HP-UX 11i v3 Installation and Update Guide, February 2007 (Initial Release)
Choosing an Installation Method
Security Considerations
Chapter 3 49
Predefined Security Levels
At cold-install or update-time, you can choose one of the security levels
listed in Table 3-2, with each one providing incrementally higher
security.
NOTE When you select either the Sec30DMZ, or MngDMZ security level, IPFilter
will restrict inbound network connections. For more information on how
to add inbound ports to your /etc/opt/ipf.customerrules file, refer to
the HP-UX IPFilter (Version A.03.05.09 and later) Administrator's Guide
and the HP-UX System Administrator’s Guide.
Table 3-2 Predefined Security Configuration
Security
Level
Configuration
File Name
1
Description
Sec00Tools
2
Not applicable The install-time security infrastructure; no security
changes.
Sec10Host
3
HOST.config Host-based lockdown: firewall pre-enablement; some
common clear-text services turned off, excluding
Telnet and FTP.
Sec20MngDMZ
3
MANDMZ.config Lockdown while allowing secure management:
IPFilter firewall blocks incoming connections except
common, relatively safe, management protocols.
Sec30DMZ
3
DMZ.config Network-DMZ Lockdown: IPFilter blocks all incoming
connections except HP-UX Secure Shell.
1. Configuration files are installed to /etc/opt/sec_mgmt/bastille
2. Sec00Tools is installed by default.
3. Sec10Host, Sec20MngDMZ, and Sec30DMZ are selectable.