1. Manuals
  2. Brands
  3. HP Manuals
  4. Software
  5. UX Bastille
  6. User manual

Additional Sec20Mngdmz Security Settings; Additional Sec30Dmz Security Settings - HP UX Bastille User Manual

Version b.3.3
Hide thumbs
Table of Contents

Advertisement

1
Manual action may be required to complete configuration. For more information, see /etc/opt/sec_mgmt/
bastille/TODO.txt after update or installation.
2
The following ndd changes are made:
ip_forward_directed_broadcasts=0
ip_forward_src_routed=0
ip_forwarding=0
ip_ire_gw_probe=0
ip_pmtu_strategy=1
ip_send_source_quench=0
tcp_conn_request_max=4096
tcp_syn_rcvd_max=1000
3
Settings applied only if software is installed.
Table A-3 Additional Sec20MngDMZ security settings
Category
inetd services
2
IPFilter configuration
1
Applies all security configuration settings in
2
Additional IPFilter rules may be applied with a custom rules file located at /etc/opt/sec_mgmt/bastille/
ipf.customrules.
3
HP-UX Host IDS is a selectable software bundle and only available for commercial servers.
4
Settings applied only if software is installed.
5
Manual action may be required to complete configuration. For more information, see /var/opt/sec_mgmt/
bastille/TODO.txt after installation or update.
Table A-4 Additional Sec30DMZ security settings
Category
2
IPFilter configuration
1
Applies all security configuration settings in
2
Additional IPFilter rules may be applied with a custom rules file located at /etc/opt/sec_mgmt/bastille/
ipf.customrules.
3
Settings applied only if software is installed.
4
HP-UX Host IDS is a selectable software bundle and only available for commercial servers.
5
WBEM is required for several HP management applications including HP Systems Insight Manager (SIM) and
ParMgr.
1
Action
Includes all disabled inetd services in
Disable ftp
Disable telnet
Restrict syslog daemon to local connections
Block incoming DNS query connections
Block incoming HIDS administration connections
Configure IPFilter to allow outbound traffic
Configure IPFilter to block incoming traffic with IP
options set
Configure IPFilter to block all other traffic except for
HP-UX Secure Shell, HIDS agent, WBEM, web admin,
web admin autostart,
Table
A-2.
1
Action
Includes all IPFilter settings in
Block incoming HIDS agent connections
Block incoming WBEM connections
Block incoming web admin connections
Block incoming web admin autostart connections
Block all traffic except HP-UX Secure Shell
Block ICMP echo
Table A-2
and
Table
A-3.
Table A-2
5
and ICMP echo
Table A-3
3
4
,
5
A.1 Choosing security levels
3
4
,
29

Advertisement

Table of Contents
loading

Related Manuals for HP UX Bastille

Related Content for HP UX Bastille

This manual is also suitable for:

Ux bastille b.3.3

Table of Contents