HPE Community
Operating System - HP-UX
1832251 Members
2774 Online
110041 Solutions
New Discussion

Re: what should i do to make sure boxes' security

 
SOLVED
Go to solution
thebeatlesguru
Regular Advisor

‎03-13-2002 12:44 AM

‎03-13-2002 12:44 AM

what should i do to make sure boxes' security

which files in box should config to make sure security,and can you give me some examples ?
hihi
0 Kudos
Reply
6 REPLIES 6
Bill McNAMARA_1
Honored Contributor

‎03-13-2002 12:50 AM

‎03-13-2002 12:50 AM

Solution

Re: what should i do to make sure boxes' security

I'd start by searching for
Bastion Firewall in the forums.

There is a doc that describes this process.

Then get the security patch check from software.hp.com and change permissions according to it's report.

Then apply a password at the BCH level.

Then lock the server with key.

Then Lock the server into a secure room (keycoded)

Then change the root password (and all other users passwords) every week.

Later,
Bill
It works for me (tm)
Reply
Peter Kloetgen
Esteemed Contributor

‎03-13-2002 12:59 AM

‎03-13-2002 12:59 AM

Re: what should i do to make sure boxes' security

Hi Thebeatlesguru,

very important are some of the following steps:

- take care, that you have the newest Patches installed which have level "Security".
- take care you have properly set permissions for system critical files like /etc/passwd (444)
- take care you have a "good" root- password, which you change periodically
- if necessary, implement password restrictions for your users also ( password aging, history and so on )
- take care, that NOBODY is able to get physically to your servers who does not need to! ( mashine guns and mines help here... )
- disable remote root- connections, allow only for your needs a local switch-user to root ( su - )
- don't connect with telnet as root, use tools like Reflection X or Hummingbird exceed, which use data encryption!

If you did these steps, a lot of the security problems are no longer existant.

Allways stay on the bright side of life!

Peter
I'm learning here as well as helping
Reply
Animesh Chakraborty
Honored Contributor

‎03-13-2002 12:59 AM

‎03-13-2002 12:59 AM

Re: what should i do to make sure boxes' security

Hi,
You can convert your systems in trusted mode.
Go to SAM to convert the system into trusted mode.
Did you take a backup?
Reply
K.Vijayaragavan.
Respected Contributor

‎03-13-2002 01:23 AM

‎03-13-2002 01:23 AM

Re: what should i do to make sure boxes' security

Hi guru,

some of the files which needs confiuration and proper permission set to ensure security are as follows,

1)/etc/securetty
2)/etc/ftpaccess
3)/var/adm/inetd.sec
4)/tcb/files/auth
5)/etc/dt/config/Xaccess
6)/etc/exports
7).rhosts
8)/etc/shutdown.allow
9)/var/adm/cron/at.allow
10)/var/adm/cron/cron.allow
11)/etc/hosts.equiv
12)/etc/inetd.conf
12)/etc/hosts
13)/etc/passwd

-Vijay
"Let us fine tune our knowledge together"
Reply
Roger Baptiste
Honored Contributor

‎03-13-2002 01:39 AM

‎03-13-2002 01:39 AM

Re: what should i do to make sure boxes' security

Hi,

this document is a good starting point

http://people.hp.se/stevesk/bastion10.html

HTH
raj
Take it easy.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.