is listening to untrusted data as much as possible. This is especially true of

 

network daemons, such as bind. If a vulnerability is found in the daemon,

 

then a chroot jail contains any intrusions. Only a root process can break out

 

of a chroot jail. HP-UX Bastille ensures that "named" is not running as root.

 

A successful attack on "named" in a chroot jail running as a non-privileged

 

user allows the attacker to modify only files owned or writeable by that

 

non-privileged user and protects the rest of the system.

 

IMPORTANT: On HP-UX, the general structure of the jail is created but several

 

entries are added to the HP-UX Bastille generated TODO.txt file which require

 

manual action on your part. HP-UX does not ship with a name server

 

configured by default, so much of this depends on how your system's name

 

server is configured. Manual action is required to complete this configuration.

 

See the TODO.txt file for details.

Actions

Make a copy of BIND and related binaries and libraries and place them inside

 

of a chroot jail.

FilePermissions.world_writeable

Headline

Scan for world-writeable directories.

Default

N

Description

HP-UX Bastille can scan your system for world-writeable directories, including

 

base OS, 3rd party applications, and user directories. A script is created which

 

can be edited to suit your needs and run to tighten these permissions. Changing

 

the permissions of directories in this way has the potential to break

 

compatibility with some applications and requires testing in your environment.

 

Note: The changes made by this script are NOT supported by HP. They have

 

a low likelihood of breaking things in a single purpose environment, but are

 

known to break some applications in very subtle ways in a general purpose

 

environment For example, applications which rely on unique process id's in

 

/tmp when run by different users can break when the process id's are recycled,

 

or programs which are run by different users but create logs in a common

 

directory might fail. Other examples are listed in the long explanation. As you

 

run the script, a revert-directory-perms.shscript is created which

 

allows you to revert to a supported state, independent of other HP-UX Bastille

 

configurations which are supported. Running bastille -rreverts all HP-UX

 

Bastille changes including running the revert-directory-perms.sh

 

script.

 

IMPORTANT: Manual action is required to complete this configuration. See

 

the TODO.txt file for details.

Actions

Scan the system for world-writeable directories. Create a script to tighten these

 

permissions. HP-UX Bastille does not run this script, but offers it as a starting

 

point for users to review and modify.

FTP.ftpbanner

 

Headline

Present an ftpd banner upon login to FTP.

Default

N

Description

ftpbanner provides for a login banner to be presented upon the initial access

 

to the FTP server.

Actions

Append suitable banner line to ftpaccess file.

FTP.ftpusers

 

Headline

Disallow system account logins through ftpd.

41

Page 41
Image 41
HP UX Bastille Software manual FilePermissions.worldwriteable, FTP.ftpusers