HP-UX 11i Version 2 Installation and Update Guide, May 2005
Choosing an Installation Method
Security Considerations
Chapter 358
Predefined Configuration Bundles
At cold-install- or update-time, you can choose one of the security
configuration bundles listed in Table 3-4, with each bundle providing
incrementally higher security.
NOTE When you select the Sec10Host configuration bundle, you may have
conflicts with other products. For more information on the Bastille
Sec10Host configuration bundle, refer to the HP-UX IPFilter Version
A.03.05.09 Administrator's Guide and the Managing Systems and
Workgroups: A Guide for System Administrators.
Table 3-4 Predefined Security Configuration Bundles
Bundle
Name
Configuration
File Name
1
Description
Sec00Tools
2
Not applicable The install-time security infrastructure; no security
changes
Sec10Host
3
HOST.config Host-based lockdown: no firewall; some common
clear-text services turned off, excluding Telnet and
FTP
Sec20MngDMZ
3
MANDMZ.config Lockdown with Secure Management: IPFilter firewall
blocks incoming connections except common, secured,
management protocols
Sec30DMZ
3
DMZ.config Network-DMZ Lockdown: IPFilter blocks all incoming
connections except HP-UX Secure Shell
1. Configuration files are installed to /etc/opt/sec_mgmt/bastille
2. This is a default-installed bundle.
3. This is a selectable bundle.