HP UX System Management Software Modifying a Bastille-hardenedsystem to operate with Ignite-UX

Figure 31 Port usage: make_net_recovery initiated from the server

make_net_recovery Initiated from Server

or12

ssh (tcp)

22

[Run make_net_recovery command]

Proceed as make_net_recovery initiated from client

12.The server remotely executes make_net_recovery from the client. The command is run via remsh by default, or by ssh if the client was added for recovery on the server with the ssh option.

NOTE:

The client can specify to use privileged ports (1–1023) or not via the ssh_config directive. The default is non-privileged ports. If you want to configure ssh to use privileged ports, you have to make the client an suid program.

Figure 32 Port usage: make_sys_image initiated from the client

make_sys_image Initiated from Client

remsh (tcp)

514

[Golden archive]

or13

NFS (tcp/udp)

2049

[Golden archive]

13.The golden archive is written to the destination server via remsh or NFS. Note that make_sys_image does not need networking if the archive is written locally to the client.

Modifying a Bastille-hardened system to operate with Ignite-UX

HP-UX Bastille is a security hardening/lockdown tool that can be used to enhance the security of the HP-UX operating system. It provides customized lockdown on a system-by-system basis by encoding functionality similar to the Center for Internet Security (CIS) Level 1 Benchmark for HP-UX and other hardening/lockdown checklists. The Bastille technology is available in HP-UX 11i v1 and later versions of HP-UX.

This section describes how to make sure Ignite-UX requirements are enabled on your Bastille system.

For more information on HP-UX Bastille, see bastille(1M) , bastille_drift(1M), the HP-UX System Administrator's Guide: Security Management if you are running HP-UX 11i v3, and Managing

Modifying a Bastille-hardened system to operate with Ignite-UX 89