Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Controlling Security on a Network
Chapter 8784
4. Control root and local security on every node in your administrative
domain. A user with superuser privileges on any machine in the
domain can acquire those privileges on every machine in the domain.
5. Maintain consistency of user name, uid, and gid among password
files in your administrative domain.
6. Maintain consistency among any group files on all nodes in your
administrative domain.
For example, if you are working on system hq and you wish to check
consistency with system mfg, and mfg’s root file system is remotely
mounted to hq as /nfs/mfg/, enter
diff /etc/group /nfs/mfg/etc/group
If you see any output, your two /etc/group files are inconsistent.
Verifying Permission Settings on Network Control
Files
Modes, owners, and groups on all system files are set carefully. All
deviations from these values should be noted and corrected.
Pay particular attention to network control files, which reside in /etc,
and are notable targets because they provide access to the network itself.
Network control files should never be writable by the public. Among
them are:
exports List of file systems being exported to NFS clients
hosts Network hosts and their addresses
hosts.equiv Remote hosts allowed access equivalent to the local
host
inetd.conf Internet configuration file
netgroup List of network-wide groups
networks Network names and their addresses
protocols Protocol name database
services Services name database