MiscellaneousDaemons.disablesmbclient | HP UX Bastille Software

Actions	If running, stop process rbootd.
	Set START_RBOOTD=0 in /etc/rc.config.d/netdaemons.

MiscellaneousDaemons.disable_smbclient

Headline	Disable the HP-UX CIFS client.
Default	Y
Description	CIFS can be used to share files and other resources between computers. The
	CIFS product suite integrates HP-UX with Microsoft Windows environments
	by providing remote file sharing, printer access and authentication services
	between HP-UX and Windows systems.
Actions	If running. stop process cifsclient.
	Set RUN_CIFSCLIENT=0 in /etc/rc.config.d/cifsclient.

MiscellaneousDaemons.disable_smbserver

Headline	Disable the HP-UX CIFS (Samba) Server.
Default	N
Description	CIFS can be used to share files and other resources between computers. The
	CIFS product suite integrates HP-UX with Microsoft Windows environments
	by providing remote file sharing, printer access, and authentication services
	between HP-UX and Windows systems.
Actions	If running, stop processes smbd and nmbd.
	Set RUN_SAMBA=0 in /etc/rc.config.d/samba.

MiscellaneousDaemons.nfs_core

Headline	Disable the NFS and RPC infrastructure.
Default	N
Description	RPC is a traditional part of UNIX used in a variety of UNIX services, including
	NIS, NFS, and others. If you are sure you are not using a service that is affected,
	you may disable RPC. RPC has had security issues in the past and by default
	does not support a strong authentication mechanism. If you disable the core
	NFS infrastructure, HP-UX Bastille disables NIS, NIS+ and NFS.
Actions	Stop and disable NIS/NIS+ Server and Client.
	Stop and disable NFS Server and Client.
	Set NFS_CORE=0 in /etc/rc.config.d/nfsconf.

MiscellaneousDaemons.nobody_secure_rpc

Headline	Disable the nobody user in the ONC Secure RPC
Default	N
Description	Secure RPC is a cryptographically authenticated means to communicate with
	a system. By configuring keyserv to prevent the use of default keys for the
	nobody user, other users are prevented from accessing the nobody user with
	default credentials. This is a safer way to operate Secure RPC.
Actions	Add the -dflag to the KEYSERV_OPTIONS= parameter line in /etc/
	rc.config.d/namesvrs.

MiscellaneousDaemons.snmpd

Headline	Disable SNMPD.
Default	N

52 Question modules

Image 52

HP UX Bastille Software manual MiscellaneousDaemons.disablesmbclient, MiscellaneousDaemons.disablesmbserver

Contents

HP-UX Bastille Version B.3.3 User Guide Trademark Acknowledgments Table of Contents Index List of Figures HP-UX Bastille user interface Standard assessment report List of Tables Question modules Security levels Features and benefits About this product Performance CompatibilitySupport Installation requirements Installing HP-UX BastilleInstallation Page Using HP-UX Bastille Creating a security configuration profile If the Path environment variable has not been updated, use 1shows the main screen of the HP-UX Bastille user interface Configuring a system Assessing a system Using scored reports Accepted standard configurations are detectedConfiguration for the corresponding question is not Is not always detected. HP-UX Bastille might not detect all Scored assessment report Reverting # bastille -r Locating files Monitoring driftFor more information, see bastilledrift1M Var/opt/secmgmt/bastille/log/Assessment/Drift.txt Check for a TOREVERT.txt file Removing HP-UX BastilleIf the file exists, complete the actions listed Page Troubleshooting Diagnostic tipsKnown issues and workarounds General use tips Problems opening, copying, or reading files Errors related to individual configuration filesHP-UX Bastille configures a firewall using IPFilter Cannot use X because $DISPLAY is not set Contacting HP Support and other resourcesRelated information Typographic conventions To complete a task Or damage to hardware or softwareSupplement important points of the main text Page Install-Time Security ITS using HP-UX Bastille Choosing security levels Enable kernel-based stack execute protection Table A-3 Additional Sec20MngDMZ security settings1 Selecting security levels during installation Choosing security dependencies Configuring Sec20MngDMZ or Sec30DMZ security levels Configuring HP-UX Bastille for use with ServiceguardConfiguring Sec10Host level Page Question modules AccountSecurity.guilogin AccountSecurity.hidepasswordsAccountSecurity.crontabsfile AccountSecurity.cronuser AccountSecurity.MINPASSWORDLENGTH AccountSecurity.NOLOGINAccountSecurity.NUMBEROFLOGINSALLOWED AccountSecurity.lockaccountnopasswd AccountSecurity.NUMBEROFLOGINSALLOWEDyn AccountSecurity.PASSWORDHISTORYDEPTHAccountSecurity.PASSWORDHISTORYDEPTHyn AccountSecurity.PASSWORDMAXDAYS AccountSecurity.passwordpolicies AccountSecurity.serialportloginAccountSecurity.singleuserpassword AccountSecurity.restricthome AccountSecurity.SUDEFAULTPATH AccountSecurity.SUDEFAULTPATHynAccountSecurity.systemauditing AccountSecurity.umask AccountSecurity.umaskyn AccountSecurity.unownedfilesAccountSecurity.userdotfiles AccountSecurity.userrcfiles Apache.deactivatehpwsapache Apache.chrootapacheDNS.chrootbind FilePermissions.worldwriteable FTP.ftpusers HPUX.guibanner HPUX.mailconfigHPUX.ndd HPUX.othertools HPUX.screensavertimeout HPUX.restrictswaclsHPUX.scanports HPUX.stackexecute IPFilter.blockcfservd HPUX.tcpisnIPFilter.blockDNSquery IPFilter.blockhpidsadmin IPFilter.blockhpidsagentYou are managing some remote Hids agents, answer no Hids does not Default 192.168.1.0/255.255.255.0 Description IPFilter.blocknetrangeIPFilter.blockping IPFilter.blockSecureShell IPFilter.blockwebadmin IPFilter.configureipfilterIPFilter.blockwbem Otherwise, answer no to this questionPage MiscellaneousDaemons.configuressh IPFilter.installipfilterMiscellaneousDaemons.diagnosticslocalonly MiscellaneousDaemons.disablebind MiscellaneousDaemons.disableptydaemonMiscellaneousDaemons.disablepwgrd MiscellaneousDaemons.disablerbootd MiscellaneousDaemons.disablesmbclient MiscellaneousDaemons.disablesmbserverMiscellaneousDaemons.nfscore MiscellaneousDaemons.nobodysecurerpc Otherbootserv MiscellaneousDaemons.xaccessMiscellaneousDaemons.sysloglocalonly Patches.spccronrun Patches.spccrontimePatches.spcproxyyn Patches.spcrun Printing.printing SecureInetd.deactivatebootpSecureInetd.banners SecureInetd.deactivatebuiltin SecureInetd.deactivatedttoolsSecureInetd.deactivatefinger SecureInetd.deactivateftp SecureInetd.deactivateident SecureInetd.deactivatektoolsSecureInetd.deactivatentalk SecureInetd.deactivateprinter SecureInetd.deactivaterecserv SecureInetd.deactivaterquotadSecureInetd.deactivatertools SecureInetd.deactivateswat SecureInetd.deactivatetftp SecureInetd.deactivatetimeSecureInetd.deactivateuucp SecureInetd.ftplogging SecureInetd.loginetd SecureInetd.inetdgeneralSecureInetd.owner Sendmail.sendmailcron Sendmail.sendmaildaemon Sendmail.vrfyexpnPage Sample weight files All.weight CIS.weight Sample weight file below aligns with the CIS standard CIS.weight Page CIS mapping to HP-UX Bastille CIS ID Apache.deactivatehpwsapache AccountSecurity.lockaccountnopasswd Page Index