Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

981

982

983

984

985

986

987

988

989

990

Conﬁguring HP-UX Bastille: Interview

Bastille Conﬁguration Questions and Explanations for HP-UX

Appendix B 985

Sendmail Q: Would you like to disable the VRFY and EXPN sendmail commands?

[Y] [Y]

An attacker can use sendmail's vrfy (verify recipient existence)

and expn (expand recipient alias/list contents) commands to learn more

about accounts on the system. The expn command, for instance, could be

used to find out who the "postmaster" and "abuse" aliases redirect mail to,

which identifies which user account belongs to the system administrator.

These sendmail commands can probably be disabled without breaking anything

and will make the system cracker's job more difficult. The only reasons

to leave them on are (1) you are running an old-fashioned, friendly site,

(2) you are using them to debug your own mail server, or (3) the very small

chance that some software you use relies on this.

DNS Q: Would you like to chroot named and set it to run as a non-root user?

[N] [N]

The name server, "named", usually runs with privileged

access. This allows "named" to function correctly, but increases the

security risk if any vulnerabilities are found.

We can decrease this risk by running "named" as a non-privileged user and

by putting its files in a restricted file system (called a chroot jail).

NOTE: If a security vulnerability is found in one of the files that has been

placed inside of the "chroot jail" then that file must be manually patched

by copying the fixed file(s) into the jail.

For security reasons, it would be ideal to restrict every process which

is listening to untrusted data as much as possible. This is especially true

of network daemons, such as bind. If a vulnerability is found in the

daemon, then a chroot jail will contain any intrusions. Only a root process

can break out of a chroot jail, so Bastille will ensure that "named" is

not running as root. A successful attack on "named" in a chroot jail

running as a non-privileged user will allow the attacker to modify only

files owned or writeable by that non-privileged user and protect the

rest of the system.

HP-UX Note: The general structure of the jail will be created but several

entries will be added to Bastille's generated TODO list which require

MANUAL ACTION on your part. (HP-UX does not ship with a name server

configured by default, so much of this depends on how your system's name

server is configured.)

(MANUAL ACTION REQUIRED TO COMPLETE THIS CONFIGURATION,

see TODO list for details)

Apache Q: Would you like to deactivate the HP-distributed Apache 2.x Web

Server? [Y]