HPE Community
Operating System - HP-UX
1841671 Members
3655 Online
110184 Solutions
New Discussion

Re: Services Security

 
SOLVED
Go to solution
Pedro Tapia_2
Occasional Contributor

‎07-31-2005 12:29 PM

‎07-31-2005 12:29 PM

Services Security

In order to optimize the security in my server HP-UX who ports and services disable ???. Thank you very much
0 Kudos
Reply
6 REPLIES 6
generic_1
Respected Contributor

‎07-31-2005 06:53 PM

‎07-31-2005 06:53 PM

Re: Services Security

If you posted what applications and versions you run you might get a more exact answer. If you get too crazy with it you could break applications or parts of the OS.
0 Kudos
Reply
Alessandro Pilati
Esteemed Contributor

‎07-31-2005 07:19 PM

‎07-31-2005 07:19 PM

Re: Services Security

Hi Pedro,
take a look on this:

http://sabernet.home.comcast.net/papers/hp-ux10.html#1.0

For more specific details tell us some more specific information about your system and its functionalities.

Rgds,
Alex
if you don't try, you'll never know if you are able to
0 Kudos
Reply
Ralph Grothe
Honored Contributor

‎07-31-2005 07:25 PM

‎07-31-2005 07:25 PM

Solution

Re: Services Security

Hi Pedro,

it depends on the purpose of your host.

There's been quite a good document about hardening a HP-UX 11 host like for a DMZ bastion host reappearing on various websites.

Here is one of those links:

http://www.unixadm.net/hp/bastioning_hpux.11.html


You may get some ideas of what could be done to increase services' security.

Also you could try the program Bastille which I read about will aid in hardening.
It even might be on the HP's Internet Express.

You could also run checks from a Nessus server against your host.
Nessus has tons of plug-ins for all kinds of security checks.
And if your still dissatesfied it has an own interpreter with syntax close to C that would enable you to write your own check plug-ins.
Madness, thy name is system administration
Reply
Ralph Grothe
Honored Contributor

‎07-31-2005 07:36 PM

‎07-31-2005 07:36 PM

Re: Services Security

Addendum,
HP already have included Bastille in their toolbox as I found out here

http://docs.hp.com/en/5990-6737/ch07s06.html

and they also included Nessus in their Internet Express

http://docs.hp.com/en/5990-8580/ch01s02.html
Madness, thy name is system administration
0 Kudos
Reply
Pedro Tapia_2
Occasional Contributor

‎08-01-2005 05:02 AM

‎08-01-2005 05:02 AM

Re: Services Security

First that nothing, thank you very much by the attention and its answers. The server is rp7410 with HP-UX 11.11 and IBM Informix 7.31 FD8 as database engine. This server this within my LAN and supports to applications Client/Server and WEB. The users in a 95% connect via ODBC
Thanks
0 Kudos
Reply
Robert Fritz
Regular Advisor

‎08-01-2005 09:13 AM

‎08-01-2005 09:13 AM

Re: Services Security

If I could make a further pith for Bastille.

It comes with 11.23 and up, but is free to download for 11.00 and 11.11;
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6849AA

I think it does exactly what you're asking for (disabling services), it is more recent than the Bastion host whitepaper, has an easy-to-use, educational GUI, and can even help you set up a host-based firewall (with IPFilter) to allow you do specify which ports you *want* exposed to the net vs. the other way around. It has ~79 things it does total, including the services disablement you mention.

(can you tell I'm on the Bastille team :-) )

Anyway, let me know if the tool doesn't meet your needs. We're always interested in feedback.

Those Who Would Sacrifice Liberty for Security Deserve Neither." - Benjamin Franklin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.