HPE Community
Operating System - HP-UX
1847124 Members
5703 Online
110263 Solutions
New Discussion

Re: HP security

 
SOLVED
Go to solution
Mridul Dutta
Advisor

‎12-13-2006 05:09 PM

‎12-13-2006 05:09 PM

HP security

Hi,

I have very little experience with HPUX but have been assigned the task of securing HPUX system. Is there a HPUX security
checklist?

Mridul
0 Kudos
Reply
6 REPLIES 6
Fabian Briseño
Esteemed Contributor

‎12-13-2006 05:29 PM

‎12-13-2006 05:29 PM

Solution

Re: HP security

Hello Mridul.

You can start by.
1. Patching your system
2. Disabling telnet and ftp and installing ssh and sftp.
3. Checking access permission for users.
4. keep root account password secret.
Knowledge is power.
Reply
Sameer_Nirmal
Honored Contributor

‎12-13-2006 05:39 PM

‎12-13-2006 05:39 PM

Re: HP security

HPUX Bastille tool and its checklist comes to my mind as good way of making HPUX system secure. This tool's checklist is quite useful to ensure system wide security. With this tool, there is readme/checklist which could be used for security hardening of the system using this tool or manually.

Try it on test/sandbox.

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA
0 Kudos
Reply
Peter Godron
Honored Contributor

‎12-13-2006 07:10 PM

‎12-13-2006 07:10 PM

Re: HP security

Mridul,
there is a lot of choice of documentaion out there. Here is a small selection:

A summary for 11i
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=78157

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=242492

Info on How to build Bastille
http://www.windowsecurity.com/whitepaper/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html

General info
http://www.blacksheepnetworks.com/security/resources/hp-ux11.html
0 Kudos
Reply
Robert Fritz
Regular Advisor

‎12-14-2006 04:59 PM

‎12-14-2006 04:59 PM

Re: HP security

Quick clarification on Peter's post. Bastille, doesn't have to be built. It is an application that comes with HP-UX 11.23 and up (or download for 11.11 and 11.00).

The link he provided was to "Building a Bastion Host" which is a white paper... one of the number of source documents we used to build the Bastille application a few years back.

Hope that helped,
Robert
Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
0 Kudos
Reply
Tom Henning
Trusted Contributor

‎12-14-2006 10:34 PM

‎12-14-2006 10:34 PM

Re: HP security

Here where I work we have been required to configure systems as per the Center for Internet Security (http://www.cisecurity.com/) template for HP-UX. These templates seem to be a pretty good basic starting point, although if you configure your system completely as per their recommendations (turning everything they suggest be turned off off) the system is almost useless.

I'm tossing this in as an alternative to the standard HP resources. No recommendation from me, and I am NOT associated with them in any way other than being required to use their templates.
What is it that possesses otherwise sane individuals to change something just because it has not been changed in a while?
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎12-14-2006 11:44 PM

‎12-14-2006 11:44 PM

Re: HP security

And in order to understand the basics with HP-UX security, be sure to get the HP-UX Security book by Chris Wong.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.