HP-UX 11i Version 2 Installation and Update Guide, September 2004
Table Of Contents
- 1 Welcome to HP-UX 11i Version 2
- 2 System Requirements for Cold-Installing and Updating
- 3 Choosing an Installation Method
- Supported Cold-Install Paths to HP-UX 11i v2
- Supported Update Paths to HP-UX 11i v2
- Deciding Which Method to Use
- Time to Complete a Cold Install or Update
- When to Cold-Install
- When to Update
- Additional Cold-Install Considerations
- Additional Update Considerations
- Requirement for Updating from HP-UX 11i v1.6 (B.11.22)
- Requirement for Updating from Earlier Releases of HP-UX 11i v2 (B.11.23)
- HP Service Partition Is Not Created During Update (Itanium-based Systems Only)
- Update-UX Contains a Default-Installed Selection File
- Update-UX Creates Two Backup Configurations
- Security Considerations
- Standard HP-UX Bundle Considerations
- Online Diagnostics
- Offline Diagnostics
- The Next Step
- 4 Preparing to Install or Update to HP-UX 11i v2
- 5 Cold-Installing HP-UX 11i v2
- 6 Updating to HP-UX 11i v2
- 7 Installing HP Applications and Patches
- 8 Verifying System Install or Update
- A Data Collection Tables
- B Known Problems and Troubleshooting
- C Controlling Memory Utilization of VxFS 3.5 on HP-UX
- D Software Distribution Media
- HP-UX 11i v2 Core Software Bundles
- HP-UX 11i v2 Always-Installed Patch Bundles
- HP-UX 11i v2 Always-Installed Software Bundles
- HP-UX 11i v2 Always-Installed Network and Mass Storage Drivers
- HP-UX 11i v2 Default-Installed Software Bundles
- HP-UX 11i v2 Selectable Software Bundles
- HP-UX 11i v2 Selectable Network Drivers
Choosing an Installation Method
Security Considerations
Chapter 3 65
Other Settings
Deactivate HP Apache 2.x Web Server
4
Set up cron job to Security Patch Check
2
1. Security settings listed here also apply to Sec20MngDMZ and Sec30DMZ
2. Manual action may be required to complete configuration. Refer to
/etc/opt/sec_mgmt/bastille/TODO.txt for more information, after install or
update.
3. The following ndd changes will be made:
ip_forward_directed_broadcasts=0
ip_forward_src_routed=0
ip_forwarding=0
ip_ire_gw_probe=0
ip_pmtu_strategy=1
ip_send_source_quench=0
tcp_conn_request_max=4096
tcp_syn_rcvd_max=1000
4. Settings applied only if software is installed
Table 3-6 Additional Sec20MngDMZ Install-time Security Settings
1
Category Actions
inetd Services Includes all disabled inetd services in Table 2-3 and:
Deactivate ftp
Deactivate telnet
IPFilter
Configuration
2
Block incoming DNS query connections
Block incoming HIDS administration connections
3,4
Configure IPFilter to allow outbound traffic, block
incoming traffic with IP options set, and all other traffic
except for HP-UX Secure Shell, HIDS agent, WBEM,
web admin and web admin autostart.
5
1. Applies all security configuration settings in Table 3-5
2. IPFilter rules are applied via a custom rules file located at
/etc/opt/sec_mgmt/bastille/ipf.customrules
3. HP-UX Host IDS is a selectable software bundle and only available for commercial
servers
4. Settings applied only if software is installed
5. Manual action may be required to complete configuration. Refer to
/var/opt/sec_mgmt/bastille/TODO.txt for more information, after install or
update.
Table 3-5 Host-based Sec10Host Install-time Security Settings
1
(Continued)
Category Actions