IPFilter.blockhpidsadmin, Hids does not | HP UX Bastille Software

Actions	Enable incoming network traffic for this service by adding the following lines
	to the /etc/opt/ipf/ipf.conf file when actively managed by HP-UX
	Bastille:
	# do allow DNSquery incoming connections
	pass in quick proto udp from any to any port = domain keep
	state"

IPFilter.block_hpidsadmin

Headline			BLOCK incoming connections to the HIDS GUI with IPFilter.
Default			Y
Description			The HP-UX Host Intrusion Detection System (HIDS) Management GUI listens
			on port 2984 for incoming connections initiated by HIDS agents on each
			configured host. If you are not running the HP-UX Host HIDS GUI on this
			hos, answer yes. If you are running the HP-UX Host HIDS GUI on this host,
			and it only manages one LOCAL HIDS agent running on this host (i.e., you
			are not managing any HIDS agents on any remote hosts using this GUI),
			answer yes. If you are running an HP-UX Host HIDS GUI on this host and
			you are managing some remote HIDS agents, answer no.
			NOTE: Install and configure HIDS separately from HP-UX Bastille. For more

			information, see http://www.hp.com/security.
			information, see http://www.hp.com/security.
Actions			Enable incoming network traffic for this service by adding the following lines
			to the /etc/opt/ipf/ipf.conf file when actively managed by HP-UX
			Bastille:
			# do allow hpidsadmin incoming connections
			pass in quick proto tcp from any to any port = hpidsadmin flags S keep state
			keep frags

IPFilter.block_hpidsagent

Headline			BLOCK incoming HIDS agent connections with IPFilter.
Default			N
Description			HP-UX HIDS enhances host-level security with near realtime automatic
			monitoring of each configured host for signs of potentially damaging
			intrusions. HIDS contains a System Management GUI that allows the
			administrator to configure, control, and monitor the HIDS system, and a
			host-based agent which is an intrusion detection sensor, that gathers system
			data, monitors system activity, and issues intrusion alerts. The communication
			between the GUI and agents is encrypted. The agent listens on port 2985 for
			incoming connections initiated by the GUI. If you are not running the HP-UX
			Host Intrusion Detection System (HIDS) agent on this host, answer yes. If you
			are running the HP-UX Host HIDS agent on this host but you are running the
			HP-UX Host HIDS GUI locally on this host (i.e., you are not remotely managing
			this agent by running the GUI on a remote host, answer yes. If you are running
			an HP-UX Host HIDS agent locally on this host and you are remotely managing
			this agent with a remote HP-UX Host HIDS System Management GUI, answer
			no.
			NOTE: You must install and configure HIDS separately from HP-UX Bastille.

			For more information, see http://www.hp.com/security.
			For more information, see http://www.hp.com/security.
			HIDS does not:
			• Replace comprehensive security policies and procedures. You must define
			and implement such security policies and procedures and configure HIDS
			to enforce them. A lack of such policies, procedures, and configuration

46 Question modules

Image 46

HP UX Bastille Software manual IPFilter.blockhpidsadmin, IPFilter.blockhpidsagent, Hids does not

Contents

HP-UX Bastille Version B.3.3 User Guide Trademark Acknowledgments Table of Contents Index List of Figures HP-UX Bastille user interface Standard assessment report List of Tables Question modules Security levels Features and benefits About this product Performance CompatibilitySupport Installation requirements Installing HP-UX BastilleInstallation Page Using HP-UX Bastille Creating a security configuration profile If the Path environment variable has not been updated, use 1shows the main screen of the HP-UX Bastille user interface Configuring a system Assessing a system Configuration for the corresponding question is not Using scored reportsAccepted standard configurations are detected Is not always detected. HP-UX Bastille might not detect all Scored assessment report Reverting # bastille -r Locating files Monitoring driftFor more information, see bastilledrift1M Var/opt/secmgmt/bastille/log/Assessment/Drift.txt Check for a TOREVERT.txt file Removing HP-UX BastilleIf the file exists, complete the actions listed Page Known issues and workarounds TroubleshootingDiagnostic tips General use tips HP-UX Bastille configures a firewall using IPFilter Problems opening, copying, or reading filesErrors related to individual configuration files Cannot use X because $DISPLAY is not set Contacting HP Support and other resourcesRelated information Typographic conventions To complete a task Or damage to hardware or softwareSupplement important points of the main text Page Install-Time Security ITS using HP-UX Bastille Choosing security levels Enable kernel-based stack execute protection Table A-3 Additional Sec20MngDMZ security settings1 Selecting security levels during installation Choosing security dependencies Configuring Sec20MngDMZ or Sec30DMZ security levels Configuring HP-UX Bastille for use with ServiceguardConfiguring Sec10Host level Page Question modules AccountSecurity.crontabsfile AccountSecurity.guiloginAccountSecurity.hidepasswords AccountSecurity.cronuser AccountSecurity.NUMBEROFLOGINSALLOWED AccountSecurity.MINPASSWORDLENGTHAccountSecurity.NOLOGIN AccountSecurity.lockaccountnopasswd AccountSecurity.PASSWORDHISTORYDEPTHyn AccountSecurity.NUMBEROFLOGINSALLOWEDynAccountSecurity.PASSWORDHISTORYDEPTH AccountSecurity.PASSWORDMAXDAYS AccountSecurity.singleuserpassword AccountSecurity.passwordpoliciesAccountSecurity.serialportlogin AccountSecurity.restricthome AccountSecurity.systemauditing AccountSecurity.SUDEFAULTPATHAccountSecurity.SUDEFAULTPATHyn AccountSecurity.umask AccountSecurity.userdotfiles AccountSecurity.umaskynAccountSecurity.unownedfiles AccountSecurity.userrcfiles Apache.deactivatehpwsapache Apache.chrootapacheDNS.chrootbind FilePermissions.worldwriteable FTP.ftpusers HPUX.guibanner HPUX.mailconfigHPUX.ndd HPUX.othertools HPUX.scanports HPUX.screensavertimeoutHPUX.restrictswacls HPUX.stackexecute IPFilter.blockcfservd HPUX.tcpisnIPFilter.blockDNSquery You are managing some remote Hids agents, answer no IPFilter.blockhpidsadminIPFilter.blockhpidsagent Hids does not IPFilter.blockping Default 192.168.1.0/255.255.255.0 DescriptionIPFilter.blocknetrange IPFilter.blockSecureShell IPFilter.blockwbem IPFilter.blockwebadminIPFilter.configureipfilter Otherwise, answer no to this questionPage MiscellaneousDaemons.configuressh IPFilter.installipfilterMiscellaneousDaemons.diagnosticslocalonly MiscellaneousDaemons.disablepwgrd MiscellaneousDaemons.disablebindMiscellaneousDaemons.disableptydaemon MiscellaneousDaemons.disablerbootd MiscellaneousDaemons.nfscore MiscellaneousDaemons.disablesmbclientMiscellaneousDaemons.disablesmbserver MiscellaneousDaemons.nobodysecurerpc Otherbootserv MiscellaneousDaemons.xaccessMiscellaneousDaemons.sysloglocalonly Patches.spcproxyyn Patches.spccronrunPatches.spccrontime Patches.spcrun Printing.printing SecureInetd.deactivatebootpSecureInetd.banners SecureInetd.deactivatefinger SecureInetd.deactivatebuiltinSecureInetd.deactivatedttools SecureInetd.deactivateftp SecureInetd.deactivatentalk SecureInetd.deactivateidentSecureInetd.deactivatektools SecureInetd.deactivateprinter SecureInetd.deactivatertools SecureInetd.deactivaterecservSecureInetd.deactivaterquotad SecureInetd.deactivateswat SecureInetd.deactivateuucp SecureInetd.deactivatetftpSecureInetd.deactivatetime SecureInetd.ftplogging SecureInetd.owner SecureInetd.loginetdSecureInetd.inetdgeneral Sendmail.sendmailcron Sendmail.sendmaildaemon Sendmail.vrfyexpnPage Sample weight files All.weight CIS.weight Sample weight file below aligns with the CIS standard CIS.weight Page CIS mapping to HP-UX Bastille CIS ID Apache.deactivatehpwsapache AccountSecurity.lockaccountnopasswd Page Index