Managing Systems and Workgroups: A Guide for HP-UX System Administrators

Administering a System: Managing System Security

HP-UX Bastille

Chapter 8 831

Reverting Bastille

To revert the security conﬁguration to the state before Bastille was run,

execute the command:

# bastille -r

If there are any manual actions that need to be performed to restore the

pre-Bastille state, this process creates a ﬁle,

/var/opt/sec_mgmt/bastille/TOREVERT.txt. It is important that you

perform the listed actions.

Uninstalling Bastille

When Bastille is uninstalled from a system, with swremove, it does not

revert the system to its pre-Bastille state. Instead, it leaves behind a

revert-actions script, which allows you to “unapply” Bastille’s changes

yourself.

1. Execute the script:

# /var/opt/sec_mgmt/bastille/revert/revert-actions

2. Check for a /var/opt/sec_mgmt/bastille/TOREVERT.txt ﬁle. It is

only created if there are manual actions required. It is important

that you perform the listed actions.

(Alternatively, you could execute bastille -r before you uninstall it;

see “Reverting Bastille”, above.)

Interactions with Other Software

Since Bastille shuts off services and conﬁgures supported HP-UX

parameters, some tools that rely on other settings, or services that

Bastille turns off may not be fully functional or may cease to function.

• Security Patch Check

Bastille can conﬁgure Security Patch Check to run as a daily cron

job.

• IPFilter

Bastille can conﬁgure the IPFilter ﬁrewall software to constrain

incoming network trafﬁc.

• TCP/IP