HP-UX 11i Version 2 Installation and Update Guide, September 2004
Table Of Contents
- 1 Welcome to HP-UX 11i Version 2
- 2 System Requirements for Cold-Installing and Updating
- 3 Choosing an Installation Method
- Supported Cold-Install Paths to HP-UX 11i v2
- Supported Update Paths to HP-UX 11i v2
- Deciding Which Method to Use
- Time to Complete a Cold Install or Update
- When to Cold-Install
- When to Update
- Additional Cold-Install Considerations
- Additional Update Considerations
- Requirement for Updating from HP-UX 11i v1.6 (B.11.22)
- Requirement for Updating from Earlier Releases of HP-UX 11i v2 (B.11.23)
- HP Service Partition Is Not Created During Update (Itanium-based Systems Only)
- Update-UX Contains a Default-Installed Selection File
- Update-UX Creates Two Backup Configurations
- Security Considerations
- Standard HP-UX Bundle Considerations
- Online Diagnostics
- Offline Diagnostics
- The Next Step
- 4 Preparing to Install or Update to HP-UX 11i v2
- 5 Cold-Installing HP-UX 11i v2
- 6 Updating to HP-UX 11i v2
- 7 Installing HP Applications and Patches
- 8 Verifying System Install or Update
- A Data Collection Tables
- B Known Problems and Troubleshooting
- C Controlling Memory Utilization of VxFS 3.5 on HP-UX
- D Software Distribution Media
- HP-UX 11i v2 Core Software Bundles
- HP-UX 11i v2 Always-Installed Patch Bundles
- HP-UX 11i v2 Always-Installed Software Bundles
- HP-UX 11i v2 Always-Installed Network and Mass Storage Drivers
- HP-UX 11i v2 Default-Installed Software Bundles
- HP-UX 11i v2 Selectable Software Bundles
- HP-UX 11i v2 Selectable Network Drivers
Choosing an Installation Method
Security Considerations
Chapter 3 63
Secured Services and Protocols
Each security configuration bundle provides incrementally higher
security by locking down various protocols and services. HP-UX Bastille
uses a series of questions to determine which services and protocols to
secure. Using one of the Security Configuration bundles applies a default
security profile, simplifying the lockdown process.
The following tables detail the services and protocols affected by the
security bundles, listed in Table 3-4 on page 61, if you choose to apply
one at cold-install- or update-time:
• Table 3-5 on page 64 lists the security settings for Sec10Host. These
settings also apply to Sec20MngDMZ and Sec30DMZ.
• Table 3-6 on page 65 lists the security settings applied with
Sec20MngDMZ, in addition to the settings in Table 3-5.
• Table 3-7 on page 66 lists the security settings applied with
Sec30DMZ, in addition to the settings in Table 3-5 and Table 3-6.
IMPORTANT Review these tables carefully. Some of the locked down services and
protocols may be used by other applications, and may have adverse
effects on the behavior or functionality of these applications. For
example, Servicecontrol Manager and ParMgr rely on WBEM for part of
their functionality; Sec30DMZ blocks all incoming WBEM connections via
IPFilter.
You can change the security settings configured at cold-install- or
update-time by running HP-UX Bastille after installing or updating your
system. For more information about using HP-UX Bastille, refer to
Managing Systems and Workgroups: A Guide for HP-UX System
Administrators, or the HP-UX Bastille User’s Guide located on your
system at: /opt/sec_mgmt/bastille/docs/user_guide.txt