HP-UX 11i v2 Installation and Update Guide, June 2007
Choosing an Installation Method
Security Considerations
Chapter 3 57
Predefined Security Levels
At cold-install or update-time, you can choose one of the security levels
listed in Table 3-3, with each one providing incrementally higher
security.
NOTE When you select either the Sec30DMZ, or MngDMZ security level, IPFilter
will restrict inbound network connections. For more information on how
to add inbound ports to your /etc/opt/ipf.customerrules file, refer to
the HP-UX IPFilter Version A.03.05.09 Administrator's Guide and the
Managing Systems and Workgroups: A Guide for System Administrators.
Table 3-3 Predefined Security Configuration
Security
Level
Configuration
File Name
1
Description
Sec00Tools
2
Not applicable The install-time security infrastructure; no security
changes.
Sec10Host
3
HOST.config Host-based lockdown: no firewall; some common
clear-text services turned off, excluding Telnet and
FTP.
Sec20MngDMZ
3
MANDMZ.config Lockdown while allowing secure management:
IPFilter firewall blocks incoming connections except
common, secured, management protocols.
Sec30DMZ
3
DMZ.config Network-DMZ Lockdown: IPFilter blocks all incoming
connections except HP-UX Secure Shell.
1. Configuration files are installed to /etc/opt/sec_mgmt/bastille
2. Sec00Tools is installed by default.
3. Sec10Host, Sec20MngDMZ, and Sec30DMZ are selectable.