Manualshelf

HP-UX 11i v3 Installation and Update Guide, March 2009 (Update 4 Release)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Enterprise OE
41424344454647484950
Table 3-5 Additional Sec30DMZ Install-time Security Settings
1
ActionsCategory
Includes all IPFilter settings in Table 3-4 and:
IPFilter Configuration
2
Block incoming HIDS agent connections
3,4
Block incoming WBEM connections
5
Block incoming web admin connections
Block incoming web admin autostart connections
Block all traffic except HP-UX Secure Shell
Block ICMP echo
1 Applies all security configuration settings in Table 3-3 and Table 3-4
2
Additional IPFilter rules may be applied via a custom rules file located at /etc/opt/sec_mgmt/
bastille/ipf.customrules
3 Settings applied only if software is installed
4 HP-UX Host IDS is a selectable software bundle and only available for commercial servers
5 WBEM is required for several HP management applications including HP Systems Insight Manager and
Partition Manager
Online Diagnostics
The diagnostics software, which is always-installed with HP-UX 11i v3, consists of two
product bundles:
OnlineDiag (Online Diagnostics)
SysFaultMgmt (System Fault Management [SFM])
These bundles include many tools to help verify, troubleshoot, and monitor PA-RISC
and Itanium-based system hardware such as processors, memory, power supplies,
fans, interface cards, and mass storage devices. For more information about these
products, see the following documents at http://docs.hp.com/en/diag.html:
Online Diagnostics (EMS and STM) Administrator's Guide
Administrator's and User's Guide for SFM
CAUTION: Removing the OnlineDiag bundle or the SysFaultMgmt bundle, or
both, prevents products with dependencies on the diagnostics from functioning
correctly. If the OnlineDiag bundle or the SysFaultMgmt bundle are not installed,
protections from some hardware failures are removed, and it is much harder to
troubleshoot and fix problems when a hardware failure occurs. The OnlineDiag and
SysFaultMgmt bundles are always-installed with any HP-UX 11i Operating
Environment.
Starting with the HP-UX 11i v3 March 2008 release, upon a successful OE upgrade,
SFM is the default monitoring system for monitoring the core hardware components.
Certain EMS Hardware Monitors (in the OnlineDiag bundle) are replaced by
SFMIndicationProvider and are shut down as soon as an OE upgrade is initiated.
Online Diagnostics 45