Manualshelf

HP-UX Bastille Version B.3.3.01 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Bastille Software
12345678910
2 New features in this release
2.1 Support for HP-UX SRP version A.03.00
HP-UX SRP provides isolated operating environments (containers) within a single instance of the
HP-UX 11i v3 operating system (SRP host).
HP-UX Bastille can be used to lock down the HP-UX SRP host operating system and HP-UX SRP
containers running under the host, but with a subset of its normal collection of security lockdown
items.
The HP-UX SRP host operating system provides virtualization and namespace capabilities that affect
some of the same security functions and services that HP-UX Bastille attempts to lock down. Examples
of this overlap include HP-UX IPFilter and kernel networking configuration. When used on the HP-UX
SRP host operating system, HP-UX Bastille disables the application of lockdown items that might
conflict with HP-UX SRP. Within an HP-UX SRP container, additional security-related functions and
configurations cannot be modified because they are global resources for all containers and the
HP-UX SRP host. Therefore, additional lockdown restrictions apply when using HP-UX Bastille in an
HP-UX SRP container.
Two new HP-UX Bastille configuration profiles are included to provide default lock down selections:
SRPHOST.config Default file for the HP-UX SRP host system
SRPCONT.config Default settings for an HP-UX SRP container
NOTE: HP-UX Bastille configuration profiles created on a system without HP-UX SRP may contain
lockdown selections incompatible within HP-UX SRP. If invoked by HP-UX Bastille within an HP-UX
SRP host or container, these items are ignored and warning messages for extra lockdown items
may be generated.
NOTE: HP-UX Bastille Install-Time Security (ITS) product should not be used for HP-UX SRP host
machines.
The following HP-UX Bastille lock down items are not available in an HP-UX SRP system container:
AccountSecurity.block_system_accounts
AccountSecurity.serial_port_login
AccountSecurity.single_user_password
AccountSecurity.system_auditing
Apache.chrootapache
DNS.chrootbind
HP_UX.ndd
HP_UX.stack_execute
HP_UX.tcp_isn
HP_UX.restrict_swacls
HP_UX.screensaver_timeout
HP_UX.gui_banner
IPFilter.block_cfservd
IPFilter.block_DNSquery
IPFilter.block_hpidsadmin
IPFilter.block_hpidsagent
6 New features in this release