HPE Community
Operating System - HP-UX
1844697 Members
1700 Online
110233 Solutions
New Discussion

Re: HP-UX security

 
wahab
Occasional Contributor

‎12-20-2003 04:21 PM

‎12-20-2003 04:21 PM

HP-UX security

Dear Colleagues,
I have just been assigned the task of developing a security policy for our HP-UX mainframes including a checklist for the systems.
Can you please help where I can find info related to this issue?
0 Kudos
Reply
4 REPLIES 4
Patrick Wallek
Honored Contributor

‎12-20-2003 04:35 PM

‎12-20-2003 04:35 PM

Re: HP-UX security

A good piece of software to install and run which will help you secure your system is Bastille. It is a free package from HP. Look for it here:

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

A good white paper on seucring an HP-UX machine is the Bastion Host white paper, which is available here:

http://www.hp.com/products1/unix/operating/infolibrary/whitepapers/building_a_bastion_host.pdf
(Note that this is a PDF file)

These are 2 good places to start.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎12-20-2003 05:29 PM

‎12-20-2003 05:29 PM

Re: HP-UX security

Bastille is a good start.

Make sure you say yes to the question about security_patch_check.

It scans the system shows world writable directories and checks your system for important security patches.

Along with Bastille, consider

IDS/9000

Bastille requires a perl component.

tcp wrappers

All of the above is available at software.hp.com same as Bastille

You also want to draw up a policy if it doesn exist regarding passwords computer use and your organization needs to get all computer users to sign it.

You HP-UX servers should have a notice in /etc/issue and all other login screens. It must warn against unauthorized use or you can not prosecute violaters.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Hazem Mahmoud_3
Respected Contributor

‎12-21-2003 01:32 AM

‎12-21-2003 01:32 AM

Re: HP-UX security

I recommend purchasing the book HP-UX 11i Security by Chris Wong. It is a great book that tells you all the available tools/utilities for increasing the security of your 11i server (ie: through Bastille, IPSec, IDS/9000, etc.). It also discusses proper policies and approaches to take in hardening your system.

-Hazem
0 Kudos
Reply
Srinivas Thokala_1
Frequent Advisor

‎12-22-2003 04:03 AM

‎12-22-2003 04:03 AM

Re: HP-UX security

Immediately you can start with preparing a list of security fixes including security patches.

- editing files /etc/securetty to have console entry to allow root console access only.
- Edit the files under /var/adm directory
.access_list, .generic_login and .secure_console
- Wu-ftp invalid password check.
- users and directory permission checks.
- nfs mounts with access only by proper users, but not to the world.
- /.rhosts entries with root access based on company's policy.
- Sendmail check and installing sendmail patches.
- verify what services you want to dissable unser /etc/inetd.conf and refresh with
/usr/sbin/inetd -c option.
- incorporate Login and FTP banner message with Company's Security access message.
- dissable 'r' commands like 'rcp', 'rlogin',
'remsh', etc.
-srini
Srinivas Thokala
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.