Another simple thing to check for is if ftp logging is on. To check do;

grep FTP /var/adm/syslog/syslog.log

This will list details of all ftp connections if ftp logging is switched on. If so then it displays passwords for ftp accounts.

So, make syslog non world readable; chmod 600 /var/adm/syslog.log

Hi,
1)Be up to date on HP security patches which fixes up various security vulnerabilities.
2)Disable all unwanted network services
3)Use strong passwords.
4)secure the individual servers even though you
think you have a perfect firewall.
5)Monitor system log files frequently for suspicious activity.
6)Keep root password very secure ( memorised )
7)Monitor file permission of executables like
ksh sh csh etc.

Have a look at this links.
http://people.hp.se/stevesk/bastion11.html
http://www.vennerable.com/security.html

regards,
U.SivaKumar

Jim

You could always convert to a trusted system or if you just want to strengthen your passwords on an untrusted system you could install the PHCO_26089 patch. When this patch is installed, you can create a file called /etc/default/security which let you set things like:
MIN_PASSWORD_LENGTH
NUMBER_OF_LOGINS_ALLOWED
PASSWORD_HISTORY_DEPTH
PASSWORD_MIN_UPPER_CASE_CHARS
PASSWORD_MIN_LOWER_CASE_CHARS
PASSWORD_MIN_DIGIT_CHARS
PASSWORD_MIN_SPECIAL_CHARS

Hope This Helps

Michael

Hi,

One easy thing to do is to download and run the CIS Security Benchmark tools locally against your system to verify its security, such as checking for illegitimate setuid/setgid files and such:

http://www.cisecurity.org/bench_HPUX.html

Hope this helps. Reards.

Steven Sim Kok Leong

Jim,

HP has a 'hardening' tool called Bastille which will guide you through the common security pitfalls and make recommendations which you can choose to accept or ignore. It's worth a look - the URL is in this thread:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x4f9793e260b0d611abdb0090277a778c,00.html

Pete

First thing to do: Get the HP-UX Security book by Chris Wong: http://www.phptr.com/ and search for: HP-UX security (you may want to attend HP World (http://hpworld.com) next week and take some of the security classes. Don Pipkin will be giving a half-day seminar on Tuesday)

(note: all recommendations are for 11.0 and higher. Since 10.20 is obsolete, most of the new features will never be back ported)

As mentioned, get Bastille to use as a guided tour through the security steps. The man page for security is only located on 11i systems for right now and unfortunately, it is missing a number of new features which are documented only in the patch README files.

Convert to Trusted system to hide the password information, and setup strong password policies. SAM will do this for you. Look in the Auditing section of SAM.

Get sudo. Setup a root user group and discourage ALL sysadmins from ever logging in as root. In fact, with the security file, you can prevent su from running (even with the right password) unless the user is a member of a special group.

Remove all the classic (archaic) network services along with (usually) unnecessary services from inetd:
ntalkd
ident
daytime
time
echo
discard
chargen
kshell
klogin
dtspcd
rpc.ttdbserver
rpc.cmsd
recserv

NOTE: if you use Xwindows *and* use CDE as a desktop manager, then the services from dtspcd on down will have to remain.

Make sure umask is set in /etc/profile and /etc/csh.login. Fix the baad permissions in /usr/local with: find /usr/local -type d -exec chmod 755 {} \;

While you're at it, find bad permissions for all files and directories:

find / -perm 002 -exec ll {} \;

Anything with 666 or 777 is a big red flag saying: "My content is totally corrupted or will be very soon."

Install IDS/9000 (free download from software.hp.com) and configure the Intruder Detection System to monitor critical files, processes and changes.

(there's lots more, depends on how paranoid you want to be, but remember, everyone is out to get you) And finally, develop a security policy for each operating system you manage. This should include how to setup a standard build process, how to configure, detect and report security issues, and work with your company's HR or personnel department on standard business conduct concerning security.

you should be prepared to get a heck of a lot of replies to this... it is a huge topic... one recommendation is to get on some disrtibutions for security updates... my favorite is SANS:

http://www.sans.org/newlook/home.php

they have some really good mailing lists that post as soon as new issues are found. You will get a lot of things that do not apply, but combine this with the HP security notices and you will have a better chance of staying current as new issues surface.

http://us-support3.external.hp.com/digest/bin/doc.pl/sid=2dc3dcf61aef9746e1

SANS also has some good white papers that can help.. just search for HP security or Unix security. The big issues apply to all flavors of Unix (poor passwords, etc.)