HP-UX Bastille Version B.3.3 User Guide
Actions Enable incoming network traffic for this service by adding the following lines
to the /etc/opt/ipf/ipf.conf file when actively managed by HP-UX
Bastille:
# do allow DNSquery incoming connections
pass in quick proto udp from any to any port = domain keep
state"
IPFilter.block_hpidsadmin
Headline BLOCK incoming connections to the HIDS GUI with IPFilter.
Default Y
Description The HP-UX Host Intrusion Detection System (HIDS) Management GUI listens
on port 2984 for incoming connections initiated by HIDS agents on each
configured host. If you are not running the HP-UX Host HIDS GUI on this
hos, answer yes. If you are running the HP-UX Host HIDS GUI on this host,
and it only manages one LOCAL HIDS agent running on this host (i.e., you
are not managing any HIDS agents on any remote hosts using this GUI),
answer yes. If you are running an HP-UX Host HIDS GUI on this host and
you are managing some remote HIDS agents, answer no.
NOTE: Install and configure HIDS separately from HP-UX Bastille. For more
information, see http://www.hp.com/security.
Actions Enable incoming network traffic for this service by adding the following lines
to the /etc/opt/ipf/ipf.conf file when actively managed by HP-UX
Bastille:
# do allow hpidsadmin incoming connections
pass in quick proto tcp from any to any port = hpidsadmin flags S keep state
keep frags
IPFilter.block_hpidsagent
Headline BLOCK incoming HIDS agent connections with IPFilter.
Default N
Description HP-UX HIDS enhances host-level security with near realtime automatic
monitoring of each configured host for signs of potentially damaging
intrusions. HIDS contains a System Management GUI that allows the
administrator to configure, control, and monitor the HIDS system, and a
host-based agent which is an intrusion detection sensor, that gathers system
data, monitors system activity, and issues intrusion alerts. The communication
between the GUI and agents is encrypted. The agent listens on port 2985 for
incoming connections initiated by the GUI. If you are not running the HP-UX
Host Intrusion Detection System (HIDS) agent on this host, answer yes. If you
are running the HP-UX Host HIDS agent on this host but you are running the
HP-UX Host HIDS GUI locally on this host (i.e., you are not remotely managing
this agent by running the GUI on a remote host, answer yes. If you are running
an HP-UX Host HIDS agent locally on this host and you are remotely managing
this agent with a remote HP-UX Host HIDS System Management GUI, answer
no.
NOTE: You must install and configure HIDS separately from HP-UX Bastille.
For more information, see http://www.hp.com/security.
HIDS does not:
• Replace comprehensive security policies and procedures. You must define
and implement such security policies and procedures and configure HIDS
to enforce them. A lack of such policies, procedures, and configuration
46 Question modules