sometimes configured to provide network services to other systems. Disable these services unless you know of a specific reason to leave them enabled.

Actions

Kill processes: mrouted, rwhod, rarpd, rdpd, snapdaemon

 

Set MROUTED=0

in /etc/rc.config.d/netdaemons

 

Set RWHOD=0

in /etc/rc.config.d/netdaemons

 

Set RARPD=0

in /etc/rc.config.d/netconf

 

Set RDPD=0

in /etc/rc.config.d/netconf

 

Set START_SNAPLUS=0

in /etc/rc.config.d/snaplus2

Patches.spc_cron_run

Headline

 

 

Set up a cron job to run SWA or SPC.

Default

 

 

Y

 

Description

 

 

HP-UX Bastille can configure Software Assistant (SWA), or Security Patch

 

 

 

Check (SPC) to run daily using the cron scheduling daemon. Keeping a system

 

 

 

secure requires constant vigilance. Staying up-to-date on security bulletins

 

 

 

issued by Hewlett-Packard is critical. These tools are the easiest way to make

 

 

 

sure this system is compliant with the steps required in HP security bulletins.

 

 

 

A subscription to the HP security bulletin mailing list provides the latest

 

 

 

security fixes from HP.

 

 

 

NOTE:

This question is asked whether or not you have Software Assistant,

 

 

 

 

 

 

or Security Patch Check installed so that HP-UX Bastille can pre-configure

 

 

 

 

 

 

cron to run these applications after they are installed.

 

 

 

NOTE:

HP recommends SWA. SPC uses FTP, a clear-text, unauthenticated

 

 

 

protocol.

 

 

 

 

Register for notification of all HP security bulletins at http://www.itrc.hp.com.

 

 

 

Click on Maintenance and Support for HP Products then select Support

 

 

 

Information Digests.

Actions

 

 

Set a daily cron job to run SWA or SPC.

Patches.spc_cron_time

Headline

Set hour for a security bulletin compliance report.

Default

11

Description

Specify a number between 0 and 23, corresponding to the hour in your time

 

zone that is most convenient to run a security bulletin compliance report. For

 

example, if you specify 0, Security Patch Check runs between 12:00 A.M. and

 

12:59 A.M. in your local time zone. If you specify 23, the security bulletin

 

compliance report runs between 11:00 P.M. and 11:59 P.M.

Actions

Parameter only.

Patches.spc_proxy_yn

Headline

Does this machine require a proxy to ftp to the Internet?

Default

N

Description

Sets spc_proxy_yn.

Actions

None.

Patches.spc_run

Headline

Run SWA/SPC.

Default

Y

Description

Patching, updating, and configuring software to address known security

 

vulnerabilities is important for securing a system. SWA and SPC are tools

54 Question modules

Page 53 Page 55
Page 54
Image 54
HP UX Bastille Software manual Patches.spccronrun, Patches.spccrontime, Patches.spcproxyyn, Patches.spcrun
Page 53 Page 55
Top Page Image Contents