#ports required for Ignite-UX

############################################################

pass in log quick proto icmp from any to any icmp-type 8 keep state pass in log quick proto tcp from any to any port = 512

pass in log quick proto tcp from any to any port = 514

pass in log quick proto tcp/udp from any port = 2049 to any keep frags pass in log quick proto tcp/udp from any to any port 49152 >< 65535

c.In the IPFilter Module of Bastille, change the following line to Yes if it is not already.

Should Bastille setup basic firewall rules with these properties?

d.Run Bastille.

#bastille -b-fyour_configuration_file

6.If a Bastille baseline had been created for the system, update that baseline.

# bastille_drift --save_baseline baseline

Configuring Ignite to replace TFTP with NFS

Beginning with Ignite-UX version C.7.9, it is possible to configure the Ignite-UX loadfile utility to use NFS instead of TFTP for network access to the Ignite server. This allows users to avoid use of TFTP except during direct network boot of the install kernel. The TFTP protocol can be avoided entirely if the system being installed is booted from media (including vMedia) or via the bootsys command.

Overview

In order to use this functionality, minor modifications to Ignite-UX configuration files might have be made to the Ignite-UX server system. These modifications fall into the following categories:

Add a keyword to the appropriate configuration files instructing Ignite to use NFS instead of TFTP.

Ensure config files are located in an acceptable directory that is NFS-mounted during the installation. Make sure the INDEX file refers to the config files in their new (C.7.9 and later) locations as outlined below.

Disable the TFTP daemon.

NOTE: Because of changes necessary to replace TFTP with NFS, beginning with C.7.9 the locations of three Ignite product files have moved. Ignite automatically creates symbolic links from the old file to the new file location. These files are:

Table 7 Ignite Product Files Moved in Version C.7.9 and Later

Pre-C.7.9 Location

C.7.9 and Later Location

/opt/ignite/Version

/opt/ignite/data/Version

/var/opt/ignite/INDEX

/var/opt/ignite/data/INDEX

/var/opt/ignite/config.local

/var/opt/ignite/data/config.local

Procedure

1.Add the _hp_loadfile_use_nfs keyword.

HP recommends placing this in the config section of the install file system. Use your environment’s HP-UX version and install file system in the following commands.

First, change the working directory to the release-specific boot directory and grab the config content:

#cd /opt/ignite/boot/Rel_B.11.31

#instl_adm -d > /tmp/ifs.cfg

92 Security

Page 92
Image 92
HP UX System Management Software manual Configuring Ignite to replace Tftp with NFS, Overview, Procedure

UX System Management Software specifications

HP-UX System Management Software is a robust suite of tools designed to facilitate the administration and management of HP's Unix-based operating system, HP-UX. As organizations increasingly rely on mission-critical applications, the need for a reliable and efficient management solution becomes paramount. HP-UX provides a comprehensive understanding of system performance, resource utilization, and enterprise-wide configuration, all while maintaining high availability and security.

One of the key features of HP-UX System Management Software is its Advanced System Administrator Toolkit. This toolkit includes a wide array of utilities that streamline daily administrative tasks such as monitoring system performance, managing user accounts, and configuring system settings. Tools such as Glance provide real-time monitoring of system resources, enabling administrators to identify bottlenecks and optimize performance.

The software also boasts an advanced security framework, including features such as Role-Based Access Control (RBAC) and Secure Shell (SSH) for secure data transmission. Security patches and updates can be managed through HP’s Service Pack for HP-UX, which provides a streamlined method for maintaining system integrity and compliance with various regulatory standards.

Another notable aspect is the extensive support for virtualization technologies. HP-UX supports HP’s Integrity Virtual Machines (IVMs) and vPars, allowing administrators to create multiple isolated environments on a single physical server. This not only enhances resource utilization but also improves disaster recovery planning by enabling easier backup and restore processes.

For storage management, HP-UX offers tools that enable easy setup and management of Logical Volume Managers (LVM). This allows simplified disk space allocation and management, ensuring that critical applications have the necessary resources without manual intervention.

Furthermore, HP-UX is designed with compatibility in mind, supporting a wide range of third-party applications and frameworks. Integration with management platforms like HP System Insight Manager enhances the ability to monitor and manage systems from a centralized perspective, providing alerts and reports that help in proactive decision-making.

In summary, HP-UX System Management Software delivers a streamlined approach to system administration, focusing on performance, security, and ease of management. Its advanced features, combined with an emphasis on virtualization and storage management, make it a powerful tool for organizations seeking reliability and efficiency in their Unix-based environments. As businesses continue to evolve, tools like HP-UX will remain crucial for ensuring consistent performance and operational excellence.