HP-UX 11i Version 2 Release Notes (October 2003)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Foundation OE LTU

171

172

173

174

175

176

177

178

179

180

Security

HP-UX Bastille

Chapter 7

178

Summary of Change

Previously available via the Web only, HP-UX Bastille 2.1 is now included in the HP-UX

11i v2 Operating Environments. The new version adds finer granularity of configuration,

improved question flow, better input validation, and new lockdown features to include

configuration of IPFilter and password shadowing.

HP-UX Bastille may also be downloaded from http://www.hp.com/go/bastille.

Impact

Since it is included in the Operating Environments, system administrators will find

Bastille easier to install and configure. In addition, Bastille can configure a system

during installation (and during later system operation) at one of four predefined security

configurations, ranging from none to a level appropriate for a network Demilitarized

Zone (DMZ).

Administrators can also create their own custom configurations through an interactive

runtime interface that poses and explains over 70 security issues.

For the effects of Bastille’s options on the Common Desktop Environment, see “Common

Desktop Environment (CDE)” on page 249.

Compatibility

Since Bastille shuts off services and configures supported HP-UX parameters, some tools

that rely on other settings, or services that Bastille turns off may either not be fully

functional or cease to function. Those conflicts are either described in general terms

within the security/compatibility questions that Bastille presents, or in the dependant

HP-UX application, as appropriate.

For the compatibility of Bastille's options with MC/ServiceGuard, see

“MC/ServiceGuard” on page 90.

Bastille and ITS rely on IPfilter for host-based firewall protection. Since IPFilter does

not support some interfaces currently, those interfaces would not be protected. For a full

list of supported interfaces, see the HP-UX IPFilter A.03.05.06 Release Notes at

http://www.docs.hp.com/hpux/onlinedocs/B9901-90020/B9901-90020.html.

Performance

There are no performance issues.

Documentation

Note that the Bastille product has incorporated the recommendations of a number of

security checklists and documents, including the now-retired HP-UX Bastion-Host

whitepaper into a rich and educational wizard-style interface.

More information can be found in the following documents:

• bastille (1M) manpage (add /opt/sec_mgmt/share/man/ to MANPATH)

• Bastille User’s Guide delivered in

/opt/sec_mgmt/bastille/docs/user_guide.txt

• HP-UX Bastille Web site at http://www.hp.com/go/bastille