HPE Community
Operating System - HP-UX
1833323 Members
2779 Online
110051 Solutions
New Discussion

What is the security scan tool in HP-UX now?

 
SOLVED
Go to solution
longvictory_1
Frequent Advisor

‎05-04-2009 07:59 PM

‎05-04-2009 07:59 PM

What is the security scan tool in HP-UX now?

I ever used Medusa 6.0 to scan and generate analyze report. This software is not supported now.
Is there a new security scan software in HPUX11i v2 or v3?
0 Kudos
Reply
12 REPLIES 12
Dennis Handly
Acclaimed Contributor

‎05-04-2009 08:09 PM

‎05-04-2009 08:09 PM

Re: What is the security scan tool in HP-UX now?

There is bastille.
0 Kudos
Reply
longvictory_1
Frequent Advisor

‎05-04-2009 08:33 PM

‎05-04-2009 08:33 PM

Re: What is the security scan tool in HP-UX now?

Yes, bastille was installed on every V2,V3 system, but it is not a strong software.
Medusa will give me a summary report of different level of risks.

I need a strong tool to generate security report.
0 Kudos
Reply
smatador
Honored Contributor

‎05-04-2009 09:58 PM

‎05-04-2009 09:58 PM

Re: What is the security scan tool in HP-UX now?

Hi,
One year ago, I asked HP for medusa [ no more develop ] but in fact it seem that if you ask now HP a security report they should use symantec tools like ESM or bindview.

Reply
VK2COT
Honored Contributor

‎05-05-2009 12:22 AM

‎05-05-2009 12:22 AM

Solution

Re: What is the security scan tool in HP-UX now?

Hello,

a) BindView was acquired by Symantec,
so it is ESM only now.

b) And yes, Medusa is not maintained
any more.

c) Some of many other choices:

Nessus (www.nessus.org)
CIS Benchmark Tool (www.cisecurity.org)

In fact, I just submitted SUID and SGID
default listing for HP-UX 11.31 to CIS...

In essence, no matter what you use,
be aware that security is not a product but
a process. It never ends.

Cheers,

VK2COT
VK2COT - Dusan Baljevic
Reply
Suraj K Sankari
Honored Contributor

‎05-05-2009 01:56 AM

‎05-05-2009 01:56 AM

Re: What is the security scan tool in HP-UX now?

Hi,

Similar thread about Medusa Security System

http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1241517343246+28353475&threadId=910750

Suraj
Reply
Doug O'Leary
Honored Contributor

‎05-05-2009 06:12 AM

‎05-05-2009 06:12 AM

Re: What is the security scan tool in HP-UX now?

Hey;

I'm not sure if this is what you're looking for; however, HP has a software assistant that does security checking and patch analysis. Some info on it that I posted here previously can be found at:

http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1312453

HTH;

Doug O'Leary

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Reply
Basheer_2
Trusted Contributor

‎05-05-2009 10:15 PM

‎05-05-2009 10:15 PM

Re: What is the security scan tool in HP-UX now?

If you are looking for alternatives,
I use HP's SPC ( security patch check) and shc (system health check) besides bastille
Reply
Emil Velez
Honored Contributor

‎05-06-2009 07:41 AM

‎05-06-2009 07:41 AM

Re: What is the security scan tool in HP-UX now?

nessus

should be available from software.hp.com


Reply
Bob E Campbell
Honored Contributor

‎05-06-2009 09:18 AM

‎05-06-2009 09:18 AM

Re: What is the security scan tool in HP-UX now?

Security Patch Check (SPC) has been obsoleted. Users should move to the new Software Assistant (SWA) tool. See https://www.hp.com/go/swa for details.

Both of these tools are limited in scope with respect to security to checking for exposure to reported Security Bulletins. While handy, this does not include checks such as the root user not having a password set. You need to run SWA in conjunction with other tools.
Reply
Fred K. Abell Jr._1
Regular Advisor

‎05-15-2009 06:02 AM

‎05-15-2009 06:02 AM

Re: What is the security scan tool in HP-UX now?

VK2COT mentioned CIS. CIS has a scoring tool that will grade your system (get points for turning off telnet, loose points for having NFS). It is very good.

Nessus is good, but I would run it from a different machine. Make sure IPFilter is turned off on target when you run it.

A good list of items to try is located:
http://sectools.org/tools3.html

Regards,

Fred
Reply
VK2COT
Honored Contributor

‎05-15-2009 03:03 PM

‎05-15-2009 03:03 PM

Re: What is the security scan tool in HP-UX now?

Hello,

In fact, as part of my own Operations Acceptance Testing, I check
Bastille, Nessus, nmap, IPFilter,
and CIS Tool are installed, and if so,
what their status is.

Here is part of the report that CIS
tool created on a brand new HP-UX 11.31
March 2009 server that I just build,
in more or less default state, for
students (I am currently a Senior Instructor
at HP, teaching various Unix, Linux,
ServiceGuard, Data Protector, Network Node
Manager, and other courses):

CHECKING CENTER FOR INTERNET SECURITY BENCHMARK SCORING TOOL
____________________________________________________________
AUDIT-PASS: CIS benchmark toolkit installed

*****************************************************************************
******************* CIS Security Benchmark Checker v1.2.5 *******************
* *
* Lead Developer : Jay Beale *
* HP-UX Benchmark Coordinator : Chris Calabrese *
* Unix Benchmark Coordinator and Gadfly : Hal Pomeranz *
* *
* Copright 2001 - 2004 The Center for Internet Security www.cisecurity.org *
* *
* Please send feedback to hpux-scan@cisecurity.org. *
*****************************************************************************

Investigating system...this will take a few minutes...
ERROR: Couldn't open /opt/CIS/cis_ruler_world_writable_files_hp-ux_11.31 -- list
of standard world-writable files for HP-UX B.11.31 .
NOTE: If you can generate a standard list of world-writable files for this versi
on, please e-mail to jay@bastille-linux.org.

******

Now a final check for non-standard world-writable files, Set-UID and Set-GID
programs -- this can take a whole lot of time if you have a large filesystem.
Your score if there are no extra world-writable files or SUID/SGID programs
found will be 4.86 / 10.00 . If there are extra SUID/SGID programs or
world-writable files, your score could be as low as 4.43 / 10.00 .

You can hit CTRL-C at any time to stop at this remaining step.

The preliminary log can be found at: /var/opt/CIS/tester.logs/cis-most-recent-lo
g
******
Rating = 4.57 / 10.00

*****************************************************************************
To learn more about the results, do the following:

All results/diagnostics:
more /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:29.1075
Positive Results Only:
egrep "^Positive" /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:
29.1075
Negative Results Only:
egrep "^Negative" /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:
29.1075

For each item that you score or fail to score on, please reference the
corresponding item in the CIS Benchmark Document.

For additional instructions/support, please reference the CIS web page:
http://www.cisecurity.org

My script is at:

http://www.circlingcycle.com.au/Unix-sources/HP-UX-check-OAT.pl.txt

Best regards from windy Sydney in Australia,

VK2COT
VK2COT - Dusan Baljevic
Reply
longvictory_1
Frequent Advisor

‎05-17-2009 05:12 PM

‎05-17-2009 05:12 PM

Re: What is the security scan tool in HP-UX now?

Thanks a lot for all of you.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.