1839298 Members
1792 Online
110138 Solutions
New Discussion

Re: HP-UX Security

 
Daniel Fourie
Frequent Advisor

HP-UX Security

I would like to know how to tie-down my HP-UX 11 servers.
Knowlage is Power
9 REPLIES 9
Stefan Farrelly
Honored Contributor

Re: HP-UX Security


1. Convert to a trusted system (menu option under SAM).
2. Install all the latest security patches; www.itrc.hp.com -> Individual patches -> Security patches.
3. Under 2. subscribe to latest security patches bulletin to continually receive news on new security patches.
Im from Palmerston North, New Zealand, but somehow ended up in London...
James R. Ferguson
Acclaimed Contributor

Re: HP-UX Security

Hi:

Here's a link that offers a number of threads for follow-up. In particular, note the "Building a Bastion Host" white paper:

http://www.hp.com/products1/unix/operating/hpux11i/alwayssecure.html

Regards!

...JRF...
Ravi_8
Honored Contributor

Re: HP-UX Security

Hi,
ofcourse by converting to trusted system you can tie-down the hp system, at same time it has the disadvantage of not able to put on to nis network. choice is your's
never give up
Darrell Allen
Honored Contributor

Re: HP-UX Security

A trusted system offers a better level of security than a non-trusted however if you don't lock down what services you allow on your host then you are leaving a number of opportunities for hackers. JRF points you to the info about building a Bastion Host. I'd strongly suggest you follow up on it.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Chris Calabrese
Valued Contributor

Re: HP-UX Security

Note that the Center for Internet Security will shortly be publishing guidelines for securing HP-UX servers (I know because I'm the project leader ;o). I'll post to this thread when I've got something I can share...
Brainbench MVP for Unix Administration and Internet Security, SANS Review Editor, and Center for Internet Security HP-UX Benchmark project leader
harry d brown jr
Honored Contributor

Re: HP-UX Security

This is the best way to secure a hp server:

http://www.kbeta.com/SecurityTips/Checklists/HPUX_11_Bastion_Guide.htm

Live Free or Die
Craig Rants
Honored Contributor

Re: HP-UX Security

Security is complex and takes time to learn. The best thing to do is to get a scan of your box from a tool like ISS or NESSUS. Then evaluate the report and take actions as necessary. Important things to consider:

1 Comment unused services out of inetd.conf
2 use inetd.sec for used services
3 get away from telnet/ftp and use ssh
4 lock down sendmail (edit sendmail.cf and use something about 8.8.6)
5 use securetty to control root logins
6 use ftpusers if ftp is required
7 log, log, log. Use the -l options in the /etc/rc.config.d/netdaemons file

the list goes on...

A good book on this is the O'Reily book on security. They have ton's of suggestions.

Hope this gets you going
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Lou Zirko_1
Frequent Advisor

Re: HP-UX Security

Unplug it, use duct tape and then go enjoy a good book.

Sorry I just had to get this out.

Lou Zirko
Bill Hassell
Honored Contributor

Re: HP-UX Security

Get a copy of the brand new book:

"HP-UX 11i Security" by Chris Wong

Most of the book is applicable to 11.0 as well as 10.20 and summarizes a lot of the basic steps.


Bill Hassell, sysadmin