E CIS mapping to HP-UX Bastille

CIS

Level 1 benchmark for HP-UX 11i (v1.5.0)

CIS ID

CIS benchmark section

1.1

Patches and Additional Software

1.1.1

Apply latest OS patches

1.1.2

Install and configure SSH

1.1.3

Install and Run Bastille

1.2

Minimize inetd network services

1.2.1Disable Standard Services

1.2.2

Only enable telnet

1.2.3

Only enable FTP

1.2.4

Only enable rlogin/remsh/rcp

1.2.5

Only enable TFTP

1.2.6

Only enable printer service

1.2.7

Only enable rquotad

1.2.8

Only enable CDE-related daemons

1.2.9

Only enable Kerberos-related daemons

1.2.10

Only enable BOOTP/DHCP daemon

1.3

Minimize boot services

1.3.1

Disable login: prompts on serial ports

1.3.2Disable NIS/NIS+ related processes

1.3.3 Disable printer daemons 1.3.4 Disable GUI login

1.3.5Disable email server

1.3.6 Disable SNMP and OpenVIew

Mapping to HP-UX Bastille

HP-UX Bastille lock down items

Not Scorable

MiscellaneousDaemons.configure_ssh

Not Scorable

SecureInetd.deactivate_builtin

SecureInetd.deactivate_finger

SecureInetd.deactivate_ident

SecureInetd.deactivate_ntalk

SecureInetd.deactivate_recserv

SecureInetd.deactivate_time

SecureInetd.deactivate_uucp

SecureInetd.deactivate_telnet

SecureInetd.deactivate_ftp

SecureInetd.deactivate_rtools

SecureInetd.deactivate_tftp

SecureInetd.deactivate_printer

SecureInetd.deactivate_rquotad

SecureInetd.deactivate_dttools

SecureInetd.deactivate_ktools

SecureInetd.deactivate_bootp

Not Applicable

Not Applicable

Not Applicable

Not Applicable

Not Applicable

Not Applicable

Not Applicable

Not Applicable

Not Applicable

AccountSecurity.serial_port_login

MiscellaneousDaemons.nis_client

MiscellaneousDaemons.nis_server

MiscellaneousDaemons.nisplus_server

MiscellaneousDaemons.nisplus_client

Printing.printing

AccountSecurity.gui_login

Sendmail.sendmaildaemon

Sendmail.sendmailcron

MiscellaneousDaemons.snmpd

67

Page 67
Image 67
HP UX Bastille Software manual CIS mapping to HP-UX Bastille, Cis Id