- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Security queries
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2006 08:38 PM
08-10-2006 08:38 PM
I have been asked to look at 2 HPUX 11 servers in a company we have taken over & have some queries.
1. Neither system is set up as a trusted system with no password ageing etc. Passwords held in encrypted form in /etc/passwd. My own servers are trusted systems since day 1. Am I correct in recommending that they should be trusted.
2. Root should only be able to login at console & not ftp - correct? All users are allowed ftp which I don't agree with. No secure ftp
There is no Web console.
3. Ignite not being run - this should be run regularly & the files copied to the oposite server. This is what I do on my servers & need to know if this is correct.
4. Finally, I run SysInfo on my servers once a week on the crontab & copy off the output. There is no SysInfo on these servers. Does this need to be downloaded & installed.
Thanks,
Tim
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2006 08:42 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2006 08:52 PM
08-10-2006 08:52 PM
Re: Security queries
So long as you are not using NIS going for trusted systems is a good idea.
Ignite should be run on all systems once a week . If the system has a tape drive, I advocate make_tape_recovery, if not use make_net_recovery to a NFS shared mount point.
I also recommend downloading and installing Bastille and PERL5 from http://software.hp.com in order to make your system more secure.
root should NEVER have ftp access. Its a major security flaw to permit it and because ftp sends paswords back and forth in clear text, its a great way to get your root password hacked.
Secure Shell (software.hp.com) should be used in place of telnet.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2006 08:55 PM
08-10-2006 08:55 PM
Re: Security queries
it's probably down to what you get used to.
Even if the data is not critical, the machine would still give access to your network.
I would certainly go ahead with your suggested changes, even only to get the new systems to the standard required in your company.
May be worhtwhile running a few checks on the systems to ensure they were not compromised. Audit all the users and get them to chnage passwords etc..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2006 08:59 PM
08-10-2006 08:59 PM
Re: Security queries
I agree with the earlier replies, but be a bit careful with question number 1.
If you are going to Trusted System mode and are running e.g Baan, you can cause quite a lot of trouble for users and admins since some applications do'nt "talk" with the OS/security system,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2006 09:11 PM
08-10-2006 09:11 PM
Re: Security queries
Thanks for all the replies. The system is only running Oracle so moving to a trusted system shouldn't be a problem.
Where do I get SysInfo to install
Many Thanks,
Tim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2006 09:19 PM
08-10-2006 09:19 PM
Re: Security queries
Here it is : http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sysinfo-3.3.1/
-Arun
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-10-2006 09:50 PM
08-10-2006 09:50 PM
Re: Security queries
Points assigned
Tim