HP UX Bastille Software manual Sample weight files, All.weight

Page 63

D Sample weight files

D.1 all.weight

The weight file below is located in /etc/opt/sec_mgmt/bastille/configs/defaults. This template file contains all possible HP-UX question items as selected.

AccountSecurity.ABORT_LOGIN_ON_MISSING_HOMEDIR=1

AccountSecurity.AUTH_MAXTRIES=1

AccountSecurity.MIN_PASSWORD_LENGTH=1

AccountSecurity.NOLOGIN=1

AccountSecurity.NUMBER_OF_LOGINS_ALLOWED=1

AccountSecurity.PASSWORD_HISTORY_DEPTH=1

AccountSecurity.PASSWORD_MAXDAYS=1

AccountSecurity.PASSWORD_MINDAYS=1

AccountSecurity.PASSWORD_WARNDAYS=1

AccountSecurity.SU_DEFAULT_PATH=1

AccountSecurity.atuser=1

AccountSecurity.block_system_accounts=1

AccountSecurity.create_securetty=1

AccountSecurity.crontabs_file=1

AccountSecurity.cronuser=1

AccountSecurity.gui_login=1

AccountSecurity.hidepasswords=1

AccountSecurity.lock_account_nopasswd=1

AccountSecurity.mesgn=1

AccountSecurity.restrict_home=1

AccountSecurity.root_path=1

AccountSecurity.serial_port_login=1

AccountSecurity.single_user_password=1

AccountSecurity.system_auditing=1

AccountSecurity.umask=1

AccountSecurity.unowned_files=1

AccountSecurity.user_dot_files=1

AccountSecurity.user_rc_files=1

Apache.chrootapache=1

Apache.deactivate_hpws_apache=1

DNS.chrootbind=1

FTP.ftpbanner=1

FTP.ftpusers=1

FilePermissions.world_writeable=1

HP_UX.gui_banner=1

HP_UX.mail_config=1

HP_UX.ndd=1

HP_UX.other_tools=1

HP_UX.restrict_swacls=1

HP_UX.scan_ports=1

HP_UX.screensaver_timeout=1

HP_UX.stack_execute=1

HP_UX.tcp_isn=1

IPFilter.block_DNSquery=1

IPFilter.block_SecureShell=1

IPFilter.block_cfservd=1

IPFilter.block_hpidsadmin=1

IPFilter.block_hpidsagent=1

IPFilter.block_netrange=1

IPFilter.block_ping=1

IPFilter.block_wbem=1

IPFilter.block_webadmin=1

IPFilter.configure_ipfilter=1

IPFilter.install_ipfilter=1

MiscellaneousDaemons.configure_ssh=1

MiscellaneousDaemons.diagnostics_localonly=1

D.1 all.weight

63

Image 63

Contents HP-UX Bastille Version B.3.3 User Guide Trademark Acknowledgments Table of Contents Index HP-UX Bastille user interface Standard assessment report List of FiguresQuestion modules Security levels List of TablesAbout this product Features and benefitsCompatibility PerformanceSupport Installing HP-UX Bastille Installation requirementsInstallation Page Creating a security configuration profile Using HP-UX Bastille1shows the main screen of the HP-UX Bastille user interface If the Path environment variable has not been updated, useAssessing a system Configuring a systemIs not always detected. HP-UX Bastille might not detect all Using scored reportsAccepted standard configurations are detected Configuration for the corresponding question is notScored assessment report # bastille -r RevertingMonitoring drift Locating filesFor more information, see bastilledrift1M Var/opt/secmgmt/bastille/log/Assessment/Drift.txt Removing HP-UX Bastille Check for a TOREVERT.txt fileIf the file exists, complete the actions listed Page General use tips TroubleshootingDiagnostic tips Known issues and workaroundsCannot use X because $DISPLAY is not set Problems opening, copying, or reading filesErrors related to individual configuration files HP-UX Bastille configures a firewall using IPFilterSupport and other resources Contacting HPRelated information Typographic conventions Or damage to hardware or software To complete a taskSupplement important points of the main text Page Choosing security levels Install-Time Security ITS using HP-UX BastilleEnable kernel-based stack execute protection Table A-3 Additional Sec20MngDMZ security settings1 Choosing security dependencies Selecting security levels during installationConfiguring HP-UX Bastille for use with Serviceguard Configuring Sec20MngDMZ or Sec30DMZ security levelsConfiguring Sec10Host level Page Question modules AccountSecurity.cronuser AccountSecurity.guiloginAccountSecurity.hidepasswords AccountSecurity.crontabsfileAccountSecurity.lockaccountnopasswd AccountSecurity.MINPASSWORDLENGTHAccountSecurity.NOLOGIN AccountSecurity.NUMBEROFLOGINSALLOWEDAccountSecurity.PASSWORDMAXDAYS AccountSecurity.NUMBEROFLOGINSALLOWEDynAccountSecurity.PASSWORDHISTORYDEPTH AccountSecurity.PASSWORDHISTORYDEPTHynAccountSecurity.restricthome AccountSecurity.passwordpoliciesAccountSecurity.serialportlogin AccountSecurity.singleuserpasswordAccountSecurity.umask AccountSecurity.SUDEFAULTPATHAccountSecurity.SUDEFAULTPATHyn AccountSecurity.systemauditingAccountSecurity.userrcfiles AccountSecurity.umaskynAccountSecurity.unownedfiles AccountSecurity.userdotfilesApache.chrootapache Apache.deactivatehpwsapacheDNS.chrootbind FTP.ftpusers FilePermissions.worldwriteableHPUX.mailconfig HPUX.guibannerHPUX.ndd HPUX.othertools HPUX.stackexecute HPUX.screensavertimeoutHPUX.restrictswacls HPUX.scanportsHPUX.tcpisn IPFilter.blockcfservdIPFilter.blockDNSquery Hids does not IPFilter.blockhpidsadminIPFilter.blockhpidsagent You are managing some remote Hids agents, answer noIPFilter.blockSecureShell Default 192.168.1.0/255.255.255.0 DescriptionIPFilter.blocknetrange IPFilter.blockpingOtherwise, answer no to this question IPFilter.blockwebadminIPFilter.configureipfilter IPFilter.blockwbemPage IPFilter.installipfilter MiscellaneousDaemons.configuresshMiscellaneousDaemons.diagnosticslocalonly MiscellaneousDaemons.disablerbootd MiscellaneousDaemons.disablebindMiscellaneousDaemons.disableptydaemon MiscellaneousDaemons.disablepwgrdMiscellaneousDaemons.nobodysecurerpc MiscellaneousDaemons.disablesmbclientMiscellaneousDaemons.disablesmbserver MiscellaneousDaemons.nfscoreMiscellaneousDaemons.xaccess OtherbootservMiscellaneousDaemons.sysloglocalonly Patches.spcrun Patches.spccronrunPatches.spccrontime Patches.spcproxyynSecureInetd.deactivatebootp Printing.printingSecureInetd.banners SecureInetd.deactivateftp SecureInetd.deactivatebuiltinSecureInetd.deactivatedttools SecureInetd.deactivatefingerSecureInetd.deactivateprinter SecureInetd.deactivateidentSecureInetd.deactivatektools SecureInetd.deactivatentalkSecureInetd.deactivateswat SecureInetd.deactivaterecservSecureInetd.deactivaterquotad SecureInetd.deactivatertoolsSecureInetd.ftplogging SecureInetd.deactivatetftpSecureInetd.deactivatetime SecureInetd.deactivateuucpSendmail.sendmailcron SecureInetd.loginetdSecureInetd.inetdgeneral SecureInetd.ownerSendmail.vrfyexpn Sendmail.sendmaildaemonPage All.weight Sample weight filesSample weight file below aligns with the CIS standard CIS.weightCIS.weight Page CIS ID CIS mapping to HP-UX BastilleApache.deactivatehpwsapache AccountSecurity.lockaccountnopasswd Page Index