HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Securing an HP UX B.11.11 server
Operating System - HP-UX
1826082
Members
3158
Online
109690
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2003 09:35 PM
12-19-2003 09:35 PM
Hi,
Need some help. We are trying to secure our HP UX 11i servers. We have tested Bastille and its great. However after running a server scan using nmap we can see some strange port numbers OPEN. They are in the 49xxx range listed with an UNKNOW description.
1. What are these ports used for ? Why are they listed as Unknown. I know i cannot see them in /etc/services.
2. I have read that the tool lssof is great for more info on these ports among other things, but i cannot get the executable for B.11.11 anywhere. Can anyone help me.
3. Also what does syslogd -N achieve by way of security.
4. We are trying to secure a large no. (20) HP servers. These are in a pre-production stage now and the application vendors are very itchy as they are having problems with their apps. The apps include Mediation, fraud mgmt., telecom billing and web self care. Since the situation is delicate we wish to tread very carefully about this. Our company does not as yet have a comprehensive security policy. Therefore our plan is to first prepare a document covering the server security lockdown procedure and get it ok'd by apps vendors. This hopefully would help avoid getting the blame for problems later. Can anyone give me some tips, links, template etc for such a document.
5. Any tips, methods, etc that i can use to secure these systems would really help since we are new to HPUX.
Thanks very much for your patience,
Regards
Patrick
Need some help. We are trying to secure our HP UX 11i servers. We have tested Bastille and its great. However after running a server scan using nmap we can see some strange port numbers OPEN. They are in the 49xxx range listed with an UNKNOW description.
1. What are these ports used for ? Why are they listed as Unknown. I know i cannot see them in /etc/services.
2. I have read that the tool lssof is great for more info on these ports among other things, but i cannot get the executable for B.11.11 anywhere. Can anyone help me.
3. Also what does syslogd -N achieve by way of security.
4. We are trying to secure a large no. (20) HP servers. These are in a pre-production stage now and the application vendors are very itchy as they are having problems with their apps. The apps include Mediation, fraud mgmt., telecom billing and web self care. Since the situation is delicate we wish to tread very carefully about this. Our company does not as yet have a comprehensive security policy. Therefore our plan is to first prepare a document covering the server security lockdown procedure and get it ok'd by apps vendors. This hopefully would help avoid getting the blame for problems later. Can anyone give me some tips, links, template etc for such a document.
5. Any tips, methods, etc that i can use to secure these systems would really help since we are new to HPUX.
Thanks very much for your patience,
Regards
Patrick
Solved! Go to Solution.
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2003 10:10 PM
12-19-2003 10:10 PM
Re: Securing an HP UX B.11.11 server
Hi
Re:-
1.
Have a look in /etc/services and remove the items not required.
Make a backup first.
Paula
Re:-
1.
Have a look in /etc/services and remove the items not required.
Make a backup first.
Paula
If you can spell SysAdmin then you is one - anon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2003 10:11 PM
12-19-2003 10:11 PM
Re: Securing an HP UX B.11.11 server
This will help
http://www.hp.com/products1/unix/operating/infolibrary/whitepapers/building_a_bastion_host.pdf
Paula
http://www.hp.com/products1/unix/operating/infolibrary/whitepapers/building_a_bastion_host.pdf
Paula
If you can spell SysAdmin then you is one - anon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2003 11:20 PM
12-19-2003 11:20 PM
Re: Securing an HP UX B.11.11 server
Hi
That link did not work so:-
http://secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html
Paula
That link did not work so:-
http://secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html
Paula
If you can spell SysAdmin then you is one - anon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2003 02:17 AM
12-20-2003 02:17 AM
Solution
You can obtain lsof for 11.11 from
http://the-other.wiretapped.net/security/host-security/lsof/binaries/hpux/B.11.11/
or I believe this will also work:
http://hpux.connect.org.uk/hppd/hpux/Sysadmin/lsof-4.69/
Once you get lsof you can determine what the ports 49xxx are used for.
For info about securing HP-UX, check out http://www.sans.org/rr/papers/63/325.pdf
or also consider purchasing "HP-UX 11i Security" by Chris Wong. Excellent book to learning all the details about securing HP-UX!
-Hazem
http://the-other.wiretapped.net/security/host-security/lsof/binaries/hpux/B.11.11/
or I believe this will also work:
http://hpux.connect.org.uk/hppd/hpux/Sysadmin/lsof-4.69/
Once you get lsof you can determine what the ports 49xxx are used for.
For info about securing HP-UX, check out http://www.sans.org/rr/papers/63/325.pdf
or also consider purchasing "HP-UX 11i Security" by Chris Wong. Excellent book to learning all the details about securing HP-UX!
-Hazem
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2003 07:47 AM
12-20-2003 07:47 AM
Re: Securing an HP UX B.11.11 server
In providing a secure environment, the sysadmin (and security policy) define the environment, so if an application vendor's product has a problem, the vendor must define the issue and either fix their product or provide a risk analysis concerning fixing the problem. There are some AWFUL products out there that *require* 777 permissions on data directories or require root as the owner of their processes. Another problem with these awful applications is that they do not provide any error messages or inadequate messages concerning failures.
I would NOT tread lightly in this area since your applications are themselves associated with security issues. Since you may not have the credentials to defend the security position, you may need a certified security specialist to help with both a policy as well as negotiations with vendors.
Bill Hassell, sysadmin
I would NOT tread lightly in this area since your applications are themselves associated with security issues. Since you may not have the credentials to defend the security position, you may need a certified security specialist to help with both a policy as well as negotiations with vendors.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-21-2003 06:40 AM
12-21-2003 06:40 AM
Re: Securing an HP UX B.11.11 server
Many Thanks to everyone. The tips have been very helpfull. Thanks Hazem for lsof. its a real help. Thanks Paula for the link. Thanks Bill for your advice. All inputs will help me tremendously.
regards
patrick
regards
patrick
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Support
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP