Re: Harden Linux, HPUX and Solaris servers

Grayh · ‎07-26-2008

Hi Gurus,

Could you help me in hardening Linux, HPUX and Solaris servers starting from scratch.May be some tips or some docs. should be of good help to me.

Thank you.

James R. Ferguson · ‎07-26-2008

Hi:

Bastille !

In recent HP-UX releases, this get be setup to run during installation.

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

Follow the links in the product overview for more information on HP-UX systems.

See also:

http://sourceforge.net/projects/bastille-linux/

http://bastille-linux.sourceforge.net/

Regards!

...JRF...

Grayh · ‎07-26-2008

Thanks James for the info.

As I understand from the docs... to harden a HP-UX Box...

I have to install the HP-UX Bastille from the below web-site.

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

After installing this tool the server is said to be hardened.

JRS... plz let me know if my understanding is correct else plz help me understand it better.

Jeeshan · ‎07-26-2008

ya bastille is the good one for HP-UX. also you can use PAM.

PAM, SELinux, TCP Wrapper, IPTABLES is the best way to hardenning in Linux.

In Solaris you can use bastille also.

a warrior never quits

James R. Ferguson · ‎07-26-2008

Hi (again):

> After installing this tool the server is said to be hardened.

No. You need to read the documentation I suggested including the links in the HP-UX product spec-sheet.

For example, if you are cold-installing HP-UX 11.23 or later, Bastille is included by default:

http://docs.hp.com/en/5992-1978/ch03s05.html#babhdgia

Bastille can be run to first produce a report of suggested actions. Based on *your* specific needs (including adjustments your users may need to make) you then decide what to harden or lockout. At that point, you run Bastille to actually perform the configuration changes. You need to understand what you want to achieve, why and how is impacts your running environment.

Regards!

...JRF...

Grayh · ‎07-26-2008

could you plz tell me the procedure to harden a hp-ux box

Grayh · ‎07-26-2008

Hi James ....

thanks for the info..

what is ment by "lockdown of a system".

James R. Ferguson · ‎07-26-2008

Hi (again):

> what is ment by "lockdown of a system".

"Lockdown" is the action or process of prventing use or intrusion.

Some of the tables in one of the links I offered will help you understand:

http://docs.hp.com/en/5992-1978/ch03s05.html#babhdgia

Please don't forget to provide feedback when you are satisfied with the help you have received:

http://forums11.itrc.hp.com/service/forums/helptips.do?#33

Regards!

...JRF...

Grayh · ‎07-26-2008

Now Correct me If I am wrong:-

Hardning a HP-UX OS

0.Login as root
1.Install HP-UX Bastille with Ignite-UX from the OE cd.
2.First time use it interactivelly (Bastille -X) to build system security config.
3.Answer the Questions which explains a security issue as desired by myself for the perticular Server.
4.Select security levels(Sec10Host;Sec20MngDMZ or Sec30DMZ).
5.Save the configuration and apply changes.

Plz correct me if I am wrong either in the procedure or the sequence of steps if they are incorrect.

Monday I will be Hardning my first Server.. So just wanted to be on the safe side that I have understood the whole thing.

Also I need to know the how to do the same on a SUN & a LinuX Box.Plz help me.

George_Dodds · ‎07-26-2008

Here's an old but still handy resource for linux hardening

http://www.ibm.com/developerworks/linux/library/l-seclnx3/

There's plenty of linux docs out there, just use google.

Masud Parvez · ‎07-27-2008

Hi DMVams,

Those are the Predefined Security Levels you can do your custom one. Run this into one system based on your security requirement save and apply config file.

Then you can use this config file into another system if your security level is same or you want to use it a base level for all system.

You can visit this site to get guideline
http://www.cisecurity.org/

Grayh · ‎07-27-2008

Fould it at last.Thanks to all of you.

Bill Hassell · ‎07-27-2008

> After installing this tool the server is said to be hardened.

This is totally dependent on your environment. If you answer all the Bastille questions to harden the system to the highest level, you probably cannot login anymore. There is no magic button to push (nor easy standards) that will harden your system. You have to know what services you need and which services you can disable. If that information is not available, harden the system to the highest level and then fix all the failures (login, databases, ftp, etc) as they are discovered.

Bill Hassell, sysadmin

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Harden Linux, HPUX and Solaris servers

Harden Linux, HPUX and Solaris servers