HP UX Bastille Software Printing.printing, SecureInetd.banners, SecureInetd.deactivate

which analyze the software installed on the system. HP-UX Bastille runs SWA version C.01.01 or later. Otherwise, SPC is used to create a security-compliance report. The security compliance report lists:

•Installed patches that have warnings (recalls) issued by HP.

•Security patches announced by HP that will fix installed software but have not been applied.

•Currently installed patches not properly configured.

•Software that needs to be removed or updated to comply with a bulletin.

•Manual actions necessary to bring the server to bulletin compliance.

SWA and SPC can work through a proxy-type firewall to download current catalogs from HP with security and patch-warning information. Bulletin compliance requires vigilance. New vulnerabilities are found and fixed on a regular basis. HP recommends running one of these tools frequently, such as in a nightly cron job.(A separate question will cover this). HP recommends that you subscribe to the HP Security Bulletin mailing list.

NOTE: SPC uses clear-text protocols FTP or HTTP if a link can not be established with https. The output of this tool is appended to the HP-UX Bastille generated TODO.txt file so that you can apply the necessary patches.

IMPORTANT: Manual action required to complete this configuration. See TODO.txt file for details.

Actions HP-UX Bastille runs SWA or SPC.

Printing.printing

Headline	Disable printing.
Default	N
Description	If this machine does not print, stop the print scheduler and disable the
	associated print daemon utilities. On Linux, this includes the restriction of the
	daemon file permissions. On HP-UX, this includes the disablement of the
	xprintserver and pd client services where applicable.
Actions	If running, stop processes lpsched pdclientd.
	Set XPRINTSERVERS= in /etc/rc.config.d/tps.
	Set LP=0 in /etc/rc.config.d/lp.
	Set PD_CLIENT=0 in /etc/rc.config.d/pd.

SecureInetd.banners

Headline	Display "Authorized Use" messages at login time.
Default	N
Description	You can create "Authorized Use Only" messages for your site. These can be
	helpful in prosecuting system crackers you catch trying to break into your
	system. HP-UX Bastille makes default messages that you can edit. This is like
	an "anti-welcome mat" for your system.
Actions	Create default login banner messages in the /etc/motd and /etc/issue
	files.
	Modify the entries for rlogind and telnetd in the /etc/inetd.conf file
	to use /etc/issue banner.

SecureInetd.deactivate_bootp

Headline

Ensure that the inetd bootp service does not run on this system.