Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
HP-UX Bastille
Chapter 8 833
Command Execution
The bastille command performs the following operations.
bastille Starts an interactive session to create a configuration
file for HP-UX in the configuration file,
/etc/opt/sec_mgmt/bastille/config.
bastille -b Executes the instructions in the configuration file,
automatically making some changes to your system
and creating a TODO.txt list of commands for you to
edit and execute.
You can create the configuration file interactively, as
above, or copy a predefined file into the configuration
file. This is useful whether you want to use one of the
files described in “Predefined Configuration Files” on
page 817 to distribute a standard file of your own
making to several systems.
bastille -l Lists the configuration files in
/etc/opt/sec_mgmt/bastille that correspond to the
last run of bastille.
bastille -r Returns your system to its fully “unlockeddown” state,
automatically undoing some changes and providing a
TODO.txt list of commands for you to edit and execute.
bastille --os Displays the names of operating systems that are
supported by Bastille.
bastille --os
osname
Starts an interactive session to create a configuration
file for the
osname
operating system.
Configuration and Log Files
Bastille uses and/or creates the following configuration and log files:
/etc/opt/sec_mgmt/bastille/config
Current configuration file that will be processed by the
command bastille -b.
/etc/opt/sec_mgmt/bastille/DMZ.config
Predefined configuration file. See “Predefined
Configuration Files” on page 817.