HP UX Bastille Software manual Monitoring drift, Locating files

Page 17

IMPORTANT: When reverting to the configuration prior to the use of HP-UX Bastille, security configuration changes are undone temporarily. Other manual configuration changes or additional software installed after HP-UX Bastille was initially run might require a manual merge of configuration settings.

3.5 Monitoring drift

The bastille_drift program creates HP-UX Bastille configuration baselines and compares the current state of the system to a saved baseline. This enables the user to compare changes, if any, against a saved baseline.

NOTE: When first run successfully, HP-UX Bastille automatically saves a baseline in the default location /var/opt/sec_mgmt/bastille/baselines.

You can use HP-UX Bastille to monitor drift as follows:

To save a baseline:

#bastille_drift --save_baseline baseline

To compare the current state of the system to a saved baseline:

#bastille_drift --from_baseline baseline

Run the bastille_drift utility when new software or patches are installed to check for changes in the system. The bastille_drift utility also identifies system changes when swverify is run using -x fix=true or the -Foption for vendor-specific fix scripts.

For more information, see bastille_drift(1M).

3.6 Locating files

This section describes the location of important files.

The configuration file contains the answers to the most recently saved session.

/etc/opt/sec_mgmt/bastille/config

The error log contains any errors HP-UX Bastille encountered while making changes to the system.

/var/opt/sec_mgmt/bastille/log/error-log

The action log contains the specific steps that HP-UX Bastille performed when making changes to the system.

/var/opt/sec_mgmt/bastille/log/action-log

The TODO.txt file list contains the tasks the must be completed to ensure the system is secure.

/var/opt/sec_mgmt/bastille/TODO.txt

The revert-actionsscript is part of the revert feature. It returns the changed files to the state they were in before HP-UX Bastille was run.

/var/opt/sec_mgmt/bastille/revert/revert-actions

The TOREVERT.txt file contains the tasks that must be completed to finish reverting the machine to the state it was in before HP-UX Bastille was run.

/var/opt/sec_mgmt/bastille/TOREVERT.txt

The assessment reports are available as HTML, text, and a configuration file.

/var/opt/sec_mgmt/bastille/log/Assessment/assessment-report.html

/var/opt/sec_mgmt/bastille/log/Assessment/assessment-report.txt

/var/opt/sec_mgmt/bastille/log/Assessment/assessment-report-log.txt

3.5 Monitoring drift

17

Page 16 Page 18
Image 17
Page 16 Page 18
Contents HP-UX Bastille Version B.3.3 User Guide Trademark Acknowledgments Table of Contents Index HP-UX Bastille user interface Standard assessment report List of FiguresQuestion modules Security levels List of TablesAbout this product Features and benefitsSupport CompatibilityPerformance Installation Installing HP-UX BastilleInstallation requirements Page Creating a security configuration profile Using HP-UX Bastille1shows the main screen of the HP-UX Bastille user interface If the Path environment variable has not been updated, useAssessing a system Configuring a system Accepted standard configurations are detected Using scored reports Configuration for the corresponding question is not Is not always detected. HP-UX Bastille might not detect allScored assessment report # bastille -r RevertingFor more information, see bastilledrift1M Monitoring driftLocating files Var/opt/secmgmt/bastille/log/Assessment/Drift.txt If the file exists, complete the actions listed Removing HP-UX BastilleCheck for a TOREVERT.txt file Page Diagnostic tips TroubleshootingKnown issues and workarounds General use tipsErrors related to individual configuration files Problems opening, copying, or reading filesHP-UX Bastille configures a firewall using IPFilter Cannot use X because $DISPLAY is not setRelated information Support and other resourcesContacting HP Typographic conventions Supplement important points of the main text Or damage to hardware or softwareTo complete a task Page Choosing security levels Install-Time Security ITS using HP-UX BastilleEnable kernel-based stack execute protection Table A-3 Additional Sec20MngDMZ security settings1 Choosing security dependencies Selecting security levels during installationConfiguring Sec10Host level Configuring HP-UX Bastille for use with ServiceguardConfiguring Sec20MngDMZ or Sec30DMZ security levels Page Question modules AccountSecurity.hidepasswords AccountSecurity.guiloginAccountSecurity.crontabsfile AccountSecurity.cronuserAccountSecurity.NOLOGIN AccountSecurity.MINPASSWORDLENGTHAccountSecurity.NUMBEROFLOGINSALLOWED AccountSecurity.lockaccountnopasswdAccountSecurity.PASSWORDHISTORYDEPTH AccountSecurity.NUMBEROFLOGINSALLOWEDynAccountSecurity.PASSWORDHISTORYDEPTHyn AccountSecurity.PASSWORDMAXDAYSAccountSecurity.serialportlogin AccountSecurity.passwordpoliciesAccountSecurity.singleuserpassword AccountSecurity.restricthomeAccountSecurity.SUDEFAULTPATHyn AccountSecurity.SUDEFAULTPATHAccountSecurity.systemauditing AccountSecurity.umaskAccountSecurity.unownedfiles AccountSecurity.umaskynAccountSecurity.userdotfiles AccountSecurity.userrcfilesDNS.chrootbind Apache.chrootapacheApache.deactivatehpwsapache FTP.ftpusers FilePermissions.worldwriteableHPUX.ndd HPUX.mailconfigHPUX.guibanner HPUX.othertools HPUX.restrictswacls HPUX.screensavertimeoutHPUX.scanports HPUX.stackexecuteIPFilter.blockDNSquery HPUX.tcpisnIPFilter.blockcfservd IPFilter.blockhpidsagent IPFilter.blockhpidsadminYou are managing some remote Hids agents, answer no Hids does notIPFilter.blocknetrange Default 192.168.1.0/255.255.255.0 DescriptionIPFilter.blockping IPFilter.blockSecureShellIPFilter.configureipfilter IPFilter.blockwebadminIPFilter.blockwbem Otherwise, answer no to this questionPage MiscellaneousDaemons.diagnosticslocalonly IPFilter.installipfilterMiscellaneousDaemons.configuressh MiscellaneousDaemons.disableptydaemon MiscellaneousDaemons.disablebindMiscellaneousDaemons.disablepwgrd MiscellaneousDaemons.disablerbootdMiscellaneousDaemons.disablesmbserver MiscellaneousDaemons.disablesmbclientMiscellaneousDaemons.nfscore MiscellaneousDaemons.nobodysecurerpcMiscellaneousDaemons.sysloglocalonly MiscellaneousDaemons.xaccessOtherbootserv Patches.spccrontime Patches.spccronrunPatches.spcproxyyn Patches.spcrunSecureInetd.banners SecureInetd.deactivatebootpPrinting.printing SecureInetd.deactivatedttools SecureInetd.deactivatebuiltinSecureInetd.deactivatefinger SecureInetd.deactivateftpSecureInetd.deactivatektools SecureInetd.deactivateidentSecureInetd.deactivatentalk SecureInetd.deactivateprinterSecureInetd.deactivaterquotad SecureInetd.deactivaterecservSecureInetd.deactivatertools SecureInetd.deactivateswatSecureInetd.deactivatetime SecureInetd.deactivatetftpSecureInetd.deactivateuucp SecureInetd.ftploggingSecureInetd.inetdgeneral SecureInetd.loginetdSecureInetd.owner Sendmail.sendmailcronSendmail.vrfyexpn Sendmail.sendmaildaemonPage All.weight Sample weight filesSample weight file below aligns with the CIS standard CIS.weightCIS.weight Page CIS ID CIS mapping to HP-UX BastilleApache.deactivatehpwsapache AccountSecurity.lockaccountnopasswd Page Index
Top Page Image Contents