Table of Contents
Advertisement
IMPORTANT:
be used by other applications and have adverse effects on the behavior or functionality of these
applications. You can change these security settings after installing or updating your system.
Table A-2 Host-based Sec10Host, Sec20MngDMZ, and Sec30DMZ security settings
Category
Logins and passwords
File system, network, and kernel
Daemons
inetd services
sendmail
Other settings
28
Install-Time Security (ITS) using HP-UX Bastille
Review these tables carefully. Some locked-down services and protocols might
Action
Deny login unless home directory exists
Deny non-root logins if /etc/nologin file exists
Set a default path for su command
Deny root logins from network tty
Hide encrypted passwords
Deny ftp system account logins
Deny remote X logins
1
2
Modify ndd settings
,
Restrict remote access to swlist
Set default umask
Enable kernel-based stack execute protection
Disable ptydaemon
Disable pwgrd
Disable rbootd
Disable NFS client daemons
Disable NFS server
Disable NIS client programs
Disable NIS server programs
Disable SNMPD
Disable bootp
Disable inetd built-in services
Disable CDE helper services
Disable finger
Disable ident
Disable klogin and kshell
Disable ntalk
Disable login, shell, and exec services
Disable swat
Disable printer
Disable recserv
Disable tftp
Disable time
Disable uucp
Disable Event Monitoring Services (EMS) network
communication
Enable logging for all inetd connections
Run sendmail via cron to process queue
Stop sendmail from running in daemon mode
Disable vrfy and expn commands
Disable HP Apache 2.x Web Server
Set up cron job to run SWA
3
1
Advertisement
Table of Contents
