date, and they don't apply to 11i anyway. The document is an excellent example of building a secure system.

-Michael
Anyone for a Mutiny ?
0 Kudos
Reply
Steve Blackburn_1
New Member

‎01-23-2002 05:53 PM

‎01-23-2002 05:53 PM

Re: 11i security

Steven,

Thank you.
This is an excellent document.

My concern is that 11i does NOT have "minimal OS install" as an option. The logical approach is to install the base OS and begin removing filesets. I plan to do just that, it will take longer. Maybe HP has some other option or atleast can explain why the "minimal OS install" is gone.
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎01-23-2002 06:47 PM

‎01-23-2002 06:47 PM

Re: 11i security

Steve,

I recently (7 months ago) replaced about 15 Virtual Vaults with that Bastion paper, but I did it with 11.00. I'll check into it tomorrow, maybe I'll try a fresh install myself to see what I need to adjust in my documentation, and then I'll share it.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎01-23-2002 06:54 PM

‎01-23-2002 06:54 PM

Re: 11i security

Hi,

I did a search. Here's some additional information on HP-UX 11i for you:

http://searchhp.techtarget.com/tip/1,289483,sid6_gci776891,00.html

HP-UX 11i also comes with IPFilter/9000 which acts as a host-based firewall. That's in my opinion, excellent.

In addition, HP-UX 11i comes with a kernel parameter to disable execution of stacks (no-exec-stacks) to greatly reduce chances of buffer overflows alike that which has already been available on Solaris 2.6, 8 ages back and most probably in 9.

Hope this helps. Regards.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.