Manualshelf

HP-UX Bastille Version B.3.3 User Guide

ManualsBrandsHP ManualsSoftwareHP-UX 11i Bastille Software
61626364656667686970
Mapping to HP-UX BastilleLevel 1 benchmark for HP-UX 11i (v1.5.0)CIS
MiscellaneousDaemons.disable_rbootd
MiscellaneousDaemons.nfs_server
MiscellaneousDaemons.nfs_client
MiscellaneousDaemons.disable_ptydaemon
Apache.deactivate_hpws_apache
MiscellaneousDaemons.snmpd
MiscellaneousDaemons.nfs_core
MiscellaneousDaemons.other_boot_serv
MiscellaneousDaemons.disable_smbclient
MiscellaneousDaemons.disable_smbserver
MiscellaneousDaemons.disable_bind
Disable other standard boot services1.3.7
Not ApplicableOnly enable Windows-compatibility server processes1.3.8
Not ApplicableOnly enable Windows-compatibility client processes1.3.9
Not ApplicableOnly enable NFS server processes1.3.10
Not ApplicableOnly enable NFS client processes1.3.11
Not ApplicableOnly enable RPC-based services1.3.12
Not ApplicableOnly enable Web server1.3.13
Not ApplicableOnly enable BIND DNS server1.3.14
Kernel Tuning1.4
HP_UX.stack_executeEnable stack protection1.4.1
HP_UX.nddNetwork parameter modifications1.4.2
HP_UX.tcp_isnUse better TCP sequence numbers1.4.3
HP_UX.nddAdditional network parameter modifications1.4.4
File/Directory Permissions/Access1.5
Not ScorableSet Sticky Bit on World Writable Directories1.5.1
Not Scorable
Find unauthorized world-writable files and SUID/SGID
executables1.5.2
AccountSecurity.unowned_filesFind 'unowned' files and directories1.5.3
System Access, Authentication, and Authorization1.6
AccountSecurity.hidepasswordsEnable Hidden Passwords1.6.1
FTP.ftpusersRestrict users who can access to FTP1.6.2
MiscellaneousDaemons.syslog_localonlyPrevent Syslog from accepting messages from the network1.6.3
MiscellaneousDaemons.xaccessDisable XDMCP port1.6.4
HP_UX.screensaver_timeoutSet default-lock screensaver timeout1.6.5
Not ScorableConfigure IPFilter to allow only select communication1.6.6
AccountSecurity.cronuser
AccountSecurity.atuser
Restrict at/cron to authorized users1.6.7
AccountSecurity.crontabs_fileRestrict crontab file permissions1.6.8
AccountSecurity.create_securettyRestrict root logins to system console1.6.9
AccountSecurity.AUTH_MAXTRIESSet retry limit for account lockout1.6.10
MiscellaneousDaemons.nobody_secure_rpcDisable 'nobody' access for secure RPC1.6.11
Logging1.7
68 CIS mapping to HP-UX Bastille