Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP Servers and Workstations: Managing Systems and Workgroups

Chapter 8 Administering a System: Managing System Security
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Table of Contents

Standard System Security
Planning System Security
Common Security Practices
Maintaining System Security
Basic Guidelines
Security Choices
Obtaining HP-UX Security Bulletins and Patches
Managing Standard Passwords and System Access
Criteria of a Good Password
Password File
Eliminating Pseudo-Accounts and Protecting Key Subsystems
System Access by Modem
Protecting Programs from Illegal Execution
Managing Access to Files and Directories
Using HFS Access Control Lists (ACLs)
Using JFS Access Control Lists (ACLs)
Comparison of JFS and HFS ACLs
ACLs in a Network Environment
Setting Default Permissions
Protecting Directories
Protecting User Accounts
Security Considerations for Device Files
Protecting Disk Partitions and Logical Volumes
Guidelines for Running a Secure System
Guidelines for Handling Setuid and Setgid Programs
Guidelines for System Initialization
Guidelines for Trusted Backup and Recovery
Guidelines for Mounting and Unmounting a File System
Guidelines for Handling Security Breaches
Tracking Root
Controlling Security on a Network
Controlling an Administrative Domain
Verifying Permission Settings on Network Control Files
Understanding Network Services
Using inetd.sec to Restrict Outside Access
Denying Access with /etc/ftpd/ftpusers
Files Mounted in an NFS Environment
Link-Level Access
Trusted System Security
Setting Up Your Trusted System
Auditing a Trusted System
Streamlining Audit Log Data
Self-Auditing Programs
Audit Log Files
Viewing Audit Logs
Guidelines for Administering Your Auditing System
Performance Considerations
Using Auditing in an NFS Diskless Environment
Managing Trusted Passwords and System Access
Criteria of a Good Password
Password Files
Password Selection and Generation
Password Aging
Password History and Password Reuse
Time-Based Access Control
Device-Based Access Control
Manipulating the Trusted System Databases
Configuring NFS Diskless Clusters for Trusted Systems
Choice 1: Clusters with Private Password Databases
Choice 2: Clusters with Shared Password Databases
HP-UX Bastille
Overview
Installing Bastille
Security Considerations
Predefined Configuration Files
Configuring Bastille
Interactive Configuration
Applying Bastille
Rerunning Bastille
Reverting Bastille
Uninstalling Bastille
Interactions with Other Software
Documentation
Command Execution
Configuration and Log Files
Other Security Packages
HP-UX Host Intrusion Detection System
HP-UX Shadow Passwords
Features and Benefits
Programming APIs
Other Software Support
Documentation
Network Information Service Plus (NIS+)
Documentation
Using SAM with NIS+
Setting up NIS+ with Trusted Mode
NIS+ Trusted Table and the ttsyncd Daemon
Pluggable Authentication Modules (PAM)
Using SAM with PAM
System-Wide Configuration
Per-User Configuration
The pam.conf Configuration File
The pam_user.conf Configuration File
How PAM Works: A Login Example
Secure Internet Services (SIS)
Environment
Operating with Secure and Nonsecure Systems
Security Patch Check
Requirements
Working with a Firewall
Documentation

This chapter describes security measures for both standard and trusted HP-UX systems. It’s divided up as follows:

IMPORTANT: The U.S. Computer Security Act of 1987 casts new urgency on computer security. It stipulates that if financial loss occurs due to computer fraud or abuse, the company, not the perpetrator, is liable for damages. To protect your system, HP recommends that you establish a comprehensive security policy to govern computer use. This section covers HP-UX security features and tasks and provides some guidelines on HP-UX system security. Establishing and implementing a security policy is an extensive and complicated process. A complete coverage of system security is beyond the scope of this chapter. You should consult computer security trade books and adopt security measures that fit your business needs.

References

The following book is suggested as a good source of security information:

Practical UNIX & Internet Security, by Simson Garfinkel and Gene Spafford, O’Reilly & Associates, 1996, ISBN 1-56592-148-8.



Managing System Performance
  		 


Standard System Security  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1997-2006 Hewlett-Packard Development Company, L.P.