Manualshelf

Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
811812813814815816817818819820
Administering a System: Managing System Security
HP-UX Bastille
Chapter 8 815
HP-UX Bastille
Overview
Bastille is a security hardening, lockdown tool that can be used to
enhance the security of the HP-UX operating system. It provides
customized lockdown on a system-by-system basis by encoding
functionality similar to the Bastion Host (see “Documentation” on
page 832) and other hardening/lockdown checklists.
Bastille was originally developed by the open source community for use
on Linux systems. HP is contributing by providing Bastille on HP-UX.
Features
Configures daemons, system settings, and client software, such as
sendmail to be more secure
Turns off unneeded services, such as pwgrd and printing
Helps create chroot “jails” that help limit the vulnerability of
common Internet services such as web servers and Domain Name
Service (DNS)
Has an educational administrator interface
Removes security settings with a revert feature that returns the
security configuration to the state it was in before Bastille was run
Configures conversion to Trusted Systems or Shadowed Passwords,
as appropriate
Configures Security Patch Check to run automatically
Configures the IPFilter firewall
Installing Bastille
Beginning with HP-UX 11i v2, Bastille is included as default-installed
software on the Operating Environments media and can be installed
with Ignite-UX or Update-UX. See the HP-UX 11i Version 2 Installation
and Update Guide for details.