HP-UX 11i v2 Installation and Update Guide, December 2005
Choosing an Installation Method
Security Considerations
Chapter 3 55
Predefined Security Levels
At cold-install- or update-time, you can choose one of the security levels
listed in Table 3-3, with each one providing incrementally higher
security.
NOTE When you select the Sec10Host security level, you may have conflicts
with other products. For more information on the Bastille Sec10Host
security level, refer to the HP-UX IPFilter Version A.03.05.09
Administrator's Guide and the Managing Systems and Workgroups: A
Guide for System Administrators.
Table 3-3 Predefined Security Configuration
Security
Level
Configuration
File Name
1
Description
Sec00Tools
2
Not applicable The install-time security infrastructure; no security
changes.
Sec10Host
3
HOST.config Host-based lockdown: no firewall; some common
clear-text services turned off, excluding Telnet and
FTP.
Sec20MngDMZ
3
MANDMZ.config Lockdown while allowinf secure management:
IPFilter firewall blocks incoming connections except
common, secured, management protocols.
Sec30DMZ
3
DMZ.config Network-DMZ Lockdown: IPFilter blocks all incoming
connections except HP-UX Secure Shell.
1. Configuration files are installed to /etc/opt/sec_mgmt/bastille
2. Sec00Tools is installed by default.
3. Sec10Host is selectable.