Manualshelf

Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
821822823824825826827828829830
Administering a System: Managing System Security
HP-UX Bastille
Chapter 8830
If there are errors, Bastille has locked down your system as much as
possible. When you correct the problems, you can run bastille -b
to apply the rest of the lockdown.
If you prefer, you can return the system to its unlocked state with the
revert command, bastille -r, and then make any corrections that
you need.
2. Review the log files.
/var/opt/sec_mgmt/bastille/log/action-log
Records the specific actions that Bastille
performed.
/var/opt/sec_mgmt/bastille/log/error-log
Records any errors that were encountered.
/var/opt/sec_mgmt/bastille/log/level-application-actions
Records additional actions if Bastille was
configured and applied with the Install-Time
Security feature of Ignite-UX/Update-UX.
/var/opt/sec_mgmt/bastille/log/level-application-errors
Records additional errors if Bastille was configured
and applied with the Install-Time Security feature
of Ignite-UX/Update-UX.
3. Perform the actions listed in the file
/var/opt/sec_mgmt/bastille/TODO.txt.
You may wish to edit some of the commands since you may have
special circumstances. Many of those circumstances are described in
the explanations associated with questions in the interactive
configuration process.
We suggest that you delete or comment-out entries in the TODO.txt
list as you complete them.
Rerunning Bastille
You should rerun Bastille whenever new software or patches are
installed or if swverify is run with either the -x fix=true or -F option
to run vendor-specific fix scripts. It should also be rerun whenever
customizations are made that might loosen security. If the log files exist,
any new actions or errors are appended to the existing files.