HPE Community
Operating System - HP-UX
1846741 Members
5143 Online
110256 Solutions
New Discussion

Re: Security lockdown

 
Gus Fernandez
Occasional Advisor

‎03-21-2007 11:11 AM

‎03-21-2007 11:11 AM

Security lockdown

I want to know the follwoing things for secuiruty lockdown.

1) How to stop rbootd daemon permanently.
2) How to stop SNMPD daemon permanently.
3) How to stop printer daemon permanently.
4) HOe i can enable the system auditing. and after that i want to run the cron job after every 20 mins. to collect the information what should be the cron entry.
5)How to set the umask permanently.

Can someone help me out...

Thanks & regards,
Ravikant Bhagat.
0 Kudos
Reply
8 REPLIES 8
Raj D.
Honored Contributor

‎03-21-2007 11:52 AM

‎03-21-2007 11:52 AM

Re: Security lockdown

Mr. Bhagat,
check the following,

/etc/inetd.conf put hash before 1,2,3,

- make S70audit put 0 , under /etc/rc.config.d/

- /etc/profile check umask value.
also check /etc/skell/.profile


Enjoy and Have fun,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎03-21-2007 11:58 AM

‎03-21-2007 11:58 AM

Re: Security lockdown

It is utterly impossible to set umask permanently. Umask can always be overriden by anyone with access to the shell -- and the most recent umask always wins. Moreover, even if you make an entry in /etc/profile and do not allow a user direct access to the shell, an application can internally set umask.
If it ain't broke, I can fix that.
0 Kudos
Reply
Court Campbell
Honored Contributor

‎03-21-2007 11:58 AM

‎03-21-2007 11:58 AM

Re: Security lockdown

rbootd and printer can be commented out in /etc/inetd.conf. Then run inetd -c. I am not in front of a machine, but i believe that you can stop snmp from running by editing /etc/rc.config.d/SnmpHpunix. you can set umask in /etc/profile. And as for auditing you could check this thread:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=658297
"The difference between me and you? I will read the man page." and "Respect the hat." and "You could just do a search on ITRC, you don't need to start a thread on a topic that's been answered 100 times already." Oh, and "What. no points???"
0 Kudos
Reply
Raj D.
Honored Contributor

‎03-21-2007 12:21 PM

‎03-21-2007 12:21 PM

Re: Security lockdown

Shalom Kevin,

Also check this out :for Hardening your system and security lock down,

http://docs.hp.com/en/5990-6737/ch07s06.html

And dont forget to give us points,

Enjoy Have fun!!,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Gus Fernandez
Occasional Advisor

‎03-22-2007 01:06 PM

‎03-22-2007 01:06 PM

Re: Security lockdown

I have a .sh script with me.

i.e. dailyop.sh contains the following command :-
date
uptime
vmstat 3 3 etc.

I want to run this scirpt avery 2o mins and o/p of this file should be saved in /home/root/dailyop file.

What should the crontab entry.

thanks & regards,
Kevin
0 Kudos
Reply
Raj D.
Honored Contributor

‎03-22-2007 03:03 PM

‎03-22-2007 03:03 PM

Re: Security lockdown

Ravikant Bhagat,

20 * * * * /home/dailop.sh > /home/outputfile.txt 2>&1


For details,
check # man crontab

cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Raj D.
Honored Contributor

‎03-22-2007 03:06 PM

‎03-22-2007 03:06 PM

Re: Security lockdown

Check this out: the crontab details,

The fields are:

The number of minutes after the hour (0 to 59)
The hour in military time (24 hour) format (0 to 23)
The day of the month (1 to 31)
The month (1 to 12)
The day of the week(0 or 7 is Sun, or use name)
The command to run

Crontab file Format or syntax would be like this

* * * * * Command to be executed
- - - - -
| | | | |
| | | | +----- Day of week (0-6)
| | | +------- Month (1 - 12)
| | +--------- Day of month (1 - 31)
| +----------- Hour (0 - 23)
+------------- Min (0 - 59)

** You must assign points to all those who tried to help you .


Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
Gus Fernandez
Occasional Advisor

‎03-25-2007 03:59 AM

‎03-25-2007 03:59 AM

Re: Security lockdown

Thank You All of you who have spent some time to solve my querries.

i will rate this response as 8 out of 10

Thanks & Regards,
Kevin....
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.