Manualshelf

Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
751752753754755756757758759760
Administering a System: Managing System Security
Managing Standard Passwords and System Access
Chapter 8752
Cancel system access promptly when a user is no longer an
employee.
Establish a regular audit schedule to review remote usage.
Connect the modems and dial-back equipment to a single HP-UX
system, and allow network services to reach the destination system
from that point.
Exceptions to dial-back must be made for UUCP access. Additional
restrictions are possible through proper UUCP configuration.
Another potential exception is file transfer via kermit. See kermit
(1).
If a security breach with unknown factors occurs, shut down both
network and telephone access and inform the network administrator.
To maximize security when configuring a dial-back modem system,
dedicate the dial-out mechanism to the dial-out function only. It
should not be configured to accept dial-in. Use another modem on
another telephone line for your dial-in service.
Protecting Programs from Illegal Execution
As of HP-UX 11i, a new kernel parameter, executable_stack, allows
you to prevent a program from executing code from its stack. This guards
against an intruder passing illegal data to a program, causing the
program to execute arbitrary code from its program stack.
By default, for backward compatibility, executable_stack is set to 1,
which allows stack execution. You can use SAM to change the value to 0,
preventing stack execution.
If a program does need to execute its stack, you can use the command
chatr +es enable
program
to allow stack execution. See chatr (1) for details.