HP-UX Bastille Version B.3.3 User Guide
Mapping to HP-UX BastilleLevel 1 benchmark for HP-UX 11i (v1.5.0)CIS
AccountSecurity.system_auditingEnable kernel-level auditing1.7.1
SecureInetd.log_inetdEnable logging from inetd1.7.2
SecureInetd.ftp_loggingTurn on additional logging for FTP daemon1.7.3
User Accounts and Environment1.8
AccountSecurity.block_system_accountsBlock system accounts1.8.1
AccountSecurity.lock_account_nopasswdVerify that there are no accounts with empty password fields1.8.2
AccountSecurity.PASSWORD_MAXDAYS
AccountSecurity.PASSWORD_MINDAYS
AccountSecurity.PASSWORD_WARNDAYS
Set account expiration parameters on active accounts1.8.3
AccountSecurity.PASSWORD_HISTORY_DEPTH
AccountSecurity.MIN_PASSWORD_LENGTH
Set strong password enforcement policies1.8.4
MiscellaneousDaemons.nis_clientVerify no legacy '+' entries exist in passwd and group files1.8.5
AccountSecurity.root_pathNo '.' or group/world-writable directory in root $PATH1.8.6
AccountSecurity.restrict_home
User home directories should be mode 750 or more
restrictive1.8.7
AccountSecurity.user_dot_filesNo user dot-files should be group/world writable1.8.8
AccountSecurity.user_rc_filesRemove user .netrc, .rhosts and .shosts files1.8.9
AccountSecurity.umaskSet default umask for users1.8.10
AccountSecurity.mesgnSet "mesg n" as default for all users1.8.11
Warning Banners1.9
SecureInetd.bannersCreate warning banners for terminal-session logins1.9.1
HP_UX.gui_bannerCreate warning banners for GUI logins1.9.2
FTP.ftpbannerCreate warning banners for FTP daemon1.9.3
69