Managing Systems and Workgroups: A Guide for HP-UX System Administrators

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU

981

982

983

984

985

986

987

988

989

990

Conﬁguring HP-UX Bastille: Interview

Bastille Conﬁguration Questions and Explanations for HP-UX

Appendix B988

ip_forwarding 2 => 0

ip_ire_gw_probe 1 => 0

ip_pmtu_strategy 2 => 1

ip_send_redirects 1 => 0

ip_send_source_quench 1 => 0

tcp_conn_request_max 20 => 4096

tcp_syn_rcvd_max 500 => 1000

For more information on each of these parameters, run

ndd -h

Note: If you already have some non-default settings in effect, you will need to

merge the settings manually, and a reminder will be added to your TODO list.

(MANUAL ACTION MAY BE REQUIRED TO COMPLETE THIS CONFIGURATION,

see TODO list for details)

HP_UX Q: Would you like instructions in your TODO list on how to run a port

scan? [Y]

One of the final steps in lockdown is to verify that only the

services you need are still running. Several tools exist to do this,

including "netstat" which is included with HP-UX, and "lsof" (LiSt Open

Files), which is a free downloadable tool that can give you a lot of good

information about all the processes running on your system. If there are

processes running that you don't recognize, you might take this as an

opportunity to do some research and learn about them.

(MANUAL ACTION REQUIRED TO COMPLETE THIS CONFIGURATION,

see TODO list for details)

HP_UX Q: Would you like information about other security tools that HP has to

offer? [Y]

Although Bastille can help you configure a lot of the security

relevant features of your operating system, it is not a substitute for a

complete security solution. Such a solution includes properly configured

firewalls, network topologies, intrusion detection, policies, and user

education. Hewlett Packard has tools and resources to help with many

aspects of security.

HP_UX Q: Are you willing to mail your conﬁguration and TODO list to HP? [Y]

The HP-UX Bastille development team would like to know how you

are using Bastille. Based on how you answered these questions, HP can meet

your needs better. You can help by sending your configuration and

TODO files back to HP. Answering "yes" to this question will do

that for you automatically. If you feel that your hostname or your security

configuration is in any way confidential, then you should answer

"no" to this question, since the information will be sent

unencrypted over the public internet. Also, if outbound mail is