- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- What is the security scan tool in HP-UX now?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2009 07:59 PM
05-04-2009 07:59 PM
Is there a new security scan software in HPUX11i v2 or v3?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2009 08:09 PM
05-04-2009 08:09 PM
Re: What is the security scan tool in HP-UX now?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2009 08:33 PM
05-04-2009 08:33 PM
Re: What is the security scan tool in HP-UX now?
Medusa will give me a summary report of different level of risks.
I need a strong tool to generate security report.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-04-2009 09:58 PM
05-04-2009 09:58 PM
Re: What is the security scan tool in HP-UX now?
One year ago, I asked HP for medusa [ no more develop ] but in fact it seem that if you ask now HP a security report they should use symantec tools like ESM or bindview.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2009 12:22 AM
05-05-2009 12:22 AM
Solutiona) BindView was acquired by Symantec,
so it is ESM only now.
b) And yes, Medusa is not maintained
any more.
c) Some of many other choices:
Nessus (www.nessus.org)
CIS Benchmark Tool (www.cisecurity.org)
In fact, I just submitted SUID and SGID
default listing for HP-UX 11.31 to CIS...
In essence, no matter what you use,
be aware that security is not a product but
a process. It never ends.
Cheers,
VK2COT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2009 01:56 AM
05-05-2009 01:56 AM
Re: What is the security scan tool in HP-UX now?
Similar thread about Medusa Security System
http://forums13.itrc.hp.com/service/forums/questionanswer.do?admit=109447627+1241517343246+28353475&threadId=910750
Suraj
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2009 06:12 AM
05-05-2009 06:12 AM
Re: What is the security scan tool in HP-UX now?
I'm not sure if this is what you're looking for; however, HP has a software assistant that does security checking and patch analysis. Some info on it that I posted here previously can be found at:
http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1312453
HTH;
Doug O'Leary
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2009 10:15 PM
05-05-2009 10:15 PM
Re: What is the security scan tool in HP-UX now?
I use HP's SPC ( security patch check) and shc (system health check) besides bastille
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2009 07:41 AM
05-06-2009 07:41 AM
Re: What is the security scan tool in HP-UX now?
should be available from software.hp.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2009 09:18 AM
05-06-2009 09:18 AM
Re: What is the security scan tool in HP-UX now?
Both of these tools are limited in scope with respect to security to checking for exposure to reported Security Bulletins. While handy, this does not include checks such as the root user not having a password set. You need to run SWA in conjunction with other tools.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2009 06:02 AM
05-15-2009 06:02 AM
Re: What is the security scan tool in HP-UX now?
Nessus is good, but I would run it from a different machine. Make sure IPFilter is turned off on target when you run it.
A good list of items to try is located:
http://sectools.org/tools3.html
Regards,
Fred
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2009 03:03 PM
05-15-2009 03:03 PM
Re: What is the security scan tool in HP-UX now?
In fact, as part of my own Operations Acceptance Testing, I check
Bastille, Nessus, nmap, IPFilter,
and CIS Tool are installed, and if so,
what their status is.
Here is part of the report that CIS
tool created on a brand new HP-UX 11.31
March 2009 server that I just build,
in more or less default state, for
students (I am currently a Senior Instructor
at HP, teaching various Unix, Linux,
ServiceGuard, Data Protector, Network Node
Manager, and other courses):
CHECKING CENTER FOR INTERNET SECURITY BENCHMARK SCORING TOOL
____________________________________________________________
AUDIT-PASS: CIS benchmark toolkit installed
*****************************************************************************
******************* CIS Security Benchmark Checker v1.2.5 *******************
* *
* Lead Developer : Jay Beale *
* HP-UX Benchmark Coordinator : Chris Calabrese *
* Unix Benchmark Coordinator and Gadfly : Hal Pomeranz *
* *
* Copright 2001 - 2004 The Center for Internet Security www.cisecurity.org *
* *
* Please send feedback to hpux-scan@cisecurity.org. *
*****************************************************************************
Investigating system...this will take a few minutes...
ERROR: Couldn't open /opt/CIS/cis_ruler_world_writable_files_hp-ux_11.31 -- list
of standard world-writable files for HP-UX B.11.31 .
NOTE: If you can generate a standard list of world-writable files for this versi
on, please e-mail to jay@bastille-linux.org.
******
Now a final check for non-standard world-writable files, Set-UID and Set-GID
programs -- this can take a whole lot of time if you have a large filesystem.
Your score if there are no extra world-writable files or SUID/SGID programs
found will be 4.86 / 10.00 . If there are extra SUID/SGID programs or
world-writable files, your score could be as low as 4.43 / 10.00 .
You can hit CTRL-C at any time to stop at this remaining step.
The preliminary log can be found at: /var/opt/CIS/tester.logs/cis-most-recent-lo
g
******
Rating = 4.57 / 10.00
*****************************************************************************
To learn more about the results, do the following:
All results/diagnostics:
more /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:29.1075
Positive Results Only:
egrep "^Positive" /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:
29.1075
Negative Results Only:
egrep "^Negative" /var/opt/CIS/tester.logs/cis-ruler-log.20090512-09:13:
29.1075
For each item that you score or fail to score on, please reference the
corresponding item in the CIS Benchmark Document.
For additional instructions/support, please reference the CIS web page:
http://www.cisecurity.org
My script is at:
http://www.circlingcycle.com.au/Unix-sources/HP-UX-check-OAT.pl.txt
Best regards from windy Sydney in Australia,
VK2COT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-17-2009 05:12 PM
05-17-2009 05:12 PM