- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Hardening Security afer getting T@gged
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2005 04:57 AM
02-14-2005 04:57 AM
Thanks for any help,
Chris Tillman
Newbie Admin
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2005 05:02 AM
02-14-2005 05:02 AM
Re: Hardening Security afer getting T@gged
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2005 05:06 AM
02-14-2005 05:06 AM
SolutionWhat the intruder did will provide more clues as to where to look for evidence. Hopefully you have accurate time on the system so you can get an idea of what time the event occurred.
For FTP, there is an HP write up on how to configure restrictive ftp logins using 'chroot jails'. Also details on how to setup anon ftp so as to only allow downloads and no uploads, or uploads in a specific area only.
Do a search for 'Restrict FTP'
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2005 06:23 AM
02-14-2005 06:23 AM
Re: Hardening Security afer getting T@gged
You might want to take a look at HP's Bastille offering:
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA
"
HP-UX Bastille is a security hardening/lockdown tool which can be used to enhance the security of the HP-UX operating system. It provides customized lockdown on a system by system basis, addressing a large number of the recommendations from a number of popular security scanning tools and checklists."
Pete
Pete
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2005 07:28 AM
02-14-2005 07:28 AM
Re: Hardening Security afer getting T@gged
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B9901AA
You can use that to block certain ip's from accessing your box at all.
For logging, you need ftpd -l in inetd.conf
Rgds...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2005 09:55 AM
02-14-2005 09:55 AM
Re: Hardening Security afer getting T@gged
Use "log" feature of IPFilter to log connection
attempts and other activities you thing might be
suspicious. Unless otherwise stated, IPFilter will log
to syslog file.
- Biswajit
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2005 02:48 PM
02-14-2005 02:48 PM
Re: Hardening Security afer getting T@gged
Anonymous ftp should never be allowed on any server, and ideally, no ftp service at all. Instead, use SSH (with the secure FTP capability). Yep, you'll have unhappy users that must learn something new and possibly inconvenient but a trashed server is the risk in keeping users from complaining.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2005 12:25 AM
02-15-2005 12:25 AM
Re: Hardening Security afer getting T@gged
first - remove write permissions from the pub/incoming directory
second - check You have *ALL* security patches regarding to inetd, ftpd installed
third - think about if You need the ftp daemon at all, if not: disable it, if yes:
do You need to allow any host access to it or does it come down to a range of hosts?
forth - try to chroot the ftp daemon.
The following steps are about safeguarding Your system against (successful) intruders.
I would recommend You to try them out on a test system for two or three times.
disable any kind of root login
enable hp-ux shadow passwords
look at the often-refered hp-ux bastion host howto
chmod 1777 all temp directories
mount all temp directories noexec,nodev,nosuid
run the hp-ux bastille scripts - they should get You a great overview about the systems state.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2005 01:21 AM
02-15-2005 01:21 AM
Re: Hardening Security afer getting T@gged
Chris