HPE Community
Operating System - HP-UX
1833875 Members
1802 Online
110063 Solutions
New Discussion

how to chk HP unix svr

 
YLTan
Frequent Advisor

‎02-17-2004 02:27 PM

‎02-17-2004 02:27 PM

how to chk HP unix svr


I have an external vendor bringing in their pre-configure HP server for proof of concept testing. How do I screen their server for any possible security issues that might compromise our network and system, e.g. viruses, snooping, software scanning of network/system ports or protocol. The external vendor is a new vendor for our company
tyl
0 Kudos
Reply
8 REPLIES 8
Steven E. Protter
Exalted Contributor

‎02-17-2004 02:46 PM

‎02-17-2004 02:46 PM

Re: how to chk HP unix svr

You can attempt to probe the system using a program called saint.

There are open source versions, here is a corporate web site.

I use the free version to test security on my 9000 servers.

http://www.saintcorporation.com/products/saint_engine.html

Also, from HP:

Bastille:
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

You install it, run it in X and it checks and improves security on the fly. If it finds too much the setup wasn't too secure.

It also includes the product Security Patch Check which also includes basic security probing.
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Ravi_8
Honored Contributor

‎02-17-2004 04:09 PM

‎02-17-2004 04:09 PM

Re: how to chk HP unix svr

Hi,

Viruses are ruled out in Unix environment,
check for SNMP,samba and apache (must be disabled)
never give up
0 Kudos
Reply
Sunil Sharma_1
Honored Contributor

‎02-17-2004 06:08 PM

‎02-17-2004 06:08 PM

Re: how to chk HP unix svr

Hi,

Viruses No way in Unix systems.

use HP Bastille other issues.

Sunil
*** Dream as if you'll live forever. Live as if you'll die today ***
0 Kudos
Reply
YLTan
Frequent Advisor

‎02-17-2004 06:15 PM

‎02-17-2004 06:15 PM

Re: how to chk HP unix svr


My intention is to determine if the svr brought in by external vendor pose any security risk to our network and system e.g. probing s/w running in their svr, packet spraying, etc..etc.

Any guide lines on what cfg files to chk, type of processes to look out for, etc....

tyl
0 Kudos
Reply
Hoefnix
Honored Contributor

‎02-17-2004 08:01 PM

‎02-17-2004 08:01 PM

Re: how to chk HP unix svr

Best way is to put this server on a seperated network and if it should be connected to your company's network for testing use a firewall between this test-network and the company's network.

To scan for unwanted software on the system that sniff's etc.. can be a hard job.

What you can do is first check swlist (but you will not find all software installed if it's hacking stuff)

Check also all the processes running on theis system (ps -ef | more) and see if unclear binaries are running on this system.

Check netstat -an for unwanted connections etc...

Their will lots more to check but this is a start.

HTH,
Peter
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

‎02-18-2004 01:28 AM

‎02-18-2004 01:28 AM

Re: how to chk HP unix svr

Hi,

Some tools you might want to use:

1) Nessus
- at http://www.nessus.org
- by far the best opensource network vulnerability scanner I know

2) CIS security benchmark tools
- at http://www.cisecurity.org
- comprehensive

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
Walt Watson
Advisor

‎02-18-2004 12:36 PM

‎02-18-2004 12:36 PM

Re: how to chk HP unix svr

YL -

I'd keep them off of your network if at all possible, as tracking snooping is extremely difficult absent a sniffer or putting them behind a firewall.

You might want to check thier /var/adm/inetd.sec file to see how they'e set-up security on their system. Also, see what services they've enabled - do both tasks prior to connecting them to your network.
0 Kudos
Reply
Keith Buck
Respected Contributor

‎02-19-2004 04:11 AM

‎02-19-2004 04:11 AM

Re: how to chk HP unix svr

As some have suggested, putting the server on an isolated subnet with a firewall to monitor all outgoing connections (only the ones explicitly specified by the vendor and analyzed by you) would be best.

A cheaper alternative is to install ipfilter and log and/or block all outgoing connections except the ones explicitly needed. This doesn't stop someone from hacking the kernel (the previous option could) but it may be helpful and easier to deploy.

A few other things you can do as sanity tests:

swverify can do a basic check to tell you if the IPD matches installed software, including timestamps.

Stretching here...don't know if this would actually work but it would be thorough:

Configure a system with the same OE/patches/software the vendor chose. Then mount up their disk on that box (so you're running a trusted kernel) and do a dircmp between the two. This will probably generate lots of noise, but if you can explain all the differences, then you can be pretty confident.

Ideally, over time you'll build enough trust in this vendor that you don't have to go through this kind of work.

hope that helps.

-Keith
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.