HP
UX Bastille Software
manual
Troubleshooting
Install
Password
AccountSecurity.SUDEFAULTPATH
Login
IPFilter.blockhpidsadmin
Configuring a system
MiscellaneousDaemons.xaccess
HPUX.screensavertimeout
Weight
Page 72
Page 71
Page 72
Image 72
Page 71
Page 72
Contents
HP-UX Bastille Version B.3.3 User Guide
Trademark Acknowledgments
Table of Contents
Index
List of Figures
HP-UX Bastille user interface Standard assessment report
List of Tables
Question modules Security levels
Features and benefits
About this product
Compatibility
Performance
Support
Installing HP-UX Bastille
Installation requirements
Installation
Page
Using HP-UX Bastille
Creating a security configuration profile
If the Path environment variable has not been updated, use
1shows the main screen of the HP-UX Bastille user interface
Configuring a system
Assessing a system
Using scored reports
Accepted standard configurations are detected
Configuration for the corresponding question is not
Is not always detected. HP-UX Bastille might not detect all
Scored assessment report
Reverting
# bastille -r
Monitoring drift
Locating files
For more information, see bastilledrift1M
Var/opt/secmgmt/bastille/log/Assessment/Drift.txt
Removing HP-UX Bastille
Check for a TOREVERT.txt file
If the file exists, complete the actions listed
Page
Troubleshooting
Diagnostic tips
Known issues and workarounds
General use tips
Problems opening, copying, or reading files
Errors related to individual configuration files
HP-UX Bastille configures a firewall using IPFilter
Cannot use X because $DISPLAY is not set
Support and other resources
Contacting HP
Related information
Typographic conventions
Or damage to hardware or software
To complete a task
Supplement important points of the main text
Page
Install-Time Security ITS using HP-UX Bastille
Choosing security levels
Enable kernel-based stack execute protection
Table A-3 Additional Sec20MngDMZ security settings1
Selecting security levels during installation
Choosing security dependencies
Configuring HP-UX Bastille for use with Serviceguard
Configuring Sec20MngDMZ or Sec30DMZ security levels
Configuring Sec10Host level
Page
Question modules
AccountSecurity.guilogin
AccountSecurity.hidepasswords
AccountSecurity.crontabsfile
AccountSecurity.cronuser
AccountSecurity.MINPASSWORDLENGTH
AccountSecurity.NOLOGIN
AccountSecurity.NUMBEROFLOGINSALLOWED
AccountSecurity.lockaccountnopasswd
AccountSecurity.NUMBEROFLOGINSALLOWEDyn
AccountSecurity.PASSWORDHISTORYDEPTH
AccountSecurity.PASSWORDHISTORYDEPTHyn
AccountSecurity.PASSWORDMAXDAYS
AccountSecurity.passwordpolicies
AccountSecurity.serialportlogin
AccountSecurity.singleuserpassword
AccountSecurity.restricthome
AccountSecurity.SUDEFAULTPATH
AccountSecurity.SUDEFAULTPATHyn
AccountSecurity.systemauditing
AccountSecurity.umask
AccountSecurity.umaskyn
AccountSecurity.unownedfiles
AccountSecurity.userdotfiles
AccountSecurity.userrcfiles
Apache.chrootapache
Apache.deactivatehpwsapache
DNS.chrootbind
FilePermissions.worldwriteable
FTP.ftpusers
HPUX.mailconfig
HPUX.guibanner
HPUX.ndd
HPUX.othertools
HPUX.screensavertimeout
HPUX.restrictswacls
HPUX.scanports
HPUX.stackexecute
HPUX.tcpisn
IPFilter.blockcfservd
IPFilter.blockDNSquery
IPFilter.blockhpidsadmin
IPFilter.blockhpidsagent
You are managing some remote Hids agents, answer no
Hids does not
Default 192.168.1.0/255.255.255.0 Description
IPFilter.blocknetrange
IPFilter.blockping
IPFilter.blockSecureShell
IPFilter.blockwebadmin
IPFilter.configureipfilter
IPFilter.blockwbem
Otherwise, answer no to this question
Page
IPFilter.installipfilter
MiscellaneousDaemons.configuressh
MiscellaneousDaemons.diagnosticslocalonly
MiscellaneousDaemons.disablebind
MiscellaneousDaemons.disableptydaemon
MiscellaneousDaemons.disablepwgrd
MiscellaneousDaemons.disablerbootd
MiscellaneousDaemons.disablesmbclient
MiscellaneousDaemons.disablesmbserver
MiscellaneousDaemons.nfscore
MiscellaneousDaemons.nobodysecurerpc
MiscellaneousDaemons.xaccess
Otherbootserv
MiscellaneousDaemons.sysloglocalonly
Patches.spccronrun
Patches.spccrontime
Patches.spcproxyyn
Patches.spcrun
SecureInetd.deactivatebootp
Printing.printing
SecureInetd.banners
SecureInetd.deactivatebuiltin
SecureInetd.deactivatedttools
SecureInetd.deactivatefinger
SecureInetd.deactivateftp
SecureInetd.deactivateident
SecureInetd.deactivatektools
SecureInetd.deactivatentalk
SecureInetd.deactivateprinter
SecureInetd.deactivaterecserv
SecureInetd.deactivaterquotad
SecureInetd.deactivatertools
SecureInetd.deactivateswat
SecureInetd.deactivatetftp
SecureInetd.deactivatetime
SecureInetd.deactivateuucp
SecureInetd.ftplogging
SecureInetd.loginetd
SecureInetd.inetdgeneral
SecureInetd.owner
Sendmail.sendmailcron
Sendmail.sendmaildaemon
Sendmail.vrfyexpn
Page
Sample weight files
All.weight
CIS.weight
Sample weight file below aligns with the CIS standard
CIS.weight
Page
CIS mapping to HP-UX Bastille
CIS ID
Apache.deactivatehpwsapache
AccountSecurity.lockaccountnopasswd
Page
Index
Top
Page
Image
Contents
