Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP UX Bastille Software HP_UX.ndd, HP_UX.gui_banner, HP_UX.mail_config

1 72

Download 72 pages, 1.59 Mb

Default	N
Description	The ftpusers file allows the administrator to set accounts that shall not be
	allowed to log in through the ftpd. Default system users should not be allowed
	access to the system through the ftpd because it sends the username and
	password in clear text over the network. HP-UX Bastille disallows ftp logins
	to a WU-FTPD server from the following users: root, daemon, bin, sys, adm,
	uucp, lp, nuucp, hpdb, and guest. If you have a compelling reason to allow
	these users ftp access, then answer no to this question. Use this as a secondary
	measure if you deactivated the ftp server.
Actions	Add the following user names to the /etc/ftpd/ftpusers file: root,
	daemon, bin, sys, adm, uucp, lp, nuucp, hpdb, and guest.

HP_UX.gui_banner

Headline	Set up a login banner for graphical login.
Default	N
Description	Setting a GUI login banner notifies users that they may use the system, but
	they are subject to local policy and monitoring. It also serves as notification
	that the system is not for public use. This helps eliminate the claims of "I
	thought anyone could use it."
Actions	For all Xresources files in /usr/dt/config/* directories, modify the
	matching /etc/dt/config/*/Xresources file by adding the following
	lines:
	Dtlogin*greeting.labelString: "Authorized users only. All activity may be monitored and
	reported."
	Dtlogin*greeting.persLabelString: "Authorized users only. All activity may be monitored
	and reported."
	Create the matching /etc/dt/config/*/Xresources files if not present.

HP_UX.mail_config

Headline	Allow mailing of your configuration and TODO.txt files to HP.
Default	N
Description	The HP-UX Bastille development team would like to know how you use
	HP-UX Bastille. Based on how you answer these questions, HP can meet your
	needs better. You can help by sending your configuration and TODO.txt files
	back to HP. Answering yes to this question does that automatically. If you
	feel that your hostname or your security configuration is confidential,
	answerno. The information is sent unencrypted over the public Internet. If
	outbound mail is unable to reach the Internet from this machine, answer no.
	If you have suggestions for improvements, new questions, code, or tests,
	discuss these on the Bastille Linux discussion list at: http://lists.sourceforge.net/
	mailman/listinfo/bastille-linux-discuss. You can provide feedback concerning
	HP-UX Bastille directly to the IT Resource Center at http://itrc.hp.com, using
	the System Administration or Security forum. Please send all comments. We
	want to hear from you.
Actions	Mail the /etc/opt/sec_mgmt/bastille/config and /var/opt/
	sec_mgmt/bastille/TODO.txt files to HP so we can improve HP-UX
	Bastille.

HP_UX.ndd

Headline	Make suggested ndd changes.
Default	N
Description	The ndd utility gets and sets network device parameters. The following is a
	list of ndd changes HP-UX Bastille sets:

42 Question modules

Contents

Page Page Table of Contents Install-Time Security (ITS) using C Question modules D Sample weight files E CIS mapping to List of Figures List of Tables 1 About this product 1.1 Features and benefits 1.2Compatibility 1.3 Performance 1.4 Support 2 Installing HP-UXBastille 2.1 Installation requirements 2.2Installation Page 3 Using HP-UXBastille 3.1Creating a security configuration profile Page 3.2Configuring a system 3.3 Assessing a system 3.3.1 Using scored reports Page 3.4 Reverting 3.5 Monitoring drift 3.6 Locating files Page 4 Removing HP-UXBastille Page 5 Troubleshooting 5.1 Diagnostic tips 5.2General use tips 5.3Known issues and workarounds 5.3.2 Cannot use X because $DISPLAY is not set 5.3.3 System is in original state 5.3.4 HP-UXBastille must be run as root 5.3.5 Problems opening, copying, or reading files 5.3.6 Errors related to individual configuration files 6 Support and other resources 6.1 Contacting HP 6.2 Related information 6.3 Typographic conventions Page Page A Install-TimeSecurity (ITS) using HP-UXBastille A.1 Choosing security levels Page Page A.2 Choosing security dependencies A.3 Selecting security levels during installation B Configuring HP-UXBastille for use with Serviceguard B.1 Configuring Sec20MngDMZ or Sec30DMZ security levels B.2 Configuring Sec10Host level Page C Question modules AccountSecurity.crontabs_file AccountSecurity.cronuser AccountSecurity.gui_login AccountSecurity.hidepasswords AccountSecurity.lock_account_nopasswd AccountSecurity.mesgn AccountSecurity.MIN_PASSWORD_LENGTH AccountSecurity.NOLOGIN AccountSecurity.NUMBER_OF_LOGINS_ALLOWED AccountSecurity.NUMBER_OF_LOGINS_ALLOWEDyn AccountSecurity.PASSWORD_HISTORY_DEPTH AccountSecurity.PASSWORD_HISTORY_DEPTHyn AccountSecurity.PASSWORD_MAXDAYS AccountSecurity.PASSWORD_MINDAYS AccountSecurity.passwordpolicies AccountSecurity.restrict_home AccountSecurity.root_path AccountSecurity.serial_port_login AccountSecurity.single_user_password AccountSecurity.SU_DEFAULT_PATH AccountSecurity.SU_DEFAULT_PATHyn AccountSecurity.system_auditing AccountSecurity.umask AccountSecurity.umaskyn AccountSecurity.unowned_files AccountSecurity.user_dot_files AccountSecurity.user_rc_files Apache.chrootapache Apache.deactivate_hpws_apache DNS.chrootbind FilePermissions.world_writeable FTP.ftpbanner FTP.ftpusers HP_UX.gui_banner HP_UX.mail_config HP_UX.ndd HP_UX.other_tools HP_UX.restrict_swacls HP_UX.scan_ports HP_UX.screensaver_timeout HP_UX.stack_execute HP_UX.tcp_isn IPFilter.block_cfservd IPFilter.block_DNSquery IPFilter.block_hpidsadmin IPFilter.block_hpidsagent IPFilter.block_netrange IPFilter.block_ping IPFilter.block_SecureShell IPFilter.block_wbem IPFilter.block_webadmin IPFilter.configure_ipfilter Page IPFilter.install_ipfilter MiscellaneousDaemons.configure_ssh MiscellaneousDaemons.diagnostics_localonly MiscellaneousDaemons.disable_bind MiscellaneousDaemons.disable_ptydaemon MiscellaneousDaemons.disable_pwgrd MiscellaneousDaemons.disable_rbootd MiscellaneousDaemons.disable_smbclient MiscellaneousDaemons.disable_smbserver MiscellaneousDaemons.nfs_core MiscellaneousDaemons.nobody_secure_rpc MiscellaneousDaemons.snmpd MiscellaneousDaemons.syslog_localonly MiscellaneousDaemons.xaccess other_boot_serv Patches.spc_cron_run Patches.spc_cron_time Patches.spc_proxy_yn Patches.spc_run Printing.printing SecureInetd.banners SecureInetd.deactivate_bootp SecureInetd.deactivate_builtin SecureInetd.deactivate_dttools SecureInetd.deactivate_finger SecureInetd.deactivate_ftp SecureInetd.deactivate_ident SecureInetd.deactivate_ktools SecureInetd.deactivate_ntalk SecureInetd.deactivate_printer SecureInetd.deactivate_recserv SecureInetd.deactivate_rquotad SecureInetd.deactivate_rtools SecureInetd.deactivate_swat SecureInetd.deactivate_telnet SecureInetd.deactivate_tftp SecureInetd.deactivate_time SecureInetd.deactivate_uucp SecureInetd.ftp_logging SecureInetd.inetd_general SecureInetd.log_inetd SecureInetd.owner Sendmail.sendmailcron Sendmail.sendmaildaemon Sendmail.vrfyexpn Page D Sample weight files D.1 all.weight D.2 CIS.weight Page Page E CIS mapping to HP-UXBastille Page Page Page Index