1. Manuals
  2. Brands
  3. HP Manuals
  4. Software
  5. UX Bastille
  6. User manual

B Configuring Hp-Ux Bastille For Use With Serviceguard; Configuring Sec20Mngdmz Or Sec30Dmz Security Levels; Configuring Sec10Host Level - HP UX Bastille User Manual

Version b.3.3
Hide thumbs
Table of Contents

Advertisement

B Configuring HP-UX Bastille for use with Serviceguard

B.1 Configuring Sec20MngDMZ or Sec30DMZ security levels
Serviceguard uses dynamic ports. To enable operation, the possible-SG port range must be
opened. Opening the port range is not consistent with the security goals of Sec20MngDMZ
MANDMZ.config and Sec30DMZ DMZ.config because multiple services (including applications
similar to rcp), might also listen to this same port range. At these security levels, the firewall
provides security benefits consistent with the Serviceguard security deployment model.
For more information about HP-UX Bastille compatibility with Serviceguard, see the Serviceguard
documentation available at:
http://docs.hp.com/en/netsys.html.
Before you open the Serviceguard port range, review the required IPFilter-SG rules. IPFilter
documentation is available at:
http://docs.hp.com/en/internet.html
When the Serviceguard security patch of 2004 is installed, Serviceguard requires identd. To
enable identd:
1.
Edit the HP-UX Bastille /etc/opt/sec_mgmt/bastille/config configuration file by
changing the answer to the question:
Should Bastille ensure inetd's ident service does not run on this
system?
Change the answer from Y to N.
SecureInetd.deactivate_ident=N
2.
Apply the configuration file changes.
If you have not made any configuration changes to the system since the last time HP-UX
Bastille was used, use HP-UX Bastille to apply the changes.
a.
b.
If the you have applied configuration changes to the system since the last time HP-UX
Bastille was used, apply the changes manually.
a.
b.
B.2 Configuring Sec10Host level
If HP-UX Bastille is started using Sec10Host host.config level security, change the following
line:
SecureInetd.deactivate_ident=Y
Change the Y to N:
SecureInetd.deactivate_ident=N
If you are using the Serviceguard SNMP subagent, set:
MiscellaneousDaemons.snmpd=N
Revert to the previous HP-UX Bastille configuration:
# bastille -r
Apply the new HP-UX Bastille configuration:
# bastille -b
Remove the # from the /etc/inetd.conf file line:
#auth stream tcp6 wait bin /usr/lbin/identd identd
Force inetd to read the configuration:
# inetd -c
B.1 Configuring Sec20MngDMZ or Sec30DMZ security levels
31

Advertisement

Table of Contents
loading

Related Manuals for HP UX Bastille

Related Content for HP UX Bastille

This manual is also suitable for:

Ux bastille b.3.3

Table of Contents