E CIS mapping to HP-UX Bastille
CIS | Level 1 benchmark for | Mapping to |
CIS ID | CIS benchmark section |
1.1Patches and Additional Software
1.1.1 Apply latest OS patches | Not Scorable | |
1.1.2 | Install and configure SSH | MiscellaneousDaemons.configure_ssh |
|
|
|
1.1.3 | Install and Run Bastille | Not Scorable |
1.2Minimize inetd network services
1.2.1 | Disable Standard Services | SecureInetd.deactivate_builtin |
|
| SecureInetd.deactivate_finger |
|
| SecureInetd.deactivate_ident |
|
| SecureInetd.deactivate_ntalk |
|
| SecureInetd.deactivate_recserv |
|
| SecureInetd.deactivate_time |
|
| SecureInetd.deactivate_uucp |
|
| SecureInetd.deactivate_telnet |
|
| SecureInetd.deactivate_ftp |
|
| SecureInetd.deactivate_rtools |
|
| SecureInetd.deactivate_tftp |
|
| SecureInetd.deactivate_printer |
|
| SecureInetd.deactivate_rquotad |
|
| SecureInetd.deactivate_dttools |
|
| SecureInetd.deactivate_ktools |
|
| SecureInetd.deactivate_bootp |
|
|
|
1.2.2 | Only enable telnet | Not Applicable |
|
|
|
1.2.3 | Only enable FTP | Not Applicable |
|
|
|
1.2.4 | Only enable rlogin/remsh/rcp | Not Applicable |
|
|
|
1.2.5 | Only enable TFTP | Not Applicable |
|
|
|
1.2.6 | Only enable printer service | Not Applicable |
|
|
|
1.2.7 | Only enable rquotad | Not Applicable |
|
|
|
1.2.8 | Only enable | Not Applicable |
|
|
|
1.2.9 | Only enable | Not Applicable |
|
|
|
1.2.10 | Only enable BOOTP/DHCP daemon | Not Applicable |
1.3Minimize boot services
1.3.1 Disable login: prompts on serial ports | AccountSecurity.serial_port_login | |
1.3.2 Disable NIS/NIS+ related processes | MiscellaneousDaemons.nis_client | |
|
| MiscellaneousDaemons.nis_server |
|
| MiscellaneousDaemons.nisplus_server |
|
| MiscellaneousDaemons.nisplus_client |
|
|
|
1.3.3 | Disable printer daemons | Printing.printing |
|
|
|
1.3.4 | Disable GUI login | AccountSecurity.gui_login |
|
|
|
1.3.5 | Disable email server | Sendmail.sendmaildaemon |
|
| Sendmail.sendmailcron |
|
| |
1.3.6 Disable SNMP and OpenVIew | MiscellaneousDaemons.snmpd |
67