Apache.deactivatehpwsapache | HP UX Bastille Software specs

	CIS	Level 1 benchmark for HP-UX 11i (v1.5.0)	Mapping to HP-UX Bastille
	1.3.7	Disable other standard boot services	MiscellaneousDaemons.disable_rbootd
			MiscellaneousDaemons.nfs_server
			MiscellaneousDaemons.nfs_client
			MiscellaneousDaemons.disable_ptydaemon
			Apache.deactivate_hpws_apache
			MiscellaneousDaemons.snmpd
			MiscellaneousDaemons.nfs_core
			MiscellaneousDaemons.other_boot_serv
			MiscellaneousDaemons.disable_smbclient
			MiscellaneousDaemons.disable_smbserver
			MiscellaneousDaemons.disable_bind
	1.3.8	Only enable Windows-compatibility server processes	Not Applicable
	1.3.9	Only enable Windows-compatibility client processes	Not Applicable
	1.3.10	Only enable NFS server processes	Not Applicable
	1.3.11	Only enable NFS client processes	Not Applicable
	1.3.12	Only enable RPC-based services	Not Applicable
	1.3.13	Only enable Web server	Not Applicable
	1.3.14	Only enable BIND DNS server	Not Applicable
	1.4	Kernel Tuning
	1.4.1	Enable stack protection	HP_UX.stack_execute
	1.4.2	Network parameter modifications	HP_UX.ndd
	1.4.3	Use better TCP sequence numbers	HP_UX.tcp_isn
	1.4.4	Additional network parameter modifications	HP_UX.ndd
	1.5	File/Directory Permissions/Access
	1.5.1	Set Sticky Bit on World Writable Directories	Not Scorable
		Find unauthorized world-writable files and SUID/SGID
	1.5.2	executables	Not Scorable
	1.5.3	Find 'unowned' files and directories	AccountSecurity.unowned_files
	1.6	System Access, Authentication, and Authorization
	1.6.1	Enable Hidden Passwords	AccountSecurity.hidepasswords
	1.6.2	Restrict users who can access to FTP	FTP.ftpusers
	1.6.3	Prevent Syslog from accepting messages from the network	MiscellaneousDaemons.syslog_localonly
	1.6.4	Disable XDMCP port	MiscellaneousDaemons.xaccess
	1.6.5	Set default-lock screensaver timeout	HP_UX.screensaver_timeout
	1.6.6	Configure IPFilter to allow only select communication	Not Scorable
	1.6.7	Restrict at/cron to authorized users	AccountSecurity.cronuser
			AccountSecurity.atuser
	1.6.8	Restrict crontab file permissions	AccountSecurity.crontabs_file
	1.6.9	Restrict root logins to system console	AccountSecurity.create_securetty
	1.6.10	Set retry limit for account lockout	AccountSecurity.AUTH_MAXTRIES
	1.6.11	Disable 'nobody' access for secure RPC	MiscellaneousDaemons.nobody_secure_rpc
	1.7	Logging
68	CIS mapping to HP-UX Bastille

Image 68

HP UX Bastille Software manual Apache.deactivatehpwsapache

Contents

HP-UX Bastille Version B.3.3 User Guide Trademark Acknowledgments Table of Contents Index List of Figures HP-UX Bastille user interface Standard assessment report List of Tables Question modules Security levels Features and benefits About this product Support CompatibilityPerformance Installation Installing HP-UX BastilleInstallation requirements Page Using HP-UX Bastille Creating a security configuration profile If the Path environment variable has not been updated, use 1shows the main screen of the HP-UX Bastille user interface Configuring a system Assessing a system Using scored reports Accepted standard configurations are detectedConfiguration for the corresponding question is not Is not always detected. HP-UX Bastille might not detect all Scored assessment report Reverting # bastille -r For more information, see bastilledrift1M Monitoring driftLocating files Var/opt/secmgmt/bastille/log/Assessment/Drift.txt If the file exists, complete the actions listed Removing HP-UX BastilleCheck for a TOREVERT.txt file Page Troubleshooting Diagnostic tipsKnown issues and workarounds General use tips Problems opening, copying, or reading files Errors related to individual configuration filesHP-UX Bastille configures a firewall using IPFilter Cannot use X because $DISPLAY is not set Related information Support and other resourcesContacting HP Typographic conventions Supplement important points of the main text Or damage to hardware or softwareTo complete a task Page Install-Time Security ITS using HP-UX Bastille Choosing security levels Enable kernel-based stack execute protection Table A-3 Additional Sec20MngDMZ security settings1 Selecting security levels during installation Choosing security dependencies Configuring Sec10Host level Configuring HP-UX Bastille for use with ServiceguardConfiguring Sec20MngDMZ or Sec30DMZ security levels Page Question modules AccountSecurity.guilogin AccountSecurity.hidepasswordsAccountSecurity.crontabsfile AccountSecurity.cronuser AccountSecurity.MINPASSWORDLENGTH AccountSecurity.NOLOGINAccountSecurity.NUMBEROFLOGINSALLOWED AccountSecurity.lockaccountnopasswd AccountSecurity.NUMBEROFLOGINSALLOWEDyn AccountSecurity.PASSWORDHISTORYDEPTHAccountSecurity.PASSWORDHISTORYDEPTHyn AccountSecurity.PASSWORDMAXDAYS AccountSecurity.passwordpolicies AccountSecurity.serialportloginAccountSecurity.singleuserpassword AccountSecurity.restricthome AccountSecurity.SUDEFAULTPATH AccountSecurity.SUDEFAULTPATHynAccountSecurity.systemauditing AccountSecurity.umask AccountSecurity.umaskyn AccountSecurity.unownedfilesAccountSecurity.userdotfiles AccountSecurity.userrcfiles DNS.chrootbind Apache.chrootapacheApache.deactivatehpwsapache FilePermissions.worldwriteable FTP.ftpusers HPUX.ndd HPUX.mailconfigHPUX.guibanner HPUX.othertools HPUX.screensavertimeout HPUX.restrictswaclsHPUX.scanports HPUX.stackexecute IPFilter.blockDNSquery HPUX.tcpisnIPFilter.blockcfservd IPFilter.blockhpidsadmin IPFilter.blockhpidsagentYou are managing some remote Hids agents, answer no Hids does not Default 192.168.1.0/255.255.255.0 Description IPFilter.blocknetrangeIPFilter.blockping IPFilter.blockSecureShell IPFilter.blockwebadmin IPFilter.configureipfilterIPFilter.blockwbem Otherwise, answer no to this questionPage MiscellaneousDaemons.diagnosticslocalonly IPFilter.installipfilterMiscellaneousDaemons.configuressh MiscellaneousDaemons.disablebind MiscellaneousDaemons.disableptydaemonMiscellaneousDaemons.disablepwgrd MiscellaneousDaemons.disablerbootd MiscellaneousDaemons.disablesmbclient MiscellaneousDaemons.disablesmbserverMiscellaneousDaemons.nfscore MiscellaneousDaemons.nobodysecurerpc MiscellaneousDaemons.sysloglocalonly MiscellaneousDaemons.xaccessOtherbootserv Patches.spccronrun Patches.spccrontimePatches.spcproxyyn Patches.spcrun SecureInetd.banners SecureInetd.deactivatebootpPrinting.printing SecureInetd.deactivatebuiltin SecureInetd.deactivatedttoolsSecureInetd.deactivatefinger SecureInetd.deactivateftp SecureInetd.deactivateident SecureInetd.deactivatektoolsSecureInetd.deactivatentalk SecureInetd.deactivateprinter SecureInetd.deactivaterecserv SecureInetd.deactivaterquotadSecureInetd.deactivatertools SecureInetd.deactivateswat SecureInetd.deactivatetftp SecureInetd.deactivatetimeSecureInetd.deactivateuucp SecureInetd.ftplogging SecureInetd.loginetd SecureInetd.inetdgeneralSecureInetd.owner Sendmail.sendmailcron Sendmail.sendmaildaemon Sendmail.vrfyexpnPage Sample weight files All.weight CIS.weight Sample weight file below aligns with the CIS standard CIS.weight Page CIS mapping to HP-UX Bastille CIS ID Apache.deactivatehpwsapache AccountSecurity.lockaccountnopasswd Page Index