HPE Community
Operating System - HP-UX
1822040 Members
3343 Online
109640 Solutions
New Discussion юеВ

HP-UX Security

 
Daniel Fourie
Frequent Advisor

тАО10-08-2001 04:42 AM

тАО10-08-2001 04:42 AM

HP-UX Security

I would like to know how to tie-down my HP-UX 11 servers.
Knowlage is Power
0 Kudos
Reply
9 REPLIES 9
Stefan Farrelly
Honored Contributor

тАО10-08-2001 04:51 AM

тАО10-08-2001 04:51 AM

Re: HP-UX Security


1. Convert to a trusted system (menu option under SAM).
2. Install all the latest security patches; www.itrc.hp.com -> Individual patches -> Security patches.
3. Under 2. subscribe to latest security patches bulletin to continually receive news on new security patches.
Im from Palmerston North, New Zealand, but somehow ended up in London...
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО10-08-2001 04:53 AM

тАО10-08-2001 04:53 AM

Re: HP-UX Security

Hi:

Here's a link that offers a number of threads for follow-up. In particular, note the "Building a Bastion Host" white paper:

http://www.hp.com/products1/unix/operating/hpux11i/alwayssecure.html

Regards!

...JRF...
0 Kudos
Reply
Ravi_8
Honored Contributor

тАО10-08-2001 04:57 AM

тАО10-08-2001 04:57 AM

Re: HP-UX Security

Hi,
ofcourse by converting to trusted system you can tie-down the hp system, at same time it has the disadvantage of not able to put on to nis network. choice is your's
never give up
0 Kudos
Reply
Darrell Allen
Honored Contributor

тАО10-08-2001 05:41 AM

тАО10-08-2001 05:41 AM

Re: HP-UX Security

A trusted system offers a better level of security than a non-trusted however if you don't lock down what services you allow on your host then you are leaving a number of opportunities for hackers. JRF points you to the info about building a Bastion Host. I'd strongly suggest you follow up on it.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Chris Calabrese
Valued Contributor

тАО10-08-2001 06:52 AM

тАО10-08-2001 06:52 AM

Re: HP-UX Security

Note that the Center for Internet Security will shortly be publishing guidelines for securing HP-UX servers (I know because I'm the project leader ;o). I'll post to this thread when I've got something I can share...
Brainbench MVP for Unix Administration and Internet Security, SANS Review Editor, and Center for Internet Security HP-UX Benchmark project leader
0 Kudos
Reply
harry d brown jr
Honored Contributor

тАО10-08-2001 08:57 AM

тАО10-08-2001 08:57 AM

Re: HP-UX Security

This is the best way to secure a hp server:

http://www.kbeta.com/SecurityTips/Checklists/HPUX_11_Bastion_Guide.htm

Live Free or Die
0 Kudos
Reply
Craig Rants
Honored Contributor

тАО10-24-2001 08:13 AM

тАО10-24-2001 08:13 AM

Re: HP-UX Security

Security is complex and takes time to learn. The best thing to do is to get a scan of your box from a tool like ISS or NESSUS. Then evaluate the report and take actions as necessary. Important things to consider:

1 Comment unused services out of inetd.conf
2 use inetd.sec for used services
3 get away from telnet/ftp and use ssh
4 lock down sendmail (edit sendmail.cf and use something about 8.8.6)
5 use securetty to control root logins
6 use ftpusers if ftp is required
7 log, log, log. Use the -l options in the /etc/rc.config.d/netdaemons file

the list goes on...

A good book on this is the O'Reily book on security. They have ton's of suggestions.

Hope this gets you going
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
Lou Zirko_1
Frequent Advisor

тАО10-24-2001 10:00 AM

тАО10-24-2001 10:00 AM

Re: HP-UX Security

Unplug it, use duct tape and then go enjoy a good book.

Sorry I just had to get this out.

Lou Zirko
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО10-24-2001 12:00 PM

тАО10-24-2001 12:00 PM

Re: HP-UX Security

Get a copy of the brand new book:

"HP-UX 11i Security" by Chris Wong

Most of the book is applicable to 11.0 as well as 10.20 and summarizes a lot of the basic steps.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.