Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareHP HP-UX Bastille Software
51525354555657585960
sometimes configured to provide network services to other systems. Disable
these services unless you know of a specific reason to leave them enabled.
Actions
Kill processes: mrouted, rwhod, rarpd, rdpd, snapdaemon
Set MROUTED=0 in /etc/rc.config.d/netdaemons
Set RWHOD=0 in /etc/rc.config.d/netdaemons
Set RARPD=0 in /etc/rc.config.d/netconf
Set RDPD=0 in /etc/rc.config.d/netconf
Set START_SNAPLUS=0 in /etc/rc.config.d/snaplus2
Patches.spc_cron_run
Headline
Set up a cron job to run SWA or SPC.
Default Y
Description HP-UX Bastille can configure Software Assistant (SWA), or Security Patch
Check (SPC) to run daily using the cron scheduling daemon. Keeping a system
secure requires constant vigilance. Staying up-to-date on security bulletins
issued by Hewlett-Packard is critical. These tools are the easiest way to make
sure this system is compliant with the steps required in HP security bulletins.
A subscription to the HP security bulletin mailing list provides the latest
security fixes from HP.
NOTE: This question is asked whether or not you have Software Assistant,
or Security Patch Check installed so that HP-UX Bastille can pre-configure
cron to run these applications after they are installed.
NOTE: HP recommends SWA. SPC uses FTP, a clear-text, unauthenticated
protocol.
Register for notification of all HP security bulletins at http://www.itrc.hp.com.
Click on Maintenance and Support for HP Products then select Support
Information Digests.
Actions
Set a daily cron job to run SWA or SPC.
Patches.spc_cron_time
Headline Set hour for a security bulletin compliance report.
Default 11
Description Specify a number between 0 and 23, corresponding to the hour in your time
zone that is most convenient to run a security bulletin compliance report. For
example, if you specify 0, Security Patch Check runs between 12:00 A.M. and
12:59 A.M. in your local time zone. If you specify 23, the security bulletin
compliance report runs between 11:00 P.M. and 11:59 P.M.
Actions Parameter only.
Patches.spc_proxy_yn
Headline
Does this machine require a proxy to ftp to the Internet?
Default N
Description
Sets spc_proxy_yn.
Actions None.
Patches.spc_run
Headline Run SWA/SPC.
Default Y
Description Patching, updating, and configuring software to address known security
vulnerabilities is important for securing a system. SWA and SPC are tools
54 Question modules