Systems and Workgroups: A Guide for HP-UX System Administrators for systems running HP-UX 11i v2 and earlier.

CAUTION: The configuration processes in this section change the security properties of your system. When enabling services, protocols, and ports, careful consideration must be given to the impact to your network and system security.

Enabling Ignite-UX server requirements

To make sure Ignite-UX requirements are enabled on the server, you must first discover your current lockdown state and then modify that state, if necessary, to allow selected daemons and services to run. You must also allow access to certain ports used by an Ignite-UX server.

1.Discover your current lockdown state.

If you are using Bastille 3.0 or later, create a configuration report. The report will be created in /var/opt/sec_mgmt/bastille/log/Assessment/ assessment-log.config.

#bastille --assessnobrowser

If you are using a version of Bastille earlier than 3.0, get the latest configuration file used by Bastille.

#bastille -l

NOTE: If you get the message

NOTE: The system is in its pre-bastilled state.

there is no need to proceed with this configuration, as daemons, services, and ports required by Ignite-UX are not locked-down in the pre-bastille state.

2.Copy the last configuration file used or the assessment report to a place of your choice.

3.Bring up the latest configuration in the Bastille GUI.

# bastille --os [HP-UX11.00 HP-UX11.11 HPUX11.23 HPUX11.31] -f filename

4.Make sure the settings in your configuration file for the following daemons and services are set to No. Note that if you have to change a setting from Yes to No, you will likely be required to enable that daemon or service on your system in order to use it. After you have made changes, save the configuration file to a place of your choice.

Would you like to deactivate the NFS server on this system Would you like to deactivate NIS client programs?

Should Bastille ensure inetd's bootp service does not run on this system? Should Bastille ensure inetd's TFTP service does not run on this system?

5.To update your firewall or have Bastille create a new one:

a.Backup your /etc/opt/ipf/ipf.conf file to a place of your choice.

b.Update the port information for the Bastille-enabled HP-UX IPFilter firewall by editing the file /etc/opt/sec_mgmt/bastille/ipf.customrules and making the following changes:

Add the words keep frags to the end of the udp outgoing rule line so it looks like pass out quick proto udp all keep state keep frags

Remove or comment-out the following line.

block in quick proto udp from any to any port = portmap

Add the following lines after the End allow outgoing rules section.

# ports required for Ignite-UX

############################################################

pass in log quick proto udp from any to any port = 69 keep state

pass in log quick proto udp from any port = 68 to any port = 67 keep state pass in log quick proto udp from any port = 1068 to any port = 1067 keep state pass in log quick proto tcp/udp from any to any port = 2049 keep frags

90 Security

Page 89 Page 91
Page 90
Image 90
HP UX System Management Software manual Enabling Ignite-UX server requirements, Remove or comment-out the following line
Page 89 Page 91

UX System Management Software specifications

HP-UX System Management Software is a robust suite of tools designed to facilitate the administration and management of HP's Unix-based operating system, HP-UX. As organizations increasingly rely on mission-critical applications, the need for a reliable and efficient management solution becomes paramount. HP-UX provides a comprehensive understanding of system performance, resource utilization, and enterprise-wide configuration, all while maintaining high availability and security.

One of the key features of HP-UX System Management Software is its Advanced System Administrator Toolkit. This toolkit includes a wide array of utilities that streamline daily administrative tasks such as monitoring system performance, managing user accounts, and configuring system settings. Tools such as Glance provide real-time monitoring of system resources, enabling administrators to identify bottlenecks and optimize performance.

The software also boasts an advanced security framework, including features such as Role-Based Access Control (RBAC) and Secure Shell (SSH) for secure data transmission. Security patches and updates can be managed through HP’s Service Pack for HP-UX, which provides a streamlined method for maintaining system integrity and compliance with various regulatory standards.

Another notable aspect is the extensive support for virtualization technologies. HP-UX supports HP’s Integrity Virtual Machines (IVMs) and vPars, allowing administrators to create multiple isolated environments on a single physical server. This not only enhances resource utilization but also improves disaster recovery planning by enabling easier backup and restore processes.

For storage management, HP-UX offers tools that enable easy setup and management of Logical Volume Managers (LVM). This allows simplified disk space allocation and management, ensuring that critical applications have the necessary resources without manual intervention.

Furthermore, HP-UX is designed with compatibility in mind, supporting a wide range of third-party applications and frameworks. Integration with management platforms like HP System Insight Manager enhances the ability to monitor and manage systems from a centralized perspective, providing alerts and reports that help in proactive decision-making.

In summary, HP-UX System Management Software delivers a streamlined approach to system administration, focusing on performance, security, and ease of management. Its advanced features, combined with an emphasis on virtualization and storage management, make it a powerful tool for organizations seeking reliability and efficiency in their Unix-based environments. As businesses continue to evolve, tools like HP-UX will remain crucial for ensuring consistent performance and operational excellence.
Top Page Image Contents