HPE Community
Operating System - HP-UX
1847211 Members
2334 Online
110263 Solutions
New Discussion

Security tools for HP-UX 11i (trusted) systems

 
Steve Berry
Occasional Contributor

‎03-06-2003 11:39 AM

‎03-06-2003 11:39 AM

Security tools for HP-UX 11i (trusted) systems

Can anyone recommend any tools that work with HP-UX 11i systems that are in trusted mode? COPS is ancient, SARA is okay but I'm looking for something that can perform a thorough security check of a trusted system. (ie, it won't complain about /etc/password and will examine the /tcb dirctory instead)
0 Kudos
Reply
7 REPLIES 7
Sridhar Bhaskarla
Honored Contributor

‎03-06-2003 11:46 AM

‎03-06-2003 11:46 AM

Re: Security tools for HP-UX 11i (trusted) systems

Hi,

Did you try bastille?

Try it

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Paul Sperry
Honored Contributor

‎03-06-2003 12:00 PM

‎03-06-2003 12:00 PM

Re: Security tools for HP-UX 11i (trusted) systems

try bastille
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=B6849AA

install it and it will walk you through security issues
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-06-2003 09:20 PM

‎03-06-2003 09:20 PM

Re: Security tools for HP-UX 11i (trusted) systems

Also, try security_patch_check
https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=B6834AA&date=

TCP Wrappers.

https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=TCPWRAP&date=

SEP

swinstall -s /loc_of_depot \*

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
David_246
Trusted Contributor

‎03-07-2003 12:36 AM

‎03-07-2003 12:36 AM

Re: Security tools for HP-UX 11i (trusted) systems

Hi,

Currently finishing a security project and we have chosen for eTrust Access Control from Computer Associates (sold by HP) to set password settings, protect files, protect logins, set auditing on specific commands or processes, etc.
We used Symantec ESM to check the system on a regular base, this tool is really good. It checks for password strengh, file permissions, file changes (binaries), new SUID files, Patches, Mail config, auditing, cron files, etc, etc. We thought we hardened the system, but when running this tool we could start all over again :)
Yep it costs money and is not for free, but this time it really helps.

Regs David
@yourservice
0 Kudos
Reply
Keith Buck
Respected Contributor

‎03-07-2003 08:56 AM

‎03-07-2003 08:56 AM

Re: Security tools for HP-UX 11i (trusted) systems

Since I'm on the Bastille development team, I should second (or third) the recommendation of Bastille. Bastille is a great tool (HP chose it as the best-of-breed from opensource and then ported it to HP-UX), but it may not be what you're looking for.

Bastille is not intended to be a vulnerability scanner. The scanning it does is essentially a side-effect (and limited in the 2.0 release which is currently available). Bastille is a hardening tool and designed to tell you about recommended changes, why you would want them, and then implement them.

There are several vulnerability scanners out there. Some cost money, most are fairly noisy (complaining about lots of stuff that's not a real problem).

If you want lots of helpful information about things you should do to harden HP-UX, then certainly run Bastille. The interactive mode ('bastille -x') will not make any changes to your system and is very educational. If you do want to apply the changes (and across multiple machines) then Bastille makes it very easy.

If you're just going to prepare a report (and not actually make any changes until later), then you might also try the CIS scanner. (www.cisecurity.org) Then use Bastille when you're ready to actually implement your decisions (unless you enjoy manual editing of files, etc.)

Bastille and the CIS tester each have overlapping and unique functionality. Bastille and the changes it makes are supported by HP, while you'll need to test changes recommended by CIS yourself in your environment.

Hope that helps.

-Keith
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-10-2003 09:53 AM

‎03-10-2003 09:53 AM

Re: Security tools for HP-UX 11i (trusted) systems

For vulnerability scanner' I'd use saint.

Its pretty good but you need to be careful how hard you have it try and make trouble. It can clog up networks.

Crack should be used to check passwords. It can be directed at any file. With that I recommend copying the file you wish to test.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Pierre Pasturel
Respected Contributor

‎04-29-2003 09:43 AM

‎04-29-2003 09:43 AM

Re: Security tools for HP-UX 11i (trusted) systems

IDS/9000 V2.1 is a free HP-UX Host Intrusion Detection System (IDS) which can be configured to monitor for the modification of critical files/directories, creation of setuid programs, world writable files, and other signs of intrusion. It was developed within the HP-UX kernel lab and uses an auditing kernel subsystem specifically designed for the HP-UX HIDS product, allowing for near real time intrusion detection capability.

For more information and the free download, go to software.hp.com at http://www.software.hp.com/ISS_products_list.html

The product has been tested in trusted mode.

Pierre
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.