HP-UX Bastille Version B.3.3 User Guide
E CIS mapping to HP-UX Bastille
Mapping to HP-UX BastilleLevel 1 benchmark for HP-UX 11i (v1.5.0)CIS
HP-UX Bastille lock down itemsCIS benchmark sectionCIS ID
Patches and Additional Software1.1
Not ScorableApply latest OS patches1.1.1
MiscellaneousDaemons.configure_sshInstall and configure SSH1.1.2
Not ScorableInstall and Run Bastille1.1.3
Minimize inetd network services1.2
SecureInetd.deactivate_builtin
SecureInetd.deactivate_finger
SecureInetd.deactivate_ident
SecureInetd.deactivate_ntalk
SecureInetd.deactivate_recserv
SecureInetd.deactivate_time
SecureInetd.deactivate_uucp
SecureInetd.deactivate_telnet
SecureInetd.deactivate_ftp
SecureInetd.deactivate_rtools
SecureInetd.deactivate_tftp
SecureInetd.deactivate_printer
SecureInetd.deactivate_rquotad
SecureInetd.deactivate_dttools
SecureInetd.deactivate_ktools
SecureInetd.deactivate_bootp
Disable Standard Services1.2.1
Not ApplicableOnly enable telnet1.2.2
Not ApplicableOnly enable FTP1.2.3
Not ApplicableOnly enable rlogin/remsh/rcp1.2.4
Not ApplicableOnly enable TFTP1.2.5
Not ApplicableOnly enable printer service1.2.6
Not ApplicableOnly enable rquotad1.2.7
Not ApplicableOnly enable CDE-related daemons1.2.8
Not ApplicableOnly enable Kerberos-related daemons1.2.9
Not ApplicableOnly enable BOOTP/DHCP daemon1.2.10
Minimize boot services1.3
AccountSecurity.serial_port_loginDisable login: prompts on serial ports1.3.1
MiscellaneousDaemons.nis_client
MiscellaneousDaemons.nis_server
MiscellaneousDaemons.nisplus_server
MiscellaneousDaemons.nisplus_client
Disable NIS/NIS+ related processes1.3.2
Printing.printingDisable printer daemons1.3.3
AccountSecurity.gui_loginDisable GUI login1.3.4
Sendmail.sendmaildaemon
Sendmail.sendmailcron
Disable email server1.3.5
MiscellaneousDaemons.snmpdDisable SNMP and OpenVIew1.3.6
67