Securing Serviceguard Security analysis for HP Serviceguard clusters - Technical white paper
3
Usual threats that HP Serviceguard installations face
Most Serviceguard clusters lead a sheltered life. They are owned by commercial enterprises and benefit from the good
perimeter defenses that the rest of the IT infrastructure also requires. The people who are allowed to access them are
employees only, who reliably conform to written and unwritten constraints against anti-social behavior.
External threats
Serviceguard clusters enjoy the security benefits of a sheltered life due to a strong perimeter defense. However, by
virtue of managing resources in a distributed environment, it requires use of network protocol ports that need to be
secured appropriately at the perimeter of an enterprise network. A summary of ports that Serviceguard uses is listed
below for reference:
Ports Used by Serviceguard on HP-UX and Linux—Before
A.11.19
Ports Used by Serviceguard on HP-UX and Linux—At
A.11.19 / Later
discard 9/tcp hpux only
Ident 113/tcp
snmp 161/udp
snmp 162/udp
hacl-cs 1238/tcp
clvm-cfg 1476/tcp hpux only
hacl-hb 5300/tcp
hacl-hb 5300/udp
hacl-gs 5301/tcp
hacl-gs 5301/udp
hacl-cfg 5302/tcp
hacl-cfg 5302/udp
hacl-probe 5303/tcp hpux only
hacl-probe 5303/udp hpux only
hacl-local 5304/tcp
hacl-local 5304/udp
hacl-test 5305/tcp
hacl-dlm 5408/tcp
discard 9/tcp hpux only
Ident 113/tcp at A.11.19
auth 113/tcp A.11.20.00 onwards on Red Hat
snmp 161/udp
snmp 162/udp
hacl-qs 1238/tcp
clvm-cfg 1476/tcp hpux only
hacl-hb 5300/tcp
hacl-hb 5300/udp
removed
removed
hacl-cfg 5302/tcp
hacl-cfg 5302/udp
hacl-probe 5303/tcp hpux only
hacl-probe 5303/udp hpux only
hacl-local 5304/tcp
hacl-local 5304/udp
removed
removed
hacl-poll 5315/udp - added
icmp 8/icmp - added
wbem-http 5988/tcp
wbem-https 5989/tcp