HP UX Bastille Software Cannot use X because $DISPLAY is not set, System is in original state

Page 22

5.3.2 Cannot use X because $DISPLAY is not set

You request the X interface, but the $DISPLAY environment variable is not set. Set the environment variable to the desired display to correct the problem.

5.3.3 System is in original state

You attempt to revert changes with the -roption, but there are no changes to revert.

5.3.4 HP-UX Bastille must be run as root

HP-UX Bastille must be run as the root user because the changes affect system files.

5.3.5 Problems opening, copying, or reading files

Error messages citing problems performing these operations are usually related to NFS file systems that do not trust the root user on the local machine. Consult the options section in the fstab(4) manpage for details.

5.3.6 Errors related to individual configuration files

Errors about individual configuration files indicate:

•That a system is too heavily modified for HP-UX Bastille to make effective changes.

•That the files, locations, or permissions of the HP-UX Bastille installation directories have been changed.

5.3.7HP Secure Shell locks you out of your system immediately when passwords

expire

You might need PAM patch: PHCO_24839 (HP-UX 11.11) available at the HP IT Resource Center:

https://www2.itrc.hp.com/service/patch/mainPage.do

5.3.8 HP-UX Bastille configures a firewall using IPFilter

The most common conflicts are with firewalls. When a network service is not working, and it is not turned off by HP-UX Bastille, verify the firewall rules pass the ports needed. For more information, see ipfstat(8) and ipmon(8).

5.3.9 Security Patch Check

Security Patch Check is being deprecated in favor of SWA.

5.3.10 Rerun HP-UX Bastille after installing new software or applying new patches

Installing new software or applying new patches might change the system state. On HP-UX, if vendor-specific fix scripts are run with swverify using either the -x fix=true option or the -Foption, then rerun HP-UX Bastille.

22 Troubleshooting

Image 22

Contents HP-UX Bastille Version B.3.3 User Guide Trademark Acknowledgments Table of Contents Index List of Figures HP-UX Bastille user interface Standard assessment reportList of Tables Question modules Security levelsFeatures and benefits About this productPerformance CompatibilitySupport Installation requirements Installing HP-UX BastilleInstallation Page Using HP-UX Bastille Creating a security configuration profileIf the Path environment variable has not been updated, use 1shows the main screen of the HP-UX Bastille user interfaceConfiguring a system Assessing a systemConfiguration for the corresponding question is not Using scored reportsAccepted standard configurations are detected Is not always detected. HP-UX Bastille might not detect allScored assessment report Reverting # bastille -rLocating files Monitoring driftFor more information, see bastilledrift1M Var/opt/secmgmt/bastille/log/Assessment/Drift.txt Check for a TOREVERT.txt file Removing HP-UX Bastille If the file exists, complete the actions listed Page Known issues and workarounds TroubleshootingDiagnostic tips General use tipsHP-UX Bastille configures a firewall using IPFilter Problems opening, copying, or reading filesErrors related to individual configuration files Cannot use X because $DISPLAY is not setContacting HP Support and other resourcesRelated information Typographic conventions To complete a task Or damage to hardware or softwareSupplement important points of the main text Page Install-Time Security ITS using HP-UX Bastille Choosing security levelsEnable kernel-based stack execute protection Table A-3 Additional Sec20MngDMZ security settings1 Selecting security levels during installation Choosing security dependenciesConfiguring Sec20MngDMZ or Sec30DMZ security levels Configuring HP-UX Bastille for use with ServiceguardConfiguring Sec10Host level Page Question modules AccountSecurity.crontabsfile AccountSecurity.guiloginAccountSecurity.hidepasswords AccountSecurity.cronuserAccountSecurity.NUMBEROFLOGINSALLOWED AccountSecurity.MINPASSWORDLENGTHAccountSecurity.NOLOGIN AccountSecurity.lockaccountnopasswdAccountSecurity.PASSWORDHISTORYDEPTHyn AccountSecurity.NUMBEROFLOGINSALLOWEDynAccountSecurity.PASSWORDHISTORYDEPTH AccountSecurity.PASSWORDMAXDAYSAccountSecurity.singleuserpassword AccountSecurity.passwordpoliciesAccountSecurity.serialportlogin AccountSecurity.restricthomeAccountSecurity.systemauditing AccountSecurity.SUDEFAULTPATHAccountSecurity.SUDEFAULTPATHyn AccountSecurity.umaskAccountSecurity.userdotfiles AccountSecurity.umaskynAccountSecurity.unownedfiles AccountSecurity.userrcfilesApache.deactivatehpwsapache Apache.chrootapacheDNS.chrootbind FilePermissions.worldwriteable FTP.ftpusersHPUX.guibanner HPUX.mailconfigHPUX.ndd HPUX.othertools HPUX.scanports HPUX.screensavertimeoutHPUX.restrictswacls HPUX.stackexecuteIPFilter.blockcfservd HPUX.tcpisnIPFilter.blockDNSquery You are managing some remote Hids agents, answer no IPFilter.blockhpidsadminIPFilter.blockhpidsagent Hids does notIPFilter.blockping Default 192.168.1.0/255.255.255.0 DescriptionIPFilter.blocknetrange IPFilter.blockSecureShellIPFilter.blockwbem IPFilter.blockwebadminIPFilter.configureipfilter Otherwise, answer no to this questionPage MiscellaneousDaemons.configuressh IPFilter.installipfilterMiscellaneousDaemons.diagnosticslocalonly MiscellaneousDaemons.disablepwgrd MiscellaneousDaemons.disablebindMiscellaneousDaemons.disableptydaemon MiscellaneousDaemons.disablerbootdMiscellaneousDaemons.nfscore MiscellaneousDaemons.disablesmbclientMiscellaneousDaemons.disablesmbserver MiscellaneousDaemons.nobodysecurerpcOtherbootserv MiscellaneousDaemons.xaccessMiscellaneousDaemons.sysloglocalonly Patches.spcproxyyn Patches.spccronrunPatches.spccrontime Patches.spcrunPrinting.printing SecureInetd.deactivatebootpSecureInetd.banners SecureInetd.deactivatefinger SecureInetd.deactivatebuiltinSecureInetd.deactivatedttools SecureInetd.deactivateftpSecureInetd.deactivatentalk SecureInetd.deactivateidentSecureInetd.deactivatektools SecureInetd.deactivateprinterSecureInetd.deactivatertools SecureInetd.deactivaterecservSecureInetd.deactivaterquotad SecureInetd.deactivateswatSecureInetd.deactivateuucp SecureInetd.deactivatetftpSecureInetd.deactivatetime SecureInetd.ftploggingSecureInetd.owner SecureInetd.loginetdSecureInetd.inetdgeneral Sendmail.sendmailcronSendmail.sendmaildaemon Sendmail.vrfyexpnPage Sample weight files All.weightCIS.weight Sample weight file below aligns with the CIS standardCIS.weight Page CIS mapping to HP-UX Bastille CIS IDApache.deactivatehpwsapache AccountSecurity.lockaccountnopasswd Page Index