Manualshelf

HP-UX 11i v3 Installation and Update Guide, September 2009 (Update 5 Release)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 Foundation OE
31323334353637383940
For information about using a drd clone for creating an OS recovery image, see
“Choosing drd clone” (page 29).
The HP-UX Dynamic Root Disk website at http://www.hp.com/go/drd provides a
product overview, download links, documentation links, and installation instructions.
Securing your system at install- and update-time
At install- and update-time, you can harden your system by choosing from a variety
of security levels. This ensures that your system is in a secured state upon installation
or update. (You can also change settings after installation or update.)
This can be accomplished with HP-UX Bastille, which provides customized lockdown
on a system-by-system basis by encoding functionality similar to Bastion Host and
other hardening and lockdown checklists. HP-UX Bastille (HPUXBastille) is included
as recommended (default-installed) software on the OE DVD.
Install-time security levels
The Install-Time Security (ITS) options allow you to configure, during installation or
update, an HP-UX Bastille security lockdown engine. The interactive GUI helps you
to select the level/custom configuration that best suits your operational needs. When
the installation or update is complete, your system will be in a secured state at the level
you have chosen.
You can choose from four preconfigured levels of security, each with an incrementally
higher level:
Sec00Tools
Install the security infrastructure. Does not implement any security
changes at cold-install- or update-time, but does ensure the required
software is installed. The higher security levels are dependent on
Sec00Tools. Recommended (default-installed).
Sec10Host
Install a host-based lockdown system. With this level of security,
most network services are disabled, but they can be reinstated by
running the bastille(1M) command. Optional.
Sec20MngDMZ
Install a managed lockdown system that blocks most incoming traffic
with an HP-UX IPFilter firewall. Optional.
Sec30DMZ
Install a DMZ Full lockdown system, which is a host-based and
IPFilter network lockdown. HP-UX IPFilter blocks almost all
incoming connections, except HP-UX Secure Shell. Optional.
Special considerations 37