HP UX Bastille User Manual page 60

Description
Actions
SecureInetd.inetd_general
Headline
Default
Description
Actions
SecureInetd.log_inetd
Headline
Default
Description
Actions
SecureInetd.owner
Headline
Default
Description
Actions
Sendmail.sendmailcron
Headline
Default
Description
60 Question modules
Logging FTP connection and command activity is recommended. The only
reason not to do this is the frequency of logging from FTP fills logs more
quickly, particularly if FTP services are heavily used on this machine.
In the /etc/inetd.conf file, add the -l flag to the entry for ftpd.
Reminder to disable unneeded inetd services in the TODO.txt file.
N
Disable unneeded inetd services. Leave only those services running that are
critical to the operation of this machine. This is an example of the frequent
trade off between security and functionality. The most secure machine is not
very useful. For the most secure but useful system, enable only those services
which this system needs to fulfill its intended purpose. You can further restrict
access using the inetd.sec file or a program like tcpwrappers. If you
answer Y to this question, HP-UX Bastille also points you to information on
how to configure these tools.
IMPORTANT: Manual action required to complete this configuration. See
TODO.txt file for details.
Instructions for manual actions provided in TODO.txt list.
Enable logging for all inetd connections.
N
Logging connection attempts to inetd services is a good idea. The only reason
not to do this is the frequency of logging from inetd fills logs more quickly,
particularly if inetd services are heavily used on this machine.
In the /etc/rc.config.d/netdaemons file, add the -l flag to the
INETD_ARGS= parameter.
Who is responsible for granting authorization to use this machine?
The owner
HP-UX Bastille makes the banner more specific by telling the user who is
responsible for this machine. This will state explicitly who the user needs to
obtain authorization from to use this machine. Fill in the name of the company,
person, or other organization who owns or is responsible for this machine.
Parameter for default banner. No action.
Run sendmail via cron to process the queue.
Y
Should sendmail run every 15 minutes to process the mail queue by
processing and sending out email? If this machine does not run sendmail in
daemon mode, you might want to enable this to make your outbound mail
more reliable.
In most cases, mail queue processing is not required because most mailer
programs activate sendmail to process their particular message. A message
usually only gets written to the queue (and thus needs a cron entry) if
sendmail has trouble delivering it. For example if the receiving mail server
is down.