HP UX Bastille Software manual CIS.weight

Page 65

AccountSecurity.restrict_home=1

AccountSecurity.root_path=1

AccountSecurity.serial_port_login=1

AccountSecurity.system_auditing=1

AccountSecurity.umask=1

AccountSecurity.unowned_files=1

AccountSecurity.user_dot_files=1

AccountSecurity.user_rc_files=1

Apache.deactivate_hpws_apache=1

FTP.ftpbanner=1

FTP.ftpusers=1

HP_UX.gui_banner=1

HP_UX.ndd=1

HP_UX.screensaver_timeout=1

HP_UX.stack_execute=1

HP_UX.tcp_isn=1

MiscellaneousDaemons.configure_ssh=1

MiscellaneousDaemons.disable_bind=1

MiscellaneousDaemons.disable_ptydaemon=1

MiscellaneousDaemons.disable_rbootd=1

MiscellaneousDaemons.disable_smbclient=1

MiscellaneousDaemons.disable_smbserver=1

MiscellaneousDaemons.nfs_client=1

MiscellaneousDaemons.nfs_core=1

MiscellaneousDaemons.nfs_server=1

MiscellaneousDaemons.nis_client=1

MiscellaneousDaemons.nis_server=1

MiscellaneousDaemons.nisplus_client=1

MiscellaneousDaemons.nisplus_server=1

MiscellaneousDaemons.nobody_secure_rpc=1

MiscellaneousDaemons.other_boot_serv=1

MiscellaneousDaemons.snmpd=1

MiscellaneousDaemons.syslog_localonly=1

MiscellaneousDaemons.xaccess=1

Printing.printing=1

SecureInetd.banners=1

SecureInetd.deactivate_bootp=1

SecureInetd.deactivate_builtin=1

SecureInetd.deactivate_dttools=1

SecureInetd.deactivate_finger=1

SecureInetd.deactivate_ftp=1

SecureInetd.deactivate_ident=1

SecureInetd.deactivate_ktools=1

SecureInetd.deactivate_ntalk=1

SecureInetd.deactivate_printer=1

SecureInetd.deactivate_recserv=1

SecureInetd.deactivate_rquotad=1

SecureInetd.deactivate_rtools=1

SecureInetd.deactivate_telnet=1

SecureInetd.deactivate_tftp=1

SecureInetd.deactivate_time=1

SecureInetd.deactivate_uucp=1

SecureInetd.log_inetd=1

SecureInetd.owner=1

Sendmail.sendmailcron=1

Sendmail.sendmaildaemon=1

D.2 CIS.weight

65

Image 65
Contents HP-UX Bastille Version B.3.3 User Guide Trademark Acknowledgments Table of Contents Index HP-UX Bastille user interface Standard assessment report List of FiguresQuestion modules Security levels List of TablesAbout this product Features and benefitsSupport CompatibilityPerformance Installation Installing HP-UX BastilleInstallation requirements Page Creating a security configuration profile Using HP-UX Bastille1shows the main screen of the HP-UX Bastille user interface If the Path environment variable has not been updated, useAssessing a system Configuring a systemAccepted standard configurations are detected Using scored reportsConfiguration for the corresponding question is not Is not always detected. HP-UX Bastille might not detect allScored assessment report # bastille -r RevertingFor more information, see bastilledrift1M Monitoring driftLocating files Var/opt/secmgmt/bastille/log/Assessment/Drift.txt If the file exists, complete the actions listed Removing HP-UX BastilleCheck for a TOREVERT.txt file Page Diagnostic tips TroubleshootingKnown issues and workarounds General use tipsErrors related to individual configuration files Problems opening, copying, or reading filesHP-UX Bastille configures a firewall using IPFilter Cannot use X because $DISPLAY is not setRelated information Support and other resourcesContacting HP Typographic conventions Supplement important points of the main text Or damage to hardware or softwareTo complete a task Page Choosing security levels Install-Time Security ITS using HP-UX BastilleEnable kernel-based stack execute protection Table A-3 Additional Sec20MngDMZ security settings1 Choosing security dependencies Selecting security levels during installationConfiguring Sec10Host level Configuring HP-UX Bastille for use with ServiceguardConfiguring Sec20MngDMZ or Sec30DMZ security levels Page Question modules AccountSecurity.hidepasswords AccountSecurity.guiloginAccountSecurity.crontabsfile AccountSecurity.cronuserAccountSecurity.NOLOGIN AccountSecurity.MINPASSWORDLENGTHAccountSecurity.NUMBEROFLOGINSALLOWED AccountSecurity.lockaccountnopasswdAccountSecurity.PASSWORDHISTORYDEPTH AccountSecurity.NUMBEROFLOGINSALLOWEDynAccountSecurity.PASSWORDHISTORYDEPTHyn AccountSecurity.PASSWORDMAXDAYSAccountSecurity.serialportlogin AccountSecurity.passwordpoliciesAccountSecurity.singleuserpassword AccountSecurity.restricthomeAccountSecurity.SUDEFAULTPATHyn AccountSecurity.SUDEFAULTPATHAccountSecurity.systemauditing AccountSecurity.umaskAccountSecurity.unownedfiles AccountSecurity.umaskynAccountSecurity.userdotfiles AccountSecurity.userrcfilesDNS.chrootbind Apache.chrootapacheApache.deactivatehpwsapache FTP.ftpusers FilePermissions.worldwriteableHPUX.ndd HPUX.mailconfigHPUX.guibanner HPUX.othertools HPUX.restrictswacls HPUX.screensavertimeoutHPUX.scanports HPUX.stackexecuteIPFilter.blockDNSquery HPUX.tcpisnIPFilter.blockcfservd IPFilter.blockhpidsagent IPFilter.blockhpidsadminYou are managing some remote Hids agents, answer no Hids does notIPFilter.blocknetrange Default 192.168.1.0/255.255.255.0 DescriptionIPFilter.blockping IPFilter.blockSecureShellIPFilter.configureipfilter IPFilter.blockwebadminIPFilter.blockwbem Otherwise, answer no to this questionPage MiscellaneousDaemons.diagnosticslocalonly IPFilter.installipfilterMiscellaneousDaemons.configuressh MiscellaneousDaemons.disableptydaemon MiscellaneousDaemons.disablebindMiscellaneousDaemons.disablepwgrd MiscellaneousDaemons.disablerbootdMiscellaneousDaemons.disablesmbserver MiscellaneousDaemons.disablesmbclientMiscellaneousDaemons.nfscore MiscellaneousDaemons.nobodysecurerpcMiscellaneousDaemons.sysloglocalonly MiscellaneousDaemons.xaccessOtherbootserv Patches.spccrontime Patches.spccronrunPatches.spcproxyyn Patches.spcrunSecureInetd.banners SecureInetd.deactivatebootpPrinting.printing SecureInetd.deactivatedttools SecureInetd.deactivatebuiltinSecureInetd.deactivatefinger SecureInetd.deactivateftpSecureInetd.deactivatektools SecureInetd.deactivateidentSecureInetd.deactivatentalk SecureInetd.deactivateprinterSecureInetd.deactivaterquotad SecureInetd.deactivaterecservSecureInetd.deactivatertools SecureInetd.deactivateswatSecureInetd.deactivatetime SecureInetd.deactivatetftpSecureInetd.deactivateuucp SecureInetd.ftploggingSecureInetd.inetdgeneral SecureInetd.loginetdSecureInetd.owner Sendmail.sendmailcronSendmail.vrfyexpn Sendmail.sendmaildaemonPage All.weight Sample weight filesSample weight file below aligns with the CIS standard CIS.weightCIS.weight Page CIS ID CIS mapping to HP-UX BastilleApache.deactivatehpwsapache AccountSecurity.lockaccountnopasswd Page Index