Filter
Top Products
Choosing a Migration Path
Install-time Security Considerations
Chapter 2 43
Install-time Security Considerations
Beginning with HP-UX 11i v2, HP-UX Bastille (B6849AA) is included as
default-installed software on the Operating Environment media and can
be installed with Ignite-UX or Update-UX.
HP-UX Bastille is a security hardening/lockdown tool that can be used to
enhance security of the HP-UX operating system. It provides customized
lockdown on a system-by-system basis by encoding functionality similar
to Bastion Host and other hardening/lockdown checklists.
NOTE For more information about HP-UX Bastille, see the HP-UX 11i Version
2 Release Notes and Managing Systems and Workgroups.
At install- or update-time, you can choose one of the following security
configuration bundles with each bundle providing incrementally higher
security:
Table 2-2 Predefined Security Configuration Bundles
Bundle
Name
Configuration
File Name
a
Description
Sec00Tools
b
- The install-time security infrastructure; no security
changes
Sec10Host
c
HOST.config Host-based lockdown: no firewall; many some common
clear-text services turned off, excluding Telnet and
FTP
Sec20MngDMZ
c
MANDMZ.config Lockdown: IPFilter firewall blocks incoming
connections except common, secured, management
protocols
Sec30DMZ
c
DMZ.config Full lockdown: IPFilter blocks all incoming
connections except HP-UX Secure Shell
a. Configuration files are installed to /etc/opt/sec_mgmt/bastille.
b. This is a default-installed bundle.
c. This is a selectable bundle.