When HP-UX Bastille is removed from a system, it does not revert
the system to the state it was in before HP-UX Bastille was run. Instead,
removal of the software leaves behind the revert-actions script. This allows the administrator to revert the configuration
files that HP-UX Bastille has performed without having HP-UX Bastille
installed. In many cases, HP-UX Bastille changes are recorded at the
file level, so the revert-actions script is only
able to revert the files that have been modified.
In other cases, HP-UX Bastille makes more granular changes that
can be reverted programmatically even if you have made your own intervening
changes in the same file. For example, permissions can be reverted
to their original form even if you have modified the file on which
the permissions were changed.
Use swremove to remove HP-UX Bastille
from an HP-UX machine.
(Optional) To revert changes on a system where HP-UX
Bastille has been removed, enter the following commands:
# cd /var/opt/sec_mgmt/bastille/revert/
# chmod 0500 revert-actions
# ./revert-actions
# mv revert-actions revert-actions.last |
Check if a to-revert list, /var/opt/sec_mgmt/bastille/TOREVERT.txt, has been created. If one exists, perform the actions in the list
to complete the revert process.
Printable version
