1. Manuals
  2. Brands
  3. HP Manuals
  4. Software
  5. UX Bastille
  6. User manual

HP UX Bastille User Manual page 51

Version b.3.3
Hide thumbs
Table of Contents

Advertisement

Description
The HP-UX diagnostics daemon can listen on a network port. The diagnostics
GUI can be run remotely for administrators and support personnel to find
and fix hardware problems. Later versions of this daemon have the option to
only listen to local UNIX domain sockets. This way, the GUI can still be run
locally to diagnose hardware problems, but it does not allow a network attacker
to take advantage of any vulnerabilities that might be found in the future.
Actions
Stop the diagnostics daemon.
Create the /var/stm/config/sys/local_only file.
Start the daemon.
MiscellaneousDaemons.disable_bind
Headline
Disable the Bind/DNS server on this system.
Default
Y
Description
The DNS server, Bind, is a useful but easily spoofed infrastructure for mapping
IP addresses to their associated host names. If this system is not a DNS server,
disable to reduce the risk to this system if an exploit is discovered.
Actions
If running, stop process named.
Set NAMED=0 in /etc/rc.config.d/namesvrs.
MiscellaneousDaemons.disable_ptydaemon
Headline
Disable both the ptydaemon and vtdaemon.
Default
N
Description
The ptydaemon is used by the shell layers (shl) software. The shl utility is
an alternative to job control. If no one on your system is going to use shl, you
can safely turn the ptydaemon off.
Actions
If running, stop process ptydaemon.
Set PTYDAEMON_START=0 in /etc/rc.config.d/ptydaemon.
MiscellaneousDaemons.disable_pwgrd
Headline
Disable pwgrd.
Default
N
Description
The pwgrd utility is the Password and Group Hashing and Caching daemon.
The pwgrd utility provides accelerated lookup of password and group
information for libc routines such as getpwuid and getgrname. However,
on systems with normal sized (less than 50 entries) password files, pwgrd
slows lookups due to UNIX domain sockets overhead. The security benefit of
turning this service off is also based on the principle of minimalism. This
daemon runs as root and accepts input from non-privileged users.
Actions
If running, stop process pwgrd.
Set PWGR=0 in /etc/rc.config.d/pwgr.
MiscellaneousDaemons.disable_rbootd
Headline
Deactivate rbootd.
Default
Y
Description
The rbootd daemon is used for the RMP protocol, which is a predecessor to
the "bootp" protocol which serves DHCP. Unless you are using this machine
to serve dynamic IP addresses to very old HP-UX systems (prior to 10.0, or
older than s712), you have no reason to run this.
51

Advertisement

Table of Contents
loading

Related Manuals for HP UX Bastille

Related Products for HP UX Bastille

This manual is also suitable for:

Ux bastille b.3.3

Table of Contents