Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
HP-UX Bastille
Chapter 8828
If you save your changes, the Finishing Up screen (Figure 8-8) gives you
one more chance to change the configuration, or you can exit without
applying the new configuration, or you can have the new configuration
applied immediately.
Figure 8-8 Bastille Finishing Up
When you exit from the interactive configuration by selecting “Apply
Configuration to System” from the Finishing Up screen (Figure 8-8),
Bastille automatically executes bastille -b. Go to “Applying Bastille”
on page 828 for details and to review the log files and perform any
necessary manual operations.
Applying Bastille
After you have prepared your configuration file (see “Configuring
Bastille” on page 821), you must apply the configuration. There are two
steps: run Bastille, and execute any recommendations from the
TODO.txt file.
1. Run Bastille.
# bastille -b
Bastille applies the changes it can do automatically and creates a
TODO.txt list of actions you must manually apply to the system.
This command is executed automatically if you installed Bastille
with a security option using Ignite-UX or Update-UX or if you chose
“Apply the configuration to the system” at the end of
interactive configuration.
For example:
NOTE: Entering Critical Code Execution.
Bastille has disabled keyboard interrupts.
NOTE: Bastille is scanning the system configuration...
Bastille is now locking down your system in accordance with your
answers in the "config" file. Please be patient as some modules