HP-UX Bastille Version B.3.3 User Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Bastille Software

IMPORTANT: Review these tables carefully. Some locked-down services and protocols might

be used by other applications and have adverse effects on the behavior or functionality of these

applications. You can change these security settings after installing or updating your system.

Table A-2 Host-based Sec10Host, Sec20MngDMZ, and Sec30DMZ security settings

ActionCategory

Deny login unless home directory exists

Deny non-root logins if /etc/nologin file exists

Set a default path for su command

Deny root logins from network tty

Hide encrypted passwords

Deny ftp system account logins

Deny remote X logins

Logins and passwords

Modify ndd settings

Restrict remote access to swlist

Set default umask

Enable kernel-based stack execute protection

File system, network, and kernel

Disable ptydaemon

Disable pwgrd

Disable rbootd

Disable NFS client daemons

Disable NFS server

Disable NIS client programs

Disable NIS server programs

Disable SNMPD

Daemons

Disable bootp

Disable inetd built-in services

Disable CDE helper services

Disable finger

Disable ident

Disable klogin and kshell

Disable ntalk

Disable login, shell, and exec services

Disable swat

Disable printer

Disable recserv

Disable tftp

Disable time

Disable uucp

Disable Event Monitoring Services (EMS) network

communication

Enable logging for all inetd connections

inetd services

Run sendmail via cron to process queue

Stop sendmail from running in daemon mode

Disable vrfy and expn commands

sendmail

Disable HP Apache 2.x Web Server

Set up cron job to run SWA

Other settings

28 Install-Time Security (ITS) using HP-UX Bastille