User's Manual

ManualsBrandsHP ManualsSoftwareHP HP-UX Bastille Software

Default N

Description

The ftpusers file allows the administrator to set accounts that shall not be

allowed to log in through the ftpd. Default system users should not be allowed

access to the system through the ftpd because it sends the username and

password in clear text over the network. HP-UX Bastille disallows ftp logins

to a WU-FTPD server from the following users: root, daemon, bin, sys, adm,

uucp, lp, nuucp, hpdb, and guest. If you have a compelling reason to allow

these users ftp access, then answer no to this question. Use this as a secondary

measure if you deactivated the ftp server.

Actions

Add the following user names to the /etc/ftpd/ftpusers file: root,

daemon, bin, sys, adm, uucp, lp, nuucp, hpdb, and guest.

HP_UX.gui_banner

Headline Set up a login banner for graphical login.

Default N

Description Setting a GUI login banner notifies users that they may use the system, but

they are subject to local policy and monitoring. It also serves as notification

that the system is not for public use. This helps eliminate the claims of "I

thought anyone could use it."

Actions

For all Xresources files in /usr/dt/config/* directories, modify the

matching /etc/dt/config/*/Xresources file by adding the following

lines:

Dtlogin*greeting.labelString: "Authorized users only. All activity may be monitored and

reported."

Dtlogin*greeting.persLabelString: "Authorized users only. All activity may be monitored

and reported."

Create the matching /etc/dt/config/*/Xresources files if not present.

HP_UX.mail_config

Headline

Allow mailing of your configuration and TODO.txt files to HP.

Default N

Description The HP-UX Bastille development team would like to know how you use

HP-UX Bastille. Based on how you answer these questions, HP can meet your

needs better. You can help by sending your configuration and TODO.txt files

back to HP. Answering yes to this question does that automatically. If you

feel that your hostname or your security configuration is confidential,

answerno. The information is sent unencrypted over the public Internet. If

outbound mail is unable to reach the Internet from this machine, answer no.

If you have suggestions for improvements, new questions, code, or tests,

discuss these on the Bastille Linux discussion list at: http://lists.sourceforge.net/

mailman/listinfo/bastille-linux-discuss. You can provide feedback concerning

HP-UX Bastille directly to the IT Resource Center at http://itrc.hp.com, using

the System Administration or Security forum. Please send all comments. We

want to hear from you.

Actions

Mail the /etc/opt/sec_mgmt/bastille/config and /var/opt/

sec_mgmt/bastille/TODO.txt files to HP so we can improve HP-UX

Bastille.

HP_UX.ndd

Headline

Make suggested ndd changes.

Default N

Description

The ndd utility gets and sets network device parameters. The following is a

list of ndd changes HP-UX Bastille sets:

42 Question modules