HP-UX 11i v3 Installation and Update Guide, February 2007 (Initial Release)
Choosing an Installation Method
Security Considerations
Chapter 3 55
Table 3-3 Host-based Sec10Host Install-time Security Settings
1
Category Actions
Logins and
Passwords
Deny login unless home directory exists
Deny non-root logins if /etc/nologin file exists
Set a default path for su command
Disable root logins from network tty
Hide encrypted passwords
Disallow ftpd system account logins
Disable remote X logins
File System,
Network, and Kernel
Modify ndd settings
2,3
Restrict remote access to swlist
Set default umask
Enable kernel-based stack execute protection
Daemons
Disable ptydaemon
Disable pwgrd
Disable rbootd
Disable NFS client daemons
Disable NFS server
Disable NIS client programs
Disable NIS server programs
Disable SNMPD
inetd Services
Deactivate bootp
Deactivate inetd’s built-in services
Deactivate CDE helper services
Deactivate finger
Deactivate ident
Deactivate klogin and kshell
Deactivate ntalk
Deactivate login, shell, and exec services
Deactivate swat
Deactivate printer
Deactivate recserv
Deactivate tftp
Deactivate time
Deactivate uucp
Deactivates Event Monitoring Services (EMS)
network communication
Enable logging for all inetd connections