IMPORTANT: When reverting to the configuration prior to the use of HP-UX Bastille, security configuration changes are undone temporarily. Other manual configuration changes or additional software installed after HP-UX Bastille was initially run might require a manual merge of configuration settings.
3.5 Monitoring drift
The bastille_drift program creates HP-UX Bastille configuration baselines and compares the current state of the system to a saved baseline. This enables the user to compare changes, if any, against a saved baseline.
NOTE: When first run successfully, HP-UX Bastille automatically saves a baseline in the default location /var/opt/sec_mgmt/bastille/baselines.
You can use HP-UX Bastille to monitor drift as follows:
•To save a baseline:
#bastille_drift --save_baseline baseline
•To compare the current state of the system to a saved baseline:
#bastille_drift --from_baseline baseline
Run the bastille_drift utility when new software or patches are installed to check for changes in the system. The bastille_drift utility also identifies system changes when swverify is run using -x fix=true or the -Foption for vendor-specific fix scripts.
For more information, see bastille_drift(1M).
3.6 Locating files
This section describes the location of important files.
The configuration file contains the answers to the most recently saved session.
/etc/opt/sec_mgmt/bastille/config
The error log contains any errors HP-UX Bastille encountered while making changes to the system.
/var/opt/sec_mgmt/bastille/log/error-log
The action log contains the specific steps that HP-UX Bastille performed when making changes to the system.
/var/opt/sec_mgmt/bastille/log/action-log
The TODO.txt file list contains the tasks the must be completed to ensure the system is secure.
/var/opt/sec_mgmt/bastille/TODO.txt
The revert-actionsscript is part of the revert feature. It returns the changed files to the state they were in before HP-UX Bastille was run.
/var/opt/sec_mgmt/bastille/revert/revert-actions
The TOREVERT.txt file contains the tasks that must be completed to finish reverting the machine to the state it was in before HP-UX Bastille was run.
/var/opt/sec_mgmt/bastille/TOREVERT.txt
The assessment reports are available as HTML, text, and a configuration file.
/var/opt/sec_mgmt/bastille/log/Assessment/assessment-report.html
/var/opt/sec_mgmt/bastille/log/Assessment/assessment-report.txt
/var/opt/sec_mgmt/bastille/log/Assessment/assessment-report-log.txt