Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
HP-UX Bastille
Chapter 8820
Table 8-7 MANDMZ.config: Additional Security Settings
Category Actions
Includes all security settings from HOST.config (Table 8-6)
inetd Services Additions:
• Deactivate ftp
• Deactivate telnet
IPFilter
a
Additions:
• Block incoming DNS query connections
• Block incoming HIDS administration
connections
b
• Allow outbound traffic
• Block incoming traffic with IP options set
• Block all other traffic except:
c
— Secure Shell
— HIDS agent
b
— WBEM
— Web Admin
— Web Admin autostart
a. IPFilter rules are applied via a custom rules file located at
/etc/opt/sec_mgmt/bastille/ipf.customrules.
b. HIDS is a selectable software bundle.
c. Manual action may be required to complete configuration. See
/etc/opt/sec_mgmt/bastille/TODO.txt for more
information.