Manualshelf

HP-UX Bastille Version B.3.3.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Bastille Software
12345678910
1 About this product
HP-UX Bastille is a system hardening and reporting program that enhances the security of the HP-UX
operating system by consolidating essential hardening and lock-down checklists from industry and
government security organizations, and making them accessible to administrators in an easy to
use package. The HP-UX Bastille GUI interface guides users through creating a custom security
configuration profile. The policy configuration engine hardens HP-UX to specification by locking
down each selected security item. Security items include:
Configuring daemons, services, firewalls, and client software to use more secure settings
Disabling unused or unneeded inetd services
Creating chroot jails for commonly used server programs
Assessing the current HP-UX system against all relevant lock-down items with the reporting
feature
Applying saved configuration profiles to multiple similar machines with a command-line batch
mode
These HP-UX Bastille features ease compliance with regulatory requirements and industry-consensus
security benchmarks like the Center for Internet Security (CIS) benchmark. HP-UX Bastille also
facilitates internal and external security audits.
NOTE: HP-UX Bastille is built from the open-source, cross-platform software program Bastille. HP
made significant contributions to the open-source Bastille software over many years. The original
Linux version is now named Bastille-Linux to avoid confusion with other cross-platform
implementations, and is not covered by this document.
1.1 Features and benefits
HP-UX Bastille provides the following features and benefits:
Locks down the system
Increases security by configuring daemons and system settings
Turns off unnecessary services such as pwgrd
Assists with creation of chroot jails to partially limit the vulnerability of common internet
services such as web servers and DNS
Configures automatic runs of Software Assistant (SWA) or Security Patch Check
Configures an IPFilter-based firewall
Provides an interactive, wizard-style GUI interface
Guides users to optimize the trade off between security, usability, and functionality
Explanatory text helps less experienced administrators make appropriate security decisions
Reports security configuration state
Generates reports in HTML, text, and config file format
Establishes a baseline for comparison to later configuration differences with the
bastille_drift command
Returns the security configuration to the state before HP-UX Bastille was run with the revert -r
feature.
Provides a safety net in case of unexpected incompatible changes when hardening running
systems
4 About this product