Ignite-UX Administration Guide for HP-UX 11i (B3921-90079, October 2013)
Figure 31 Port Usage: make_net_recovery Initiated from the Server
remsh (tcp)
[Run make_net_recovery command]
Proceed as make_net_recovery initiated from client
514
22
ssh (tcp)
[Run make_net_recovery command]
Client Timeline
Server
make_net_recovery Initiated from Server
or
12
12. The server remotely executes make_net_recovery from the client. The command is run via
remsh by default, or by ssh if the client was added for recovery on the server with the ssh
option.
NOTE:
The client can specify to use privileged ports (1–1023) or not via the ssh_config directive.
The default is non-privileged ports. If you want to configure ssh to use privileged ports, you
have to make the client an suid program.
Figure 32 Port Usage: make_sys_image Initiated from the Client
or
13
remsh (tcp)
514
Client
Server
make_sys_image Initiated from Client
NFS (tcp/udp)
[Golden archive]
[Golden archive]
2049
13. The golden archive is written to the destination server via remsh or NFS. Note that
make_sys_image does not need networking if the archive is written locally to the client.
Modifying a Bastille-Hardened System to Operate with Ignite-UX
HP-UX Bastille is a security hardening/lockdown tool that can be used to enhance the security of
the HP-UX operating system. It provides customized lockdown on a system-by-system basis by
encoding functionality similar to the Center for Internet Security (CIS) Level 1 Benchmark for HP-UX
and other hardening/lockdown checklists. The Bastille technology is available in HP-UX 11i v1
and later versions of HP-UX.
This section describes how to make sure Ignite-UX requirements are enabled on your Bastille system.
For more information on HP-UX Bastille, see bastille(1M) , bastille_drift(1M), the HP-UX System
Administrator's Guide: Security Management if you are running HP-UX 11i v3, and Managing
Modifying a Bastille-Hardened System to Operate with Ignite-UX 89