Manuals
/
Brands
/
Computer Equipment
/
Software
/
HP
/
Computer Equipment
/
Software
HP
UX Bastille Software manual
66
1
66
72
72
Download
72 pages, 1.59 Mb
66
Contents
Page
Page
Table of Contents
Install-Time
Security (ITS) using
C Question modules
D Sample weight files
E CIS mapping to
List of Figures
List of Tables
1 About this product
1.1 Features and benefits
1.2Compatibility
1.3 Performance
1.4 Support
2 Installing HP-UXBastille
2.1 Installation requirements
2.2Installation
Page
3 Using HP-UXBastille
3.1Creating a security configuration profile
Page
3.2Configuring a system
3.3 Assessing a system
3.3.1 Using scored reports
Page
3.4 Reverting
3.5 Monitoring drift
3.6 Locating files
Page
4 Removing HP-UXBastille
Page
5 Troubleshooting
5.1 Diagnostic tips
5.2General use tips
5.3Known issues and workarounds
5.3.2 Cannot use X because $DISPLAY is not set
5.3.3 System is in original state
5.3.4 HP-UXBastille must be run as root
5.3.5 Problems opening, copying, or reading files
5.3.6 Errors related to individual configuration files
6 Support and other resources
6.1 Contacting HP
6.2 Related information
6.3 Typographic conventions
Page
Page
A Install-TimeSecurity (ITS) using HP-UXBastille
A.1 Choosing security levels
Page
Page
A.2 Choosing security dependencies
A.3 Selecting security levels during installation
B Configuring HP-UXBastille for use with Serviceguard
B.1 Configuring Sec20MngDMZ or Sec30DMZ security levels
B.2 Configuring Sec10Host level
Page
C Question modules
AccountSecurity.crontabs_file
AccountSecurity.cronuser
AccountSecurity.gui_login
AccountSecurity.hidepasswords
AccountSecurity.lock_account_nopasswd
AccountSecurity.mesgn
AccountSecurity.MIN_PASSWORD_LENGTH
AccountSecurity.NOLOGIN
AccountSecurity.NUMBER_OF_LOGINS_ALLOWED
AccountSecurity.NUMBER_OF_LOGINS_ALLOWEDyn
AccountSecurity.PASSWORD_HISTORY_DEPTH
AccountSecurity.PASSWORD_HISTORY_DEPTHyn
AccountSecurity.PASSWORD_MAXDAYS
AccountSecurity.PASSWORD_MINDAYS
AccountSecurity.passwordpolicies
AccountSecurity.restrict_home
AccountSecurity.root_path
AccountSecurity.serial_port_login
AccountSecurity.single_user_password
AccountSecurity.SU_DEFAULT_PATH
AccountSecurity.SU_DEFAULT_PATHyn
AccountSecurity.system_auditing
AccountSecurity.umask
AccountSecurity.umaskyn
AccountSecurity.unowned_files
AccountSecurity.user_dot_files
AccountSecurity.user_rc_files
Apache.chrootapache
Apache.deactivate_hpws_apache
DNS.chrootbind
FilePermissions.world_writeable
FTP.ftpbanner
FTP.ftpusers
HP_UX.gui_banner
HP_UX.mail_config
HP_UX.ndd
HP_UX.other_tools
HP_UX.restrict_swacls
HP_UX.scan_ports
HP_UX.screensaver_timeout
HP_UX.stack_execute
HP_UX.tcp_isn
IPFilter.block_cfservd
IPFilter.block_DNSquery
IPFilter.block_hpidsadmin
IPFilter.block_hpidsagent
IPFilter.block_netrange
IPFilter.block_ping
IPFilter.block_SecureShell
IPFilter.block_wbem
IPFilter.block_webadmin
IPFilter.configure_ipfilter
Page
IPFilter.install_ipfilter
MiscellaneousDaemons.configure_ssh
MiscellaneousDaemons.diagnostics_localonly
MiscellaneousDaemons.disable_bind
MiscellaneousDaemons.disable_ptydaemon
MiscellaneousDaemons.disable_pwgrd
MiscellaneousDaemons.disable_rbootd
MiscellaneousDaemons.disable_smbclient
MiscellaneousDaemons.disable_smbserver
MiscellaneousDaemons.nfs_core
MiscellaneousDaemons.nobody_secure_rpc
MiscellaneousDaemons.snmpd
MiscellaneousDaemons.syslog_localonly
MiscellaneousDaemons.xaccess
other_boot_serv
Patches.spc_cron_run
Patches.spc_cron_time
Patches.spc_proxy_yn
Patches.spc_run
Printing.printing
SecureInetd.banners
SecureInetd.deactivate_bootp
SecureInetd.deactivate_builtin
SecureInetd.deactivate_dttools
SecureInetd.deactivate_finger
SecureInetd.deactivate_ftp
SecureInetd.deactivate_ident
SecureInetd.deactivate_ktools
SecureInetd.deactivate_ntalk
SecureInetd.deactivate_printer
SecureInetd.deactivate_recserv
SecureInetd.deactivate_rquotad
SecureInetd.deactivate_rtools
SecureInetd.deactivate_swat
SecureInetd.deactivate_telnet
SecureInetd.deactivate_tftp
SecureInetd.deactivate_time
SecureInetd.deactivate_uucp
SecureInetd.ftp_logging
SecureInetd.inetd_general
SecureInetd.log_inetd
SecureInetd.owner
Sendmail.sendmailcron
Sendmail.sendmaildaemon
Sendmail.vrfyexpn
Page
D Sample weight files
D.1 all.weight
D.2 CIS.weight
Page
Page
E CIS mapping to HP-UXBastille
Page
Page
Page
Index