PCI-DSS Compliance for an HP-UX Host

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software

Umaskyn Do you want to set the default umask

Umask What umask is default for users on the system

Hidepasswords Would you like to hide the encrypted passwords on

this system?

Single_user_password Would you like to password protect single-user

mode?

System_auditing Do you want basic system security auditing enabled?

ABORT_LOGIN_ON_MISSING_

HOMEDIR

Do not allow logins unless the home directory

exists?

Passwordpolicies Do you want to setup password policies?

MIN_PASSWORD_LENGTH What should the minimum length of NEW passwords

PASSWORD_HISTORY_DEPTH

Would you like to set a password history depth

PASSWORD_HISTORY_DEPTH Enter the password history depth.

PASSWORD_MAXDAYS Enter the maximum number of days between

password changes:

PASSWORD_MINDAYS Enter the minimum number of days between

password changes.

PASSWORD_WARNDAYS Enter the number of days a user will be warned that

their password will expire.

NOLOGIN Should non-root users be disallowed from logging in

if /etc/nologin exists?

NUMBER_OF_LOGINS_ALLOW

EDyn

Do you want to set a maximum number of logins per

user?

NUMBER_OF_LOGINS_ALLOW

Enter the maximum number of logins per user.

(simultaneous)

SU_DEFAULT_PATHyn Do you want to set a default path for the su

command

SU_DEFAULT_PATH Enter the new PATH upon su

Rootttylogins “Should we disallow root login on tty’s 1-6? [N]

create_securetty Should Bastille disallow root logins from network

TTYs? [N]

Removeaccounts Should Bastille ask you for extraneous accounts to

delete?

YES

removeaccounts_list Which extraneous accounts should Bastille delete

(space-separated)

List of

accounts to be

decided by

user

Removegroups Should Bastille ask you for extraneous groups to

delete?

YES

Forbiduserview Should we deactivate the graphical login’s user list

display? [N]

APACHE deactivate_hpws_apache Would you like to deactivate the HP Web Services

Apache Web Server?

YES

Apacheoff Would you like to deactivate the Apache web server?

[Y]

YES

Bindapachelocal Would you like to bind the Web server to listen only

to the localhost?