HP-UX 11i Version 2 Installation and Update Guide, May 2005

Choosing an Installation Method

Security Considerations

Chapter 362

These bundles are dependent on the Sec00Tools bundle.

Figure 3-1 Install-time Security Software Dependencies

Secured Services and Protocols

Each security configuration bundle provides incrementally higher

security by locking down various protocols and services. HP-UX Bastille

uses a series of questions to determine which services and protocols to

secure. Using one of the Security Configuration bundles applies a default

security profile, simplifying the lockdown process.

The following tables detail the services and protocols affected by the

security bundles, listed in Table 3-4 on page 58, if you choose to apply

one at cold-install- or update-time:

• Table 3-5 on page 63 lists the security settings for Sec10Host. These

settings also apply to Sec20MngDMZ and Sec30DMZ.

• Table 3-6 on page 65 lists the security settings applied with

Sec20MngDMZ, in addition to the settings in Table 3-5.

Sec20MngDMZ

Sec10Host

Sec30DMZ

Sec00Tools

IPFilter

Security

Patch

Check

HP-UX

Bastille

HP-UX

Secure

Shell

perl

Selectable security bundles

Default-installed bundles

These selectable bundles lock down

your system at cold-install- or

update-time. They depend on

Sec00Tools to install the needed

software to secure your system.

This default-installed bundle does

not apply any security at cold-install-

or update-time.

This default-installed software is

required to secure your system

either at cold-install- or update-time

or at a later time.

OpenSSL