Manualshelf

HP-UX 11i Version 2 Release Notes (October 2003)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Foundation OE LTU
181182183184185186187188189190
Security
Install-Time Security
Chapter 7
183
3. Sec20MngDMZ - Lockdown + block most incoming traffic with IPFilter firewall
4. Sec30DMZ - DMZ-Appropriate, Host-Based and IPFilter Network Lockdown
For precise configuration information, please refer to the README or Chapter 2 of the
HP-UX 11i v2 Installation and Update Guide.
The readme is available by running the swlist command as follows:
swlist -a readme -s <depot path> <Level Bundle>
Example:
swlist -a readme -s mysystem:/var/spool/sw Sec30DMZ
IMPORTANT During installation, you configure security elements on the Software Selection Screen.
This screen is used to configure a wide variety of optional software.
In the box on the left side of the screen, select Security Choices. In the right side box,
select which of the three SecLevel* Bastille nondefault security levels you want. You can
also select Security Patch Check and other security tools. See the HP-UX 11i v2
Installation and Update Guide for details.
The system is only secured during the first boot of the new kernel, when Install-Time
security has had a chance to run shortly after the software configuration phase. To
guarantee security during installation, a local install using media is recommended.
Impact
Install-time security makes it simpler for system administrators to configure the
Bastille security lockdown engine prior to first boot to one of four predefined security
configurations, ranging from none to DMZ.
Compatibility
See “Compatibility” on page 178.
Performance
There are no performance issues.
Documentation
HP-UX 11i v2 Installation and Update Guide
“HP-UX Bastille” on page 177
“Security Patch Check” on page 186
“HP-UX IPFilter” on page 180
Obsolescence
Not applicable.