United States-English

HP-UX System Administrator's Guide: Security Management: HP-UX 11i Version 3

Part I Protecting Systems

»

Technical documentation


	Complete book in PDF


»	Feedback

» Table of Contents

» Glossary

» Index

Protecting Systems

One critical factor in enterprise security is system minimization and hardening. HP-UX 11i offers a set of security features designed to address known and unknown vulnerabilities by running only the services that are needed, thus minimizing a potential point of attack.

This section discusses the following HP-UX tools that protect a system against an attack, and detect and react to threats:

Installing the HP-UX operating environment securely (Chapter 1)
Administering user and system security (Chapter 2)
HP-UX Bastille (Chapter 3)
Standard Mode Security Extensions (Chapter 4)
Remote access security administration (Chapter 5)

Table of Contents

1 Installing the HP-UX Operating Environment Securely

Installation Security Considerations
Preventing Security Breaches During the Boot Process
Enable Login Security for root
Using Boot Authentication to Prevent Unauthorized Access
Setting Install-Time Security Options
Installing Security Patches
Postinstallation Security Tips for Backup and Recovery

2 Administering User and System Security

Managing User Access

Monitoring User Accounts
Monitoring Guest Accounts
Creating Application User Accounts
Managing Group Accounts

Authenticating Users During Login

Explanation of the Login Process
Checking the login Tracking Files (btmp and wtmp)
Checking Who Is Logged In

Authenticating Users with PAM

Overview
PAM Libraries
Systemwide Configuration Using /etc/pam.conf
Sample /etc/pam.conf File
The /etc/pam_user.conf User Configuration File
Examples: How PAM Works for Login

Managing Passwords

System Administrator Responsibilities
User Responsibilities
Criteria of a Good Password
Changing the /etc/passwd Password File
The /etc/shadow Shadow Password File
Eliminating Pseudo-Accounts and Protecting Key Subsystems in /etc/passwd
Secure Login with HP-UX Secure Shell
Securing Passwords Stored in NIS
Securing Passwords Stored in LDAP Directory Server

Defining System Security Attributes

Configuring Systemwide Attributes
Configuring Per-User Attributes
Troubleshooting the User Database

Handling setuid and setgid Programs

Why setuid and setgid Programs Can Be Risky
How IDs Are Set
Guidelines for Limiting Setuid Power

Preventing Stack Buffer Overflow Attacks

Protecting Unattended Terminals and Workstations

Controlling Access Using /etc/inittab and Run Levels
Protecting Terminal Device Files
Configuring the Screen Lock

Protecting Against System Access by Remote Devices

Controlling Access Using /etc/dialups and /etc/d_passwd

Securing Login Banners

Protecting the root Account

Monitoring root Account Access
Using the Restricted SMH Builder for Limited Superuser Access
Reviewing Superuser Access

3 HP-UX Bastille

Features and Benefits

Installing HP-UX Bastille

Using HP-UX Bastille

Using HP-UX Bastille Interactively
Using HP-UX Bastille NonInteractively
Configuring a System

Using HP-UX Bastille to Revert Changes

File Location

Tips and Troubleshooting

Removing HP-UX Bastille

4 HP-UX Standard Mode Security Extensions

Security Attributes and the User Database

System Security Attributes
Configuring Systemwide Attributes
User Database Components
Configuring Attributes in the User Database
Troubleshooting the User Database

5 Remote Access Security Administration

Overview of Internet Services and Remote Access Services

Securing ftp
Securing Anonymous ftp
Denying Access Using /etc/ftpd/ftpusers
Other Security Solutions for Spoofing

The inetd Daemon

Securing inetd

Protection Against Spoofing with TCP Wrappers

Additional Features of TCP Wrappers
TCP Wrappers Do Not Work with RPC Services

Secure Internet Services

Controlling an Administrative Domain

Verifying Permission Settings on Network Control Files

Securing Remote Sessions Using HP-UX Secure Shell (SSH)

Key Security Features of HP-UX Secure Shell
Software Components of HP-UX Secure Shell
Running HP-UX Secure Shell
HP-UX Secure Shell Privilege Separation
HP-UX Secure Shell Authentication
Communication Protocols
HP-UX Secure Shell and the HP-UX System
Associated Technologies
Strong Random Number Generator Requirement
TCP Wrappers Support
chroot Directory Jail

Printable version


Privacy statement	Using this site means you accept its terms	Feedback to webmaster

© 2008 Hewlett-Packard Development Company, L.P.