HPE Community
Operating System - HP-UX
1836808 Members
2562 Online
110110 Solutions
New Discussion

tcpip security

 
ROSS HANSON
Regular Advisor

‎09-04-2001 03:02 PM

‎09-04-2001 03:02 PM

tcpip security

Is there a script like AIX's securetcpip for HPUX?
If not what is the best way to secure my system
from rlogins, tftp ...
Ross Hanson
0 Kudos
Reply
4 REPLIES 4
Sridhar Bhaskarla
Honored Contributor

‎09-04-2001 03:08 PM

‎09-04-2001 03:08 PM

Re: tcpip security

Ross,

You can disable services in /etc/services, modify configuraiton in /etc/inetd.conf etc.,.

The best way is to control the connections through /var/adm/inetd.sec where you can specify the services and allow or deny access to IPs,subnets etc.,

There are some examples in that file itself or you can do a man page of inetd.sec.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
linuxfan
Honored Contributor

‎09-04-2001 07:48 PM

‎09-04-2001 07:48 PM

Re: tcpip security

Hi Ross,

As with any other OS, the philosophy is to disable everything and then enable the things that you absolutely need.

Stay up to date with the security/cert advisories.

Stay up to date with patches atleast the security patches

A short security checklist
http://www.vennerable.com/securecheck.html

This is another thread which deals with the same issue
http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0x885f7e990647d4118fee0090279cd0f9,00.html

One of the better articles which deals completely with securing both HP-UX 10.x and HP-UX 11.X is
http://people.hp.se/stevesk/bastion.html

This is another article which gives lot of information about how/what to secure
http://www.sans.org/infosecFAQ/unix/HP-UX11.htm

Another good book to read is "Practical Unix security"
http://www.oreilly.com/catalog/puis/

Also last but not the least, HP is coordinating with Bastille linux folks (www.bastille-linux.org) to develop something similar for HP-UX. I am eagerly looking forward to that product (hopefully there would be a free downloadable version as well)

-Good luck
Ramesh
They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
linuxfan
Honored Contributor

‎09-04-2001 08:08 PM

‎09-04-2001 08:08 PM

Re: tcpip security

Hi Ross,

I reread your question and you were only looking for something similar to securetcpip on aix.

Hmm.. like Sridhar said you could use inetd.sec or you could set up TCP wrappers

You can get TCP wrappers from
ftp://ftp.porcupine.org/pub/security/index.html

But if you are looking for a command, then AFAIK there is no such command on HP-UX

-Ramesh
They think they know but don't. At least I know I don't know - Socrates
0 Kudos
Reply
Neale Machin
Advisor

‎09-04-2001 11:37 PM

‎09-04-2001 11:37 PM

Re: tcpip security

I'd agree with the others but you might think about making your system a trusted one through sam. this gives you more security features
Just cos I look after Unix Boxes doesnt mean I wear sandals
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.