HP-UX Bastille Version B.3.3 User Guide

If the PATH environment variable has not been updated, use:

# /opt/sec_mgmt/bastille/bin/bastille

Figure 3-1 shows the main screen of the HP-UX Bastille user interface.

Figure 3-1 HP-UX Bastille user interface

4. Answer the questions that appear on screen. The questions are categorized by function.

Check marks are used as completion indicators to track your progress through the program.

Only questions that apply to your operating system and relate to installed tools appear.

Each question explains a security issue and describes the resulting action needed to lock

down the HP-UX system. Each question also describes the high-level cost and benefit of

each decision.

Use the Explain More/Explain Less button for more or less verbose explanations. Not all

questions have both long and short answers. For a complete list of questions with detailed

information about each item, see Appendix C (page 33).

Table 3-1 Question modules

DescriptionQuestion module

Installs and configures applications for security bulletin compliance checkingPatches

Performs SUID and other permission tuningFilePermissions

Configures login settings and access to cron

AcountSecurity

Disables unrequired inetd services

Secureinetd

Turns off services that are often unrequired or a security riskMiscellaneousDaemons

Disables or configures mail securitySendmail

Disables or configures DNS securityDNS

Configures Apache web server securityApache

Configures FTP securityFTP

12 Using HP-UX Bastille