Hi,
The question is where to start, as there is a large amount of avenues to explore and many benefits to be made.
You could look at the product bastille :-
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AALook at patching and ensure you are patched uptodate and on a frequent basis.
Remove any direct connect modems on the system. Invest in a firewall if not already done so.
Run some overnight scripts that will monitor permissions and dates of critical files that are listed below :-
/usr/bin/passwd
/etc/default/security
/etc/securetty
/etc/hosts
/etc/group
/etc/services
/etc/inetd.conf
/etc/ftpd/ftpusers
Check the integrity of the /etc/passwd file and /etc/group file by typing :-
pwck
grpck
Check the use of the su command and root login, and failed logins :-
run the commands and check the output :-
last
lastb
pg /var/adm/sulog
Check ftp access to the server by implementing ftp security. For More information :-
man ftpaccess
man ftpusers
Check for files with no owner or group :-
cd /
find . -depth -type f -nouser -o -nogroup -exec ls -l {} \;
Pick up a good security manual like HP-UX 11i Security by Chris Wong.
This should get you started !
Finally, you could document you root login, lock it in a safe and not use it unless absolutely necessary.
Keith
You are either part of the solution or part of the problem
