Manualshelf

Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
821822823824825826827828829830
Administering a System: Managing System Security
HP-UX Bastille
Chapter 8822
In the /etc/opt/sec_mgmt/bastille directory, you can copy a
custom configuration to the config file (perhaps one you made with
the interactive interface). Go to “Applying Bastille” on page 828 to
install it.
Typically, you would create a special configuration on one system and
then copy that configuration to other systems that you wish to
protect identically. You should also copy your modified TODO.txt file
in order to complete the process as described in “Applying Bastille”
on page 828.
Each system must be running the same version of the operating
system with the same Bastille-affected components installed for the
configuration to be noninteractive. If different software is installed
that causes Bastille to need more information, Bastille will quit with
an error indicating that it needs more information. If you then run
Bastille interactively, you will see the missing check marks for the
needed information.
You can use the interactive interface (see “Interactive Configuration”
on page 823) to create a new configuration or to modify a previous, or
predefined, or customized configuration file. To modify a
configuration, copy the old configuration into the
/etc/opt/sec_mgmt/bastille/config file.
IMPORTANT Bastille’s security model only permits it to increase security with each
invocation. Repeat invocations (bastille or bastille -b) can only
tighten or retain the current lockdown. To reduce the amount of
lockdown, you must first revert the system to its pre-Bastille state, with
bastille -r, and then reapply the restrictions at the level you want.
Reverting the system will also remove any intervening changes that you
made manually to the security configuration files that Bastille edits.
Although Bastille notifies you of this and saves the old files for manual
merging, you may prefer to determine the easier task: the number of
intervening changes to be merged (after reverting with Bastille) or
reducing your security settings (without reverting with Bastille).