HP-UX 11i v3 Installation and Update Guide, September 2007 (Update 1 Release)
Table 3-3 Host-based Sec10Host Install-time Security Settings (continued)
ActionsCategory
Disable ptydaemon
Disable pwgrd
Disable rbootd
Disable NFS client daemons
Disable NFS server
Disable NIS client programs
Disable NIS server programs
Disable SNMPD
Daemons
Deactivate bootp
Deactivate inetd's built-in services
Deactivate CDE helper services
Deactivate finger
Deactivate ident
Deactivate klogin and kshell
Deactivate ntalk
Deactivate login, shell, and exec services
Deactivate swat
Deactivate printer
Deactivate recserv
Deactivate tftp
Deactivate time
Deactivate uucp
Deactivates Event Monitoring Services (EMS) network communication
Enable logging for all inetd connections
inetd Services
Run sendmail via cron to process queue
Stop sendmail from running in daemon mode
Disable vrfy and expn commands
sendmail
Deactivate HP Apache 2.x Web Server
4
Set up cron job to run Software Assistant
2
Other Settings
1
Security settings listed here also apply to Sec20MngDMZ and Sec30DMZ
2
Manual action may be required to complete configuration. Refer to /etc/opt/sec_mgmt/bastille/
TODO.txt for more information, after install or update.
3
The following ndd changes will be made:
ip_forward_directed_broadcasts=0
ip_forward_src_routed=0
ip_forwarding=0
ip_ire_gw_probe=0
ip_pmtu_strategy=1
ip_send_source_quench=0
tcp_conn_request_max=4096
tcp_syn_rcvd_max=1000
4 Settings applied only if software is installed
Security Considerations 47