User's Manual

ManualsBrandsHP ManualsSoftwareHP HP-UX Bastille Software

has physical access to the machine and enough time, there is very little you

can do to prevent unauthorized access. This may be more problematic when

an authorized administrator can't remember the password. Note: For HP-UX

11.22 and prior, this requires conversion to trusted mode. HP-UX Bastille will

automatically do the conversion if you select this option. Trusted mode is

incompatible with LDAP-UX client services prior to version 3.0 and can cause

other incompatibility issues with applications which do their own

authentication.

Actions

Sets the parameter BOOT_AUTH=1 in the /etc/default/security file. For

HP-UX 11.22 and prior, convert to trusted mode, and set ensure bootpw=YES

with modprdef.

AccountSecurity.SU_DEFAULT_PATH

Headline

Set the new PATH at su .

Default

/sbin:/usr/sbin:/bin:/usr/bin

Description

The SU_DEFAULT_PATH parameter defines a new default PATH environment

value to be set when su to a non-superuser account is executed. Refer to su(1).

Set SU_DEFAULT_PATH=new_PATH. This ensures that an su session will

always have a default PATH value, preventing the inheritance of a poisoned

PATH variable from your current login session. The PATH environment variable

is set to new_PATH when the su command is invoked. Other environment

values are not changed. The PATH value is not validated. This parameter does

not apply to a superuser account, and is applicable only when the "-" option

is not used along with the su command.

Actions

Sets the parameter SU_DEFAULT_PATH in the /etc/default/security

file.

AccountSecurity.SU_DEFAULT_PATHyn

Headline

Set a default path for the su command.

Default Y

Description

Set the SU_DEFAULT_PATHyn parameter.

Actions None.

AccountSecurity.system_auditing

Headline Basic system security auditing enabled.

Default N

Description Enabling basic system security auditing logs a subset of system calls. This

logging produces system overhead. If this system is in a performance sensitive

role, the risk of not logging may be less than the risk of incurring a small

amount of overhead.

Actions Configure and start auditing and acct programs. Convert to trusted mode if

necessary.

AccountSecurity.umask

Headline

Set umask for all users on the system.

Default 77

Description

The umask utility sets a default permission for files that you create. HP-UX

Bastille can set one of several umasks. Select one of the following or create

your own: 002–Everyone can read your files and people in your group can

alter them. 022–Everyone can read your files, but no one can write to them.

027–Only people in your group can read your files, but no one can write to

them. 077–No one on the system can read or write your files. In addition to

38 Question modules