User's Manual
/var/opt/sec_mgmt/bastille/log/Assessment/assessment-report.html
/var/opt/sec_mgmt/bastille/log/Assessment/assessment-report.txt
/var/opt/sec_mgmt/bastille/log/Assessment/assessment-report-log.txt
Figure 3-2 Standard assessment report
For each question, the standard report lists one of the following results:
Yes The associated HP-UX Bastille lock down is applied to the
product or service shipped with HP-UX. The status of
products or services that are not shipped with the HP-UX OE
is not always detected. HP-UX Bastille might not detect all
variations of ways to disable or enable a service or feature.
Accepted standard configurations are detected.
No The configuration for the corresponding question is not
applied.
<Set to value> Displays the non-Boolean setting corresponding to the
question.
Not Defined A non-Boolean setting is defined, but is not set. The system
default settings apply.
N/A: S/W Not Installed The relevant software is not installed, so lock down for this
item is not necessary.
3.3.1 Using scored reports
HP-UX Bastille assessment reports can be scored to show the percentage of selected lock-down
items that are properly secured on the system. This provides a single indicator to judge the initial
security configuration state of a system, or to gauge the hardening progress when incrementally
aligning a system to a security configuration goal.
For example, a weights file can be prepared to select only HP-UX Bastille lock-down items that
match equivalent items in an industry-consensus security benchmark. By reviewing scored
reports using this file on all similar HP-UX servers in the datacenter, a systems manager can
evaluate the resources required to bring these servers into compliance with the benchmark.
14 Using HP-UX Bastille