HP-UX 11i Version 2 Installation and Update Guide, September 2004
Table Of Contents
- 1 Welcome to HP-UX 11i Version 2
- 2 System Requirements for Cold-Installing and Updating
- 3 Choosing an Installation Method
- Supported Cold-Install Paths to HP-UX 11i v2
- Supported Update Paths to HP-UX 11i v2
- Deciding Which Method to Use
- Time to Complete a Cold Install or Update
- When to Cold-Install
- When to Update
- Additional Cold-Install Considerations
- Additional Update Considerations
- Requirement for Updating from HP-UX 11i v1.6 (B.11.22)
- Requirement for Updating from Earlier Releases of HP-UX 11i v2 (B.11.23)
- HP Service Partition Is Not Created During Update (Itanium-based Systems Only)
- Update-UX Contains a Default-Installed Selection File
- Update-UX Creates Two Backup Configurations
- Security Considerations
- Standard HP-UX Bundle Considerations
- Online Diagnostics
- Offline Diagnostics
- The Next Step
- 4 Preparing to Install or Update to HP-UX 11i v2
- 5 Cold-Installing HP-UX 11i v2
- 6 Updating to HP-UX 11i v2
- 7 Installing HP Applications and Patches
- 8 Verifying System Install or Update
- A Data Collection Tables
- B Known Problems and Troubleshooting
- C Controlling Memory Utilization of VxFS 3.5 on HP-UX
- D Software Distribution Media
- HP-UX 11i v2 Core Software Bundles
- HP-UX 11i v2 Always-Installed Patch Bundles
- HP-UX 11i v2 Always-Installed Software Bundles
- HP-UX 11i v2 Always-Installed Network and Mass Storage Drivers
- HP-UX 11i v2 Default-Installed Software Bundles
- HP-UX 11i v2 Selectable Software Bundles
- HP-UX 11i v2 Selectable Network Drivers
Choosing an Installation Method
Security Considerations
Chapter 364
Table 3-5 Host-based Sec10Host Install-time Security Settings
1
Category Actions
Logins and
Passwords
Deny login unless home directory exists
Deny non-root logins if /etc/nologin file exists
Set a default path for su command
Disable root logins from network tty
Hide encrypted passwords
Disallow ftpd system account logins
Disable remote X logins
File System,
Network, and Kernel
Modify ndd settings
2,3
Restrict remote access to swlist
Set default umask
Enable kernel-based stack execute protection
Daemons
Disable ptydaemon
Disable pwgrd
Disable rbootd
Disable NFS client daemons
Disable NFS server
Disable NIS client programs
Disable NIS server programs
Disable SNMPD
inetd Services
Deactivate bootp
Deactivate inetd’s built-in services
Deactivate CDE helper services
Deactivate finger
Deactivate ident
Deactivate klogin and kshell
Deactivate ntalk
Deactivate login, shell, and exec services
Deactivate swat
Deactivate printer
Deactivate recserv
Deactivate tftp
Deactivate time
Deactivate uucp
Enable logging for all inetd connections
sendmail
Run sendmail via cron to process queue
Stop sendmail from running in daemon mode
Disable vrfy and expn commands