Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

Administering a System: Managing System Security

HP-UX Bastille

Chapter 8818

Daemons • Disable ptydaemon

• Disable pwgrd

• Disable rbootd

• Disable NFS client daemons

• Disable NFS server

• Disable NIS client programs

• Disable NIS server programs

• Disable SNMPD

IPFilter • (No action)

Sendmail • Run sendmail via cron to process queue

• Stop sendmail from running in daemon

mode

• Disable vrfy and expn commands

Other settings

• Deactivate HP Apache 2.x Web Server

c

• Set up cron job to run Security Patch

Check

a

Inetd Services • Deactivate bootp

• Deactivate inetd’s built-in services

• Deactivate CDE helper services

• Deactivate finger

• Deactivate ident

• Deactivate klogin and kshell

• Deactivate ntalk

• Deactivate login, shell, and exec services

• Deactivate swat

• Deactivate printer

• Deactivate recserv

• Deactivate tftp

• Deactivate time

• Deactivate uucp

• Enable logging for all inetd connections

a. Manual action may be required to complete conﬁguration. See

/etc/opt/sec_mgmt/bastille/TODO.txt for more

information, after install or update.

Table 8-6 HOST.conﬁg: Host-Based Security Settings (Continued)

Category Actions