HP 5187-2725 사용자 설명서
Choosing a Migration Path
Install-time Security Considerations
Chapter 2
47
Other Settings
Deactivate HP Apache 2.x Web Server
d
Set up
cron
job to Security Patch Check
a. Security settings listed here also apply to
Sec20MngDMZ
and
Sec30DMZ
b. Manual action may be required to complete configuration. See
/etc/opt/sec_mgmt/bastille/TODO
for more information, after install or
update.
c. The following
ndd
changes will be made:
ip_forward_directed_broadcasts=0
ip_forward_src_routed=0
ip_forwarding=0
ip_ire_gw_probe=0
ip_pmtu_strategy=1
ip_send_source_quench=0
tcp_conn_request_max=4096
tcp_syn_rcvd_max=1000
d. Settings only applied if software is installed
Table 2-4
Additional
Sec20MngDMZ
Install-time Security Settings
a
Category
Actions
inetd Services
Includes all disabled
inetd
services in Table 2-3
and:
Deactivate
ftp
Deactivate
telnet
IPFilter
Configuration
b
Block incoming DNS query connections
Block incoming HIDS administration connections
c,d
Configure IPFilter to allow outbound traffic, block
incoming traffic with IP options set, and all other traffic
except for HP-UX Secure Shell, HIDS agent, WBEM,
incoming traffic with IP options set, and all other traffic
except for HP-UX Secure Shell, HIDS agent, WBEM,
web admin and web admin autostart.
e
a. Applies all security configuration settings in
b. IPFilter rules are applied via a custom rules file located at
/etc/opt/sec_mgmt/bastille/ipf.customrules
c. HP-UX Host IDS is a selectable software bundle and only available for commercial
servers
d. Settings only applied if software is installed
Table 2-3
Host-based
Sec10Host
Install-time Security Settings
a
(Continued)
Category
Actions