HP Serviceguard Version A.11.18 Release Notes, September 2008
Bastille Compatibility
To ensure compatibility between Serviceguard (and Serviceguard Manager) and Bastille,
do the following, depending on your environment:
• If Bastille is started using Sec10Host (host.config) level lock down, change
SecureInetd.deactivate_ident=Y to
SecureInetd.deactivate_ident="N"
• If Bastille is started using Sec20MngDMZ (mandmz.config) level lock down,
change SecureInetd.deactivate_ident=Y to
SecureInetd.deactivate_ident=N
• If Bastille is started using SIM.config, change
SecureInetd.deactivate_ident=Y to SecureInetd.deactivate_ident=N
• If Bastille is started using Sec30DMZ (dmz.config) level lock down, change
SecureInetd.deactivate_ident=Y to SecureInetd.deactivate_ident=N
and add the following rules to ipf.customrules:
pass in quick proto tcp from any to any port = 2301
pass in quick proto tcp from any to any port = 2381
pass in quick from <clusternodes> to any
pass out quick from any to <clusternodes>
In the above rules, <clusternodes> are all nodes in the cluster, including the
local node. The ipf.customrules file is located under the Bastille directory
itself.
IPFilter-Serviceguard rules are documented in the latest HP-UX IPFilter Administrator’s
Guide, posted at http://docs.hp.com/-> Internet and Security Solutions
-> IPFilter
For information on how to configure HP-UX Bastille Sec10Host to allow the identd
daemon to run, see the latest HP-UX 11i v3 Installation and Update Guide posted at
http://docs.hp.com under Core HP-UX/Operating Environments -> 11i
v3.
Before Installing Serviceguard A.11.18
Before you install Serviceguard A.11.18, you need to make sure that your cluster has
the correct hardware upgrades. If you are upgrading older systems, make sure your
HP representative reviews the firmware levels of SCSI controller cards and installs the
latest versions.
Memory Requirements
Serviceguard needs approximately 15.5 MB of lockable memory on each cluster node.
Compatibility Information and Installation Requirements 71