Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
21222324252627282930
1.4 Using Boot Authentication to Prevent Unauthorized Access
The boot authentication feature protects single-user mode boot with password
authentication. It makes it possible to configure a system so that only authorized users
are allowed to boot the machine into single-user mode. The boot authentication feature
must be enabled before you reboot the system.
Boot authentication is configured by two attributes in the /etc/default/security
file:
BOOT_AUTH enables or disables boot authentication. Specify BOOT_AUTH=1 to
enable boot authentication. By default, authentication is disabled (BOOT_AUTH=0).
BOOT_USERS defines who can log in as root when the boot authentication feature
is enabled. The names listed in BOOT_USERS are separated by commas. For
example:
BOOT_USERS=root,mary,jack,amy,jane
BOOT_USERS=root is the default value.
The /etc/default/security configuration file is explained in Chapter 2 and in
security(4).
1.5 Setting Install-Time Security Options
The Install-Time Security (ITS) options allow you to configure an HP-UX Bastille security
lockdown engine, which can include an HP-UX IPFilter firewall. After system installation
is complete, it will have one of the preconfigured levels of security.
During installation, you can choose from four preconfigured levels of security:
Sec00Tools Install the security infrastructure but without enabling optional security
features. This is the default.
Sec10Host Install a host-based lockdown system, without HP-UX IPFilter firewall
configuration. With this level of security, most network services are
disabled. These services can be reinstated by running the bastille(1M)
command.
Sec20MngDMZ Install a managed lockdown system that blocks most incoming traffic
with an HP-UX IPFilter firewall.
Sec30DMZ Install a DMZ Full lockdown system, which is a host-based and IPFilter
network lockdown. HP-UX IPFilter blocks almost all incoming
connections.
For information on ITS and HP-UX Bastille, see the HP-UX Bastille User Guide:
www.hp.com/go/hpux-security-docs
Click HP-UX Bastille Software.
For information on HP-UX IPFilter, see the HP-UX IPFilter Administrator's Guide:
1.4 Using Boot Authentication to Prevent Unauthorized Access 25