Table of Contents
Advertisement
CIS
Level 1 benchmark for HP-UX 1 1i (v1.5.0)
1.7.1
Enable kernel-level auditing
1.7.2
Enable logging from inetd
1.7.3
Turn on additional logging for FTP daemon
1.8
User Accounts and Environment
1.8.1
Block system accounts
1.8.2
Verify that there are no accounts with empty password fields
1.8.3
Set account expiration parameters on active accounts
1.8.4
Set strong password enforcement policies
1.8.5
Verify no legacy '+' entries exist in passwd and group files
1.8.6
No '.' or group/world-writable directory in root $PATH
User home directories should be mode 750 or more
1.8.7
restrictive
1.8.8
No user dot-files should be group/world writable
1.8.9
Remove user .netrc, .rhosts and .shosts files
1.8.10
Set default umask for users
1.8.11
Set "mesg n" as default for all users
1.9
Warning Banners
1.9.1
Create warning banners for terminal-session logins
1.9.2
Create warning banners for GUI logins
1.9.3
Create warning banners for FTP daemon
Mapping to HP-UX Bastille
AccountSecurity.system_auditing
SecureInetd.log_inetd
SecureInetd.ftp_logging
AccountSecurity.block_system_accounts
AccountSecurity.lock_account_nopasswd
AccountSecurity.PASSWORD_MAXDAYS
AccountSecurity.PASSWORD_MINDAYS
AccountSecurity.PASSWORD_WARNDAYS
AccountSecurity.PASSWORD_HISTORY_DEPTH
AccountSecurity.MIN_PASSWORD_LENGTH
MiscellaneousDaemons.nis_client
AccountSecurity.root_path
AccountSecurity.restrict_home
AccountSecurity.user_dot_files
AccountSecurity.user_rc_files
AccountSecurity.umask
AccountSecurity.mesgn
SecureInetd.banners
HP_UX.gui_banner
FTP.ftpbanner
69
Advertisement
Table of Contents
