HP-UX 11i v3 Installation and Update Guide, March 2009 (Update 4 Release)
fewer steps on systems that had not been manually configured, after a user has
configured the system using the Bastille tool.
4. Do one of the following:
• Manually update the system configuration: Edit the /etc/inetd.conf file
by uncommenting (remove the #) the following line:
#auth stream tcp6 wait bin /usr/lbin/identd identd
Force inetd to reread the configuration by running the following command:
# inetd -c
• Use HP-UX Bastille to update the configuration: Revert to the previous HP-UX
Bastille configuration; then apply the new HP-UX Bastille configuration.
# bastille -r
# bastille -b
Configuring HP-UX Bastille Sec10Host
To configure the HP-UX Bastille Sec10 Host, refer to the Securing Serviceguard document
at
http://docs.hp.com/
CAUTION: When reverting to the configuration prior to the use of HP-UX Bastille,
note these precautions:
• Security configuration changes will be undone temporarily.
• Other manual configuration changes or additional software installed since HP-UX
Bastille was initially run may result in HP-UX Bastille requiring a manual merge
of configuration settings.
• Refer to the Bastille question text in the HP-UX System Administrator’s Guide or in
the Bastille GUI for detail on the precise interactions.
Security Choice Dependencies
The Sec00Tools security level is installed by default on your system. Although
Sec00Tools does not implement any security changes at cold-install- or update-time,
it does ensure that the required software (Figure 3-1) is installed. The Sec00Tools
security level contains the pre-built configuration files that you can use to create a
security level or you can use it as a template to create a custom security configuration.
The Sec00Tools security level also ensures that the software needed by those security
levels is present.
Alternately, you can lock down your system using one of the following selectable
security levels at cold-install- or update-time:
40 Choosing an Installation Method