HP-UX 11i Version 2 Installation and Update Guide, May 2005

Choosing an Installation Method

Security Considerations

Chapter 364

Daemons

Disable ptydaemon

Disable pwgrd

Disable rbootd

Disable NFS client daemons

Disable NFS server

Disable NIS client programs

Disable NIS server programs

Disable SNMPD

inetd Services

Deactivate bootp

Deactivate inetd’s built-in services

Deactivate CDE helper services

Deactivate finger

Deactivate ident

Deactivate klogin and kshell

Deactivate ntalk

Deactivate login, shell, and exec services

Deactivate swat

Deactivate printer

Deactivate recserv

Deactivate tftp

Deactivate time

Deactivate uucp

Enable logging for all inetd connections

sendmail

Run sendmail via cron to process queue

Stop sendmail from running in daemon mode

Disable vrfy and expn commands

Other Settings

Deactivate HP Apache 2.x Web Server

Set up cron job to Security Patch Check

1. Security settings listed here also apply to Sec20MngDMZ and Sec30DMZ

2. Manual action may be required to complete configuration. Refer to

/etc/opt/sec_mgmt/bastille/TODO.txt for more information, after install or

update.

Table 3-5 Host-based Sec10Host Install-time Security Settings

(Continued)

Category Actions