HPE Community
Operating System - HP-UX
1837527 Members
3878 Online
110117 Solutions
New Discussion

Re: audit HP server

 
Ferdinand_2
Advisor

‎08-29-2002 12:37 AM

‎08-29-2002 12:37 AM

audit HP server

Hi there,

I have been asked to audit an HP-UX server from a colleague on another project.

What would be a good way to go about this?

I do not want to install anything. I just want to know if the machine performs well and if it is configured correctly (no serious security faults)

The report is mainly for the admin but should also be readable for the 'suits'.

Any tips???

cd /pub more beer
0 Kudos
Reply
5 REPLIES 5
U.SivaKumar_2
Honored Contributor

‎08-29-2002 12:42 AM

‎08-29-2002 12:42 AM

Re: audit HP server

Hi,
Have a look at this link.
http://www.vennerable.com/security.html

regards,
U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
Michael Tully
Honored Contributor

‎08-29-2002 12:49 AM

‎08-29-2002 12:49 AM

Re: audit HP server

If you didn't want to install software, there are some basic commmands to use to see that the system is reasonably secure.

Check some file permissions on OS filesystems
find / /opt /usr -xdev -type f -perm 666
find / /opt /usr -xdev -type f -perm 777
find / /opt /usr -xdev -type d -perm 777
The man and cat directories should be ok.
Make sure all mountpoint directories do not have permissions any greater than 755

Check 'root's umask, should 022

You should have 'nosuid' for most, if not all mountpoints (excl. /usr and /opt)
Sticky bit setting for /tmp and /var/tmp

Check where the 'root' home directory is. Should NOT be in /

I don't have a script, but here's a start.
There are a number of tools out there that can be used, especially the document on creating a 'bastion' server and more recently HP-UX bastille.


Anyone for a Mutiny ?
0 Kudos
Reply
Alan Casey
Trusted Contributor

‎08-29-2002 01:39 AM

‎08-29-2002 01:39 AM

Re: audit HP server

Check out the following site:

http://www.auscert.org.au/Information/Auscert_info/Papers/usc20.html

This is the checklist many professional auditors use.
0 Kudos
Reply
Nick Wickens
Respected Contributor

‎08-29-2002 01:44 AM

‎08-29-2002 01:44 AM

Re: audit HP server

Theres also sekchek which I think is a free download from Deloitte Touche Auditors at

http://www.sekchek.com/

These links detail earlier discussions -

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x998e107d277ad611abdb0090277a778c,00.html

http://bizforums.itrc.hp.com/cm/QuestionAnswer/0,,0x3c6d107d277ad611abdb0090277a778c,00.html
Hats ? We don't need no stinkin' hats !!
0 Kudos
Reply
Ferdinand_2
Advisor

‎08-29-2002 02:02 AM

‎08-29-2002 02:02 AM

Re: audit HP server

Michael,

I've run that find commando on one of my own machines but what am I seeing here?

btw, it is the thing I am looking for, normal UX commands which will show/ tell me someting.

(mowdb251)/ # find / /opt /usr -xdev -type f -perm 666
/etc/SnmpAgent.d/snmpd.conf
/etc/opt/resmon/persistence/runlevel4_flag
/opt/ifor/ls/res/i4adminX.pdl
/opt/hpnpl/tmp/ljx0003379
/opt/pred/bin/PSERRLOG
/usr/newconfig/var/stm/config/tools/exercise/hosts.cfg
/usr/share/man/cat1.Z/NIS+.1
/usr/share/man/cat1.Z/nis+.1
/usr/share/man/cat1.Z/nis.1
/usr/share/man/cat1.Z/X.1
cd /pub more beer
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.