Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareHP HP-UX Bastille Software
21222324252627282930
1
Manual action may be required to complete configuration. For more information, see /etc/opt/sec_mgmt/
bastille/TODO.txt after update or installation.
2
The following ndd changes are made:
ip_forward_directed_broadcasts=0
ip_forward_src_routed=0
ip_forwarding=0
ip_ire_gw_probe=0
ip_pmtu_strategy=1
ip_send_source_quench=0
tcp_conn_request_max=4096
tcp_syn_rcvd_max=1000
3 Settings applied only if software is installed.
Table A-3 Additional Sec20MngDMZ security settings
1
ActionCategory
inetd services
Includes all disabled inetd services in Table A-2
Disable ftp
Disable telnet
Restrict syslog daemon to local connections
IPFilter configuration
2
Block incoming DNS query connections
Block incoming HIDS administration connections
3
,
4
Configure IPFilter to allow outbound traffic
Configure IPFilter to block incoming traffic with IP
options set
Configure IPFilter to block all other traffic except for
HP-UX Secure Shell, HIDS agent, WBEM, web admin,
web admin autostart,
5
and ICMP echo
1 Applies all security configuration settings in Table A-2.
2
Additional IPFilter rules may be applied with a custom rules file located at /etc/opt/sec_mgmt/bastille/
ipf.customrules.
3 HP-UX Host IDS is a selectable software bundle and only available for commercial servers.
4 Settings applied only if software is installed.
5
Manual action may be required to complete configuration. For more information, see /var/opt/sec_mgmt/
bastille/TODO.txt after installation or update.
Table A-4 Additional Sec30DMZ security settings
1
ActionCategory
IPFilter configuration
2
Includes all IPFilter settings in Table A-3
Block incoming HIDS agent connections
3
,
4
Block incoming WBEM connections
5
Block incoming web admin connections
Block incoming web admin autostart connections
Block all traffic except HP-UX Secure Shell
Block ICMP echo
1 Applies all security configuration settings in Table A-2 and Table A-3.
2
Additional IPFilter rules may be applied with a custom rules file located at /etc/opt/sec_mgmt/bastille/
ipf.customrules.
3 Settings applied only if software is installed.
4 HP-UX Host IDS is a selectable software bundle and only available for commercial servers.
5 WBEM is required for several HP management applications including HP Systems Insight Manager (SIM) and
ParMgr.
A.1 Choosing security levels 29