Manualshelf

User's Manual

ManualsBrandsHP ManualsSoftwareHP HP-UX Bastille Software
12345678910
1 About this product
HP-UX Bastille is a system hardening and reporting program that enhances the security of the
HP-UX operating system by consolidating essential hardening and lock-down checklists from
industry and government security organizations, and making them accessible to administrators
in an easy to use package. The HP-UX Bastille GUI interface guides users through creating a
custom security configuration profile. The policy configuration engine hardens HP-UX to
specification by locking down each selected security item. Security items include:
Configuring daemons, services, firewalls, and client software to use more secure settings
Disabling unused or unneeded inetd services
Creating chroot jails for commonly used server programs
Assessing the current HP-UX system against all relevant lock-down items with the reporting
feature
Applying saved configuration profiles to multiple similar machines with a command-line
batch mode
These HP-UX Bastille features ease compliance with regulatory requirements and
industry-consensus security benchmarks like the Center for Internet Security (CIS) benchmark.
HP-UX Bastille also facilitates internal and external security audits.
NOTE: HP-UX Bastille is built from the open-source, cross-platform software program Bastille.
HP made significant contributions to the open-source Bastille software over many years. The
original Linux version is now named Bastille-Linux to avoid confusion with other cross-platform
implementations, and is not covered by this document.
1.1 Features and benefits
HP-UX Bastille provides the following features and benefits:
Locks down the system
Increases security by configuring daemons and system settings
Turns off unnecessary services such as pwgrd
Assists with creation of chroot jails to partially limit the vulnerability of common
internet services such as web servers and DNS
Configures automatic runs of Software Assistant (SWA) or Security Patch Check
Configures an IPFilter-based firewall
Provides an interactive, wizard-style GUI interface
Guides users to optimize the trade off between security, usability, and functionality
Explanatory text helps less experienced administrators make appropriate security
decisions
Reports security configuration state
Generates reports in HTML, text, and config file format
Establishes a baseline for comparison to later configuration differences with the
bastille_drift command
Returns the security configuration to the state before HP-UX Bastille was run with the revert
-r feature.
Provides a safety net in case of unexpected incompatible changes when hardening
running systems
Integrates with HP Systems Insight Manager (SIM)
Locks down and reporting available from SIM menus
SIM.config pretested configuration for SIM server lock down
1.1 Features and benefits 7