FireScreen Administration | HP UX Internet Express Software manual

1.Under Network Security on the Manage Components menu, choose TCP Wrapper.

2.From the TCP Wrapper Administration menu, choose Test Configuration to display the Test Configuration form.

3.Select a service from the Service to Test list box.

4.Enter a domain name, IPv4 address, or IPv6 address in the Requesting Client field, using the syntax defined in the hosts_access(5) reference page.

5.Click Submit.

After you complete the procedure, the utility displays a message of the following form:

Access to service-namefrom client is state

where:

service-nameis the name of the service being tested. client is the user and host for which the security is being tested. state is either denied or granted.

For more information, see the tcpdmatch(8) reference page.

FireScreen Administration

The FireScreen menus and forms lead you through the process of installing, configuring, and enabling the FireScreen firewall. An Internet Protocol (IP) packet arriving at a gateway is routed by the system's routing daemon to the kernel for forwarding through a particular network interface. FireScreen filters routed packets by inhibiting the kernel IP forwarding functionality the based on screening rules stored in its configuration file.

Use the FireScreen Administration menu to perform the following tasks:

•Install FireScreen (Section : Installing FireScreen)

•Configure FireScreen (Section : Configuring FireScreen)

•Start and stop FireScreen (Section : Starting and Stopping FireScreen)

•View FireScreen status (Section : Viewing FireScreen Status)

Under Network Security on the Manage Components menu, choose FireScreen to access the FireScreen Administration menu, shown in Figure 43.

Note:

Initially, the FireScreen Administration menu displays only one option, Install FireScreen. After installing FireScreen, the additional options shown in Figure 43 are displayed.

Figure 43 FireScreen Administration Menu

170 Network Security Administration

Image 170

HP UX Internet Express Software manual FireScreen Administration Menu

Contents

Internet Express for Tru64 Unix Version AbstractPage Contents User Authentication Mail Delivery Administration Mail Access Administration 132 Network Security Administration 167 Web Services Administration 155XML Component Administration 164 Proxy Services Administration 190 Ldap Directory Server Administration 195 Samba File and Print Server Administration 216 OpenSLP Administration 207FTP Server Administration 213 InterNetNews Server Administration 225 Internet Relay Chat Administration 248 Jabber 265 PostgreSQL Database and MySQL Administration 249Bind Domain Name Server Administration 260 Twiki 266 Document Organization About This DocumentIntended Audience Computer output CommandTypographic Conventions User input Related Information Reading Documentation Using the Administration UtilityReading Documentation Using the Public Web Server Reading the Documentation On a Tru64 Unix System Reading Documentation from the Internet Express CD-ROMReading Reference Pages for Internet Express Components On a PC # man -M /usr/news/man active.5 Readers CommentsReading the Open Source Software Component Documentation Internet electronic mail readerscomment@zk3.dec.com Readers Comments Using the Administration Utility Using the Administration Utility Using the Administration Utility Main Menu Administration Utility Menu Options and Tasks Using Administration Utility Forms Registering Your Internet Express InstallationNavigating the Administration Utility Register Online Sample Administration Utility Form Port Number Description Accessing Administration ServersInternet Express Accounts and Ports 8081 Internet Express Managing Internet Express in a TruCluster Environment Accessing the Internet Express Login AccountAccessing and Managing the Internet Monitor TruCluster Impact on Internet Express Administration Installing and Removing ComponentsUsing Internet Express Services in a Cluster Hostname of the local host Installing and Removing ComponentsKeywords for URL Line Port number from the current Web server Accessing Web-Based System Management Tools Performing Web-Based System Management Tuning Kernel Attribute Values Accessing Web-Based System Management Tools Using the Administration Utility Open Source Software Web Sites Where to Find More InformationInternet Express and AlphaServer Products Web Sites FreeRADIUS ExpectFirefox GnuPG Lynx Web Browser IRC ServerJabber Majordomo Automated Internet Mailing Lists Manager OpenSLP MySQLOpenLDAP Perl Pure-FTP Server PostgreSQL Relational Database Management SystemProcmail Mail Filtering Language Samba File and Print Server System Security Web Sites InterNIC Other Useful Web SitesApplications Microsoft Encompass User Administration Manage Users Menu User Administration Overview of User Accounts Specifying User Names Assigning Passwords to User AccountsPurging Obsolete Passwords Overview of User Accounts Searching for User Accounts Searching for User Accounts Assigning Users to Groups Selecting User Accounts Creating Captive Accounts for Named Users Shows the Create Named User Account form Creating Captive Accounts for Generic Users Creating a Named User Account Creating a Noncaptive Account for a Unix System User Creating Generic User Accounts To create a group, see Section Creating Groups Creating a Noncaptive Account for a Unix System User Creating Groups Creating a System User Account Displaying User Account Information Creating Groups Deleting User Accounts Displaying User Account Information Changing Groups for User Accounts Changing Groups for User Accounts User Administration Changing the Password for an Account Changing the Password for an Account Changing Mail Services for Users Changing Mail Services for Users Assigning Regular Delivery Mail ServiceAssigning POP with Password Mail Service Assigning the Cyrus Imap Mail Service Assigning Cyrus Imap with Password Mail Service Changing the iass Account Forwarding Address Assigning Apop with Password Mail ServiceManaging the iass Account Managing the .users.list File Purging Passwords for User Accounts Managing the User Self-Administration FeatureListing User Accounts and Passwords Removing the .users.list File Enabling and Disabling the User Self-Administration Feature Managing the User Self-Administration Feature Manage User Self-Administration Menu Modifying the Web Server Configuration Configure Web Server for Self-Administration Form Enabling and Disabling Login Delays Modify Web Server Configuration Managing User Self-Administration Groups Adding Groups Deleting and Modifying Groups Adding Groups Customizing the User Self-Administration Feature Enabling and Disabling Groups User Administration Managing the Ldap Module for System Authentication User AuthenticationManaging the Ldap Module for System Authentication Example 1 Security Matrix Enabled for Ldap User Authentication Ldap Caching Daemon Example 2 Ldap Caching Daemon Configuration File Creating Branches Value of searchbase Value of machinedn Value of machinepass Extended Ldap Schema for Unix Account Information Userbranch ou=accounts,searchbase Indexing Attributes for the Directory Servers Ldap Database Index Types Configuring the Ldap Module for System AuthenticationAdding Indices for OpenLDAP Defining Ldap System Parameters Modifying the Ldap Module ConfigurationConfiguring the Ldap Module for System Authentication Configuring Ldap Password Attributes Configuring Ldap Group Attributes Enabling and Disabling the Ldap Module Testing the Ldap Module ConfigurationImporting and Exporting Users from /etc/passwd Exporting Users from the Directory Server Importing Users into the Directory ServerImporting Users from NIS Adding an Ldap User in a C2 Environment Access Control Ldap Database Utilities File in which to store search results the default is Remove login names from specified groupRemove login names from all groups Authentication mechanism Adding a User Entry Checking the Ldap Server ConfigurationExtracting Users from the /etc/passwd File Deleting a User Entry Retrieving a User Entry Ldapsyncuser -b branch filename Synchronizing with a Password FileAdding a Group Entry Maintaining Group Membership Deleting a Group Entry Starting the ldapcd Daemon Setting a Users Password in the Ldap Directory ServerRetrieving a Group Entry Ldapgetgroup -b branch -f input-file Adding Entries to an Ldap Database Maintaining the Ldap Directory Server Using Ldap CommandsStopping the ldapcd Daemon Modifying Entries in an Ldap Database Overview of the Ldap Client Authentication Actions PerformedFiles Modified by theLDAP Module for System Authentication Actions Performed by the Ldap Client Debugging ldapdc Operation of login/suBehavior of the the ldapdc Daemon Etc/ldapusers.allow # su user1 Mail Delivery Administration Mail Delivery AdministrationSendmail Server Administration Bogofilter to filter spam Section Bogofilter Spam Filter Configuring the System as a Mail Server Configuring the System as a Standalone Mail SystemConfiguring the System as a Mail Client Ldap see Section Configuring Ldap Creating and Deleting Host Aliases for a Mail Server Changing the Sendmail Server Configuration Sendmail Server Administration Through Section Configuring the X.25 Protocol Configuring Mail ProtocolsPSInet see Section Configuring the X.25 Protocol Creating and Deleting Pseudo Domain Aliases Configuring the MTS Protocol Configuring the DECnet Phase IV Protocol Configuring the DECnet/OSI Protocol Configuring the Uucp Protocol Configuring the X.25 Protocol Configuring Masquerading Accessing the Configure Masquerading Form Root Postmaster News Uucp Configuring Your System for Masquerading Mailer-daemon Rdist Nobody Daemon Pop Imap Configuring Virtual Domains Example 4 Sample Virtual Domain Table # makemap btree virtusertable virtusertable Enabling Procmail as a Local Mailer Enabling Anti-Virus Configuring Anti-Spam Configuring Relaying Configuring the Access Database Example 5 Sample Access Database for the Sendmail Server Configuring an Access Database Configuring Ldap Configuring Checking on Senders Information Configuring Mail Filters Milter Shows the Configure Ldap form Socket inet61066@myhost.com Socket local/var/run/f1.sockSocket inet1099@remotehost.com Socket inet1066@myhost.com,T=C5mS10sR10sE5m Sample -p local/var/run/example1.sock Configuring Queues Adding a Queue Deleting a Queue Group # sendmail -bt -q queue-nameModifying a Queue Group General Queue Properties Configuring Queue PerformanceQueue Timers Sendmail Tunable Parameters Configuring Trusted Layer SecuritySendmail Timers TLS Certificate Values Certificate DefaultsCertificate Issuer One that issues certificates a CA Certicate Authority Abbreviation Certificate Authority Enabling Support Using the Access Database Failure marked as temporary VERIFYbits CIname Sendmail Server AdministrationMarked as permanent Side Relay or Subject Configuring Mailbox AccessControlling the Sendmail Server Viewing the Sendmail Server Log Majordomo Mailing List AdministrationMajordomo Mailing List Administration Creating a Majordomo Mailing List Changing a Majordomo Mailing List Configuration Changing List Owner or Charter Changing Administration Parameters Changing Subscription Parameters Changing Message Content Parameters Changing Command Access Parameters Changing Digest Parameters Changing Moderated List Parameters Changing List Restriction Parameters Changing Address Processing Parameters MailmanDeleting a Majordomo List Mailman Deleting a Mailing List Creating the Initial Mailman List Using a ScriptCreate a Mailing List Managing Mailman Mailman Mailing List Administration Menu Mailman Log Files Bogofilter Spam FilterMailman Scripts Training Bogofilter Filter Integration with Other Tools Using Bogofilter with procmailFiltering with Bogofilter Bogofilter/wordlist.db Mail Transport Agent MTA Integration with Bogofilter Mutt Integration with BogofilterPine Integration with Bogofilter Bogofilter Spam Filter Controlling the POP3 Server Mail Access AdministrationPOP Mail Server Administration Controlling the POP2 Server Viewing the POP Mail Server Log Imap Mail Server AdministrationImap Mail Server Administration Converting Imap Mail Folders Setting Up a Unix User Account for UW ImapSetting Up a Unix User Account for Cyrus Imap Usr/dt/bin/mailcv -evdt -I -f foldername directoryname user Controlling the Cyrus Imap ServerControlling the UW Imap Server Usr/dt/bin/mailcv -I -t -f ./bar duke Configuring SSL for UW-IMAP Viewing the Imap Server Log IMP Webmail Administration IMP Webmail Administration Accessing the IMP Webmail Administration Menu Enabling and Disabling IMP Webmail Managing Mail Server Settings Enable/Disable IMP Webmail Adding a Mail Server IMP Mail Server SettingsModifying the Mail Server List IMP Mail Server List Settings Deleting a Mail Server Managing Mailbox SettingsModifying a Mail Server Managing Compose Settings IMP Mailbox Settings Preference settings Managing Message SettingsIMP Compose Settings Managing Logging Settings IMP Message Settings IMP Logging Settings Managing Preference Driver Settings Preference Driver Settings Miscellaneous IMP Settings Managing Miscellaneous IMP SettingsManaging Horde Settings Setting Description Allow usage of folders Horde Settings Managing Turba Settings Setting Description Enabled Using IMP Upgrade ToolsIMP Turba Settings Have access to their addressbook Upgrading IMP Configurations Upgrading IMP Databases IMP Database Upgrade Settings New Preference Table Accessing IMP WebmailAdditional Webmail Documentation Secure Web Server Administration Web Services AdministrationSecure Web Server Administration Accessing the Secure Web Servers Internet Express Ports and URLs Web Server Management Changing Configuration ParametersConfiguration Files for Secure Web Servers Server Changing the Password for the Administration Web Server Httpd.conf Srm.conf Access.conf Creating the Search Index Ht//Dig Search Tool AdministrationHt//Dig Search Tool Administration Ht//Dig Indexing and Search Administration Link to Ht//Dig Search Index Updated Ht//Dig Configuration File Message Http//hostname/htdig/search.html Searching the IndexDocumentation Directories and Subsets for XML Components XML Component AdministrationDirectories and Subsets for XML Components Apache Axis Server Administration Apache Axis Server AdministrationApache Cocoon Servlet Administration Managing the Apache Axis Server Viewing the Cocoon Log Files Managing the Apache Cocoon ServletEnabling and Disabling the Cocoon Servlet Network Services Wrapped by Internet Express Network Security AdministrationTCP Wrapper Administration Network Services Wrapped by Internet Express Controlling Access to Other Network Services Modifying Access to a Wrapped Network Service Testing TCP Security Modifications Network Service Access Options FireScreen Administration FireScreen Administration Menu Installing FireScreen FireScreen Administration Checking FireScreen Installation Prerequisites Etc/rc.config file FireScreen Administration Install FireScreen Page with Gateway Screening Enabled Configuring FireScreen Setting Command-Line Options Configure FireScreen Menu Set Options Confirmation Setting the Screening Mode Adding a Screening Rule Add New Screening Rule Form Checking Syntax of Screening Rules Deleting a Screening Rule Starting and Stopping FireScreen Starting FireScreen Start/Stop FireScreen Form with Restart Option Enabled Stopping FireScreen Viewing the FireScreen Log Viewing FireScreen StatusViewing FireScreen Screening Rules Usr/internet/docs/snort Snort documentation Snort Intrusion Detection SystemViewing FireScreen Statistics Option Disable Decode Alert Configuring Snort DecoderConfiguring Snort Preprocessor Snort -vd -l ./log Viewing Alert Messages FreeRADIUS Server AdministrationRunning Snort Starting and Stopping the FreeRADIUS Server Considerations While Installing FreeRADIUSUnderstanding FreeRADIUS Configuration Files Users File Radiusd.conf file Configure --disable-shared make make installClients.conf file Viewing FreeRADIUS Log File Proxy Services Administration Proxy Services AdministrationDante Socks Server Administration Controlling the Dante Socks Server Accessing Dante Socks Information Squid Proxy/Caching Server AdministrationConfiguring the Dante Socks Server Squid Proxy/Caching Server Administration Managing the Squid Proxy/Caching Server Configuring the Squid Proxy/Caching ServerReinitializing the Disk Cache Displaying Access Statistics Rotating Log Files Controlling the Squid Proxy/Caching Server Understanding the Ldap Directory Schema Ldap Directory Server AdministrationUnderstanding the Ldap Directory Schema Example 6 Ldap Standard Object Class Definition for Person Using the Ldap BrowserLdap Directory Server Administration Managing Frequently Used Connections Installing and Running the Ldap BrowserConnecting to an Ldap Server Creating or Editing Frequently Used Connections Connecting to an Ldap Server using SSL Reconnecting to an Ldap Server Using the Main Browsing WindowDisconnecting from an Ldap Server Closing a Main Window Controlling Client-Side Schema CheckingOpening a New Main Window Viewing a Directory Entry in a Separate Window Deleting a Directory Entry Adding a New Directory EntryModifying a Directory Entry Copying a Directory Entry Adding Attributes Renaming a Directory EntryMoving a Directory Entry Modifying Attributes Creating Entry Templates Deleting AttributesManaging Directory Entry Templates Modifying Entry Templates Searching the Directory Viewing the Object Class SchemaViewing the Attribute Schema Configuring the OpenLDAP Directory Server Managing and Using the OpenLDAP Directory ServerUser Configuration File Managing the OpenLDAP Directory Server Ldap Directory Server Administration OpenSLP Overview OpenSLP AdministrationConfiguration Files and Examples Configuring Optional Security Configuring OpenSLPUsing the OpenSLP Configuration and Registration Files Running the Services Configuring OpenSLP Running the Example Configuration Considerations for Using SLP APIs Documentation Documentation OpenSLP Administration Administering Pure-FTP Server FTP Server AdministrationAdministering Pure-FTP Server Creating or Modifying an Anonymous Pure-FTP User Account Enabling or Disabling chroot Enabling or Disabling Anonymous Pure-FTP AccessFTP Server Administration Upload /data/ftp /pub yes ftp daemon Displaying Active Pure-FTP Users Enabling or Disabling Pure-FTP server Understanding the smb.conf Configuration File Samba File and Print Server AdministrationOptions for Modifying the smb.conf Configuration File Samba File and Print Server Administration Understanding the smb.conf Configuration File Workgroup Add the following value Administering the Samba Server Using the Swat Program Administering the Samba Server Using the Swat ProgramConfiguring the Samba Server Using the Swat Program Samba File and Print Server Administration Configure the Samba Server Menu Manage passwords see Section Administering Passwords Configuring Global VariablesConfiguring Share Parameters Controlling Printers Viewing the Current ConfigurationAdministering Passwords Viewing the Status of the Server Samba File and Print Server Administration InterNetNews Server Administration 225 INN Daemons Specifying INN Configuration DataInterNetNews Server Administration Configuring an External Newsfeed Configuring an External Newsfeed Article Retention Period Displaying an External NewsfeedRecommended Spool Space for News Articles Days 12 GB Adding an External Newsfeed Typically, a newsfeed has the following flags set Removing an External Newsfeed Modifying Newsfeed DefaultsModifying an External Newsfeed Managing Client Access Updating the Local Active File Access Groups Form Fields Displaying Client Access GroupsAdding a Client Access Group Modifying an Existing Client Access Group Removing a Client Access Group Adding Client Authentication Groups Displaying Client Authentication GroupsManaging Client Authentication Groups Client Authentication Groups Menu Fields Modifying Client Authentication Groups Usr/bin/news/auth/passwd Deleting Client Authentication Groups Configuring Storage OptionsConfiguring Storage Method Entries Configuring Storage Options Modifying a Storage Method Class Options on the Configure Storage MenuAdding a New Storage Method Class Displaying Cnfs Entries Configuring the Cnfs Storage MethodDeleting a Storage Method Class Adding New Cnfs Entries Modifying Cnfs Entries Deleting Cnfs Entries Managing Article ExpirationDisplaying Article Expiration Definitions Managing Article Expiration Adding an Article Expiration Definition Specific newsgroup for example, rec.photo Managing Article Expiration Modifying an Article Expiration Definition Specifying an Article Expiration Definition Modifying the Retention Period for Expired Articles Managing Local NewsgroupsDeleting an Article Expiration Definition Managing Local Newsgroups Deleting Local Newsgroups Viewing INN Log FilesCreating Local Newsgroups Controlling the INN Server Controlling the INN Server Internet Relay Chat Administration Internet Relay Chat AdministrationConfiguring IRC Controlling the IRC Server Installing PostgreSQL PostgreSQL Database and MySQL AdministrationInstalling PostgreSQL Starting and Stopping PostgreSQL Server PostgreSQL Database and MySQL Administration Viewing the PostgreSQL Log File Important Files and Directories Administering PostgreSQL AccountsAdministering PostgreSQL Accounts Running the Postmaster Startup Script Setting up a Crontab Entry for Vacuuming DatabasesUsing Existing PostgreSQL Accounts PostgreSQL Files and Directories Setting up a Crontab Entry for Vacuuming Databases PostgreSQL Database and MySQL Administration Setup Vacuum Crontab Form #/sbin/init.d/postgres start Scaling PostgreSQL#/sbin/init.d/postgres stop Scaling PostgreSQL #/sbin/sysconfig -q ipc#ps -ef grep postmaster Starting and Stopping MySQL Administering MySQLDirectories and Files Established by MySQL Installation MySQL Directories Viewing the MySQL Error Log Starting and Stopping the MySQL Server Using a Command LineMySQL Configuration Files MySQL Log Files Important Bind Files and Directories Bind Domain Name Server AdministrationBind Overview Bind Files and Directories Bind Binary File Directories Enabling Bind Enter /sbin/init.d/named start Enter /sbin/rcinet start Running the Bind Startup ScriptBind Documentation Running the Bind Startup Script Http//ops.ietf.org/dns/dynupd/secure-ddns-howto.html Controlling the Jabber Server JabberControlling the Jabber Server Twiki TwikiStarting TWiki Stunnel Sample client server configurationSample client server configuration Background OpenSSL Certificate Creation Sendmail Supplemental InformationCreating a Certificate of Authority Sample mail filter Section Mail Filter Example Mail Filter Example Mail Filter Example Sendmail Supplemental Information Smfiversion Glossary Glossary FTP 273 See also Https See TCP/IP 275 Index SymbolsIndex 277 Decus see Encompass deinstall.sh scriptWeb site, 30 external newsfeed adding Index 279 Ldap client, 87 Ldap commandsLog file FireScreen viewing, 183 login account Index 281 OpenLDAP Project Web sitePoppassd server controlling Screening mode, 178 screening rule FireScreen TIN 283