Manualshelf

HP-UX Bastille Version B.3.3 User Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Bastille Software
11121314151617181920
Table 3-1 Question modules (continued)
DescriptionQuestion module
Configures security services that are unique to the HP-UX platformHP-UX
Creates an IPFilter-based firewallIPFilter
5. After you answer all the questions, the Save/Apply button appears. If you want to proceed
to configuring the system, click the Save/Apply button to save and apply your configuration.
HP-UX Bastille applies the changes as described in “Configuring a system” (page 13).
NOTE: You can use the menu bar to save or load a configuration file at any time during
the process. However, your configuration file contains additional questions that might be
irrelevant to the target system unless the file is saved with the Save/Apply button. This
button is at the end of the question list and only available after all the questions are complete.
The Save/Apply mechanism always saves a copy in the default location /etc/opt/
sec_mgmt/bastille/config. To save your configuration file in the location of your
choice, use the menu bar File item.
3.2 Configuring a system
1. Depending on the mode you are using:
If you are running HP-UX Bastille in batch mode to make configuration changes:
If you are using the default configuration file path /etc/opt/sec_mgmt/
bastille/config:
# bastille -b
Otherwise, specify the path to the configuration file explicity with the -f option:
# bastille -b -f file
If you are continuing from an HP-UX Bastille GUI session that is creating or modifying
the configuration file (see “Creating a security configuration profile” (page 11)), status
messages from the configuration process appear in the GUI box.
2. Review log files. To view the logs in real time:
# tail -f <log file>
The action log contains the steps performed when the system was changed. It is only created
if the changes are applied to the system. Action log files appear in /var/opt/sec_mgmt/
bastille/log/action-log.
The error log contains any errors encountered when the system was changed. It is only
created if errors occur during execution. Error log files appear in /var/opt/sec_mgmt/
bastille/log/error-log.
3. Complete the items in the TODO.txt file. This list is located in /var/opt/sec_mgmt/
bastille/TODO.txt.
NOTE: Changes must be applied to the system to create the TODO.txt file.
The configuration is secure after the items in the TODO.txt file are completed.
3.3 Assessing a system
HP-UX Bastille can assess the status of a system with the --assess or --assessnobrowser
options. The --assess option displays the report in a local browser.
The --assessnobrowser option saves the report in the following file locations:
3.2 Configuring a system 13