1833873 Members
1786 Online
110063 Solutions
New Discussion

tcpip security

 
ROSS HANSON
Regular Advisor

tcpip security

Is there a script like AIX's securetcpip for HPUX?
If not what is the best way to secure my system
from rlogins, tftp ...
Ross Hanson
4 REPLIES 4
Sridhar Bhaskarla
Honored Contributor

Re: tcpip security

Ross,

You can disable services in /etc/services, modify configuraiton in /etc/inetd.conf etc.,.

The best way is to control the connections through /var/adm/inetd.sec where you can specify the services and allow or deny access to IPs,subnets etc.,

There are some examples in that file itself or you can do a man page of inetd.sec.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
linuxfan
Honored Contributor

Re: tcpip security

Hi Ross,

As with any other OS, the philosophy is to disable everything and then enable the things that you absolutely need.

Stay up to date with the security/cert advisories.

Stay up to date with patches atleast the security patches

A short security checklist
http://www.vennerable.com/securecheck.html

This is another thread which deals with the same issue
http://forums.itrc.hp.com/cm/QuestionAnswer/1,1150,0x885f7e990647d4118fee0090279cd0f9,00.html

One of the better articles which deals completely with securing both HP-UX 10.x and HP-UX 11.X is
http://people.hp.se/stevesk/bastion.html

This is another article which gives lot of information about how/what to secure
http://www.sans.org/infosecFAQ/unix/HP-UX11.htm

Another good book to read is "Practical Unix security"
http://www.oreilly.com/catalog/puis/

Also last but not the least, HP is coordinating with Bastille linux folks (www.bastille-linux.org) to develop something similar for HP-UX. I am eagerly looking forward to that product (hopefully there would be a free downloadable version as well)

-Good luck
Ramesh
They think they know but don't. At least I know I don't know - Socrates
linuxfan
Honored Contributor

Re: tcpip security

Hi Ross,

I reread your question and you were only looking for something similar to securetcpip on aix.

Hmm.. like Sridhar said you could use inetd.sec or you could set up TCP wrappers

You can get TCP wrappers from
ftp://ftp.porcupine.org/pub/security/index.html

But if you are looking for a command, then AFAIK there is no such command on HP-UX

-Ramesh
They think they know but don't. At least I know I don't know - Socrates
Neale Machin
Advisor

Re: tcpip security

I'd agree with the others but you might think about making your system a trusted one through sam. this gives you more security features
Just cos I look after Unix Boxes doesnt mean I wear sandals