HPE Community
Operating System - HP-UX
1849500 Members
6505 Online
104044 Solutions
New Discussion

Re: HPUX Security

 
SOLVED
Go to solution
Ted Flanders_1
Advisor

‎07-06-2000 07:52 AM

‎07-06-2000 07:52 AM

HPUX Security

I am fairly new to the Unix enviroment. We are going to be heading out to the web pretty quick. We also have a WAN and a LAN in place. It is my job to keep my box secure. Can anyone throw me a bone and tell me where to get started on this. How do I find out what I have already? How do I find out what I need? The HP website is huge and I havent had any luck yet. I want to make sure I have the most up to date version of security on my box. Our there any good books out on this? I would appreciate some direction. Thanks.
0 Kudos
Reply
8 REPLIES 8
Brian M. Fisher
Honored Contributor

‎07-06-2000 08:02 AM

‎07-06-2000 08:02 AM

Re: HPUX Security

The HP-UX course Practical UNIX and network Security was very valuable to me in securing my servers.
A couple of good books are:
Practical UNIX & Internet Security - O'Reilly
Halting the Hacker - Prentice Hall

A good place to start wouls be to switch your system to a "trusted system" via SAM.
Also, read up on inetd.sec the inet daemon security file.
i.e. man inetd.sec

Brian
<*(((>< er

Perception IS Reality
Reply
Kofi ARTHIABAH
Honored Contributor

‎07-06-2000 08:10 AM

‎07-06-2000 08:10 AM

Solution

Re: HPUX Security

- Harden the OS = set it up as a trusted system from within SAM
- Disable Unused services
- setup /var/adm/inet.sec to limit what is allowed in/out and from/to where
- If possible disable telnet/ftp and use ssh/sftp instead
- check http://www.cert.org for recent security advisories (also http://www.nipc.gov)
- get the latest patch bundles and install (http://software.hp.com)
- if you do not already have a firewall, you might want to install some sort of firewall software to protect the rest of your network
- visit http://www.sans.org for some tips on system security
- checkout the hp docs http://docs.hp.com/hpux/internet/ for more on internet and security
Good luck
nothing wrong with me that a few lines of code cannot fix!
Reply
Fred Martin_1
Valued Contributor

‎07-07-2000 04:41 AM

‎07-07-2000 04:41 AM

Re: HPUX Security

If you are going to set up a firewall, or even if you're outsourcing that, read the book "Building Internet Firewalls" (O'Reilly) and read it in its entirety.

There is much to learn and the book is excellent.
fmartin@applicatorssales.com
0 Kudos
Reply
Rob Adams
New Member

‎07-07-2000 09:57 AM

‎07-07-2000 09:57 AM

Re: HPUX Security

If you are setting up a web site, either internal or external access, you might be interested in a new course being released by HP Education Services:
Optimising your Web Server with HP-UX (H4291S)
This is based on Apache, and includes both security and performance issues.
Worth a look, keep checking the HP web site for details: http://education.hp.com/
0 Kudos
Reply
Wodisch
Honored Contributor

‎07-08-2000 10:14 AM

‎07-08-2000 10:14 AM

Re: HPUX Security

Hello Ted,

try to get the HP document "Administering Your HP-UX Trusted System",
HP Prt No. B2355-90121, First Edition August 1996.
This is about "trusted systems", ie. after having run "tsconv" on your HP-UX box.
To get back to to "not so trusted system" there is the undocumented option "-r"
to that command... ;-)
0 Kudos
Reply
Maarten van Maanen
Regular Advisor

‎07-26-2000 07:19 AM

‎07-26-2000 07:19 AM

Re: HPUX Security

Hi,

I don't know what kind of website you are going to install or what it will be doing. If so, you could check the site www.hp.com/security for the HP Virtual Vault solution. It's a dedicated and highly specialised variation of HP-UX called VVOS (or HP-UX 10.24) which is a segmented type of Unix to give to a very high level of security. At the moment it is mainly used by banks. However, it should be used on a machine operating as a front-end.

Maarten van Maanen
Netherlands
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎08-04-2000 05:27 AM

‎08-04-2000 05:27 AM

Re: HPUX Security

Well the books suggested by others are all good and go for it. Since your a newbie you need to subscribe to some mags like SYSADMIN for UNIX. It's pretty helpful. And get yourself on as many forums like this as you can (subscribe to hp-ux admin at majordomo@dutchworks.nl.....some really interchange there also).
And finally, before you do anything else...if you don't have a firewall up than you need to take a look at your /var/adm/inetd.sec file. If you don't have a 'good' firewall up you need to start shutting down some doors till you get things in place. The file has info in it. Then take a look at your /etc/rc.config.d/netdaemons file and turn on inetd="-l" so you can log everything acessing your system. Then recycle your inted by keying /usr/sbin/inetd -c. You'll make points when you start seeing what unauthorized access you've been able to stop at the box.
And last go get those books and start reading......
Regards,
0 Kudos
Reply
Michael Koslosky
Occasional Contributor

‎01-19-2001 07:59 AM

‎01-19-2001 07:59 AM

Re: HPUX Security

I have asked this before, but
I have been to that hpux open
source porting and archive site,
but see no reference to SSL or
sftp. Can someone send pointers?
Also, I'd like info about running
in trusted mode with Service Guard,
and or other stuff ?
Please reply here, but if possible,
copy to glbny@yahoo.com (thanks).

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.