From: Jeff Lightner (jlightner@water.com)
Date: Fri Mar 18 2005 - 13:35:43 EST
All,
We ended up not attempting this on the V after all. We wanted to do it
as a temporary measure until new hardware came in but on Monday the new
hardware came in obviating the need.
Bill Hassell (Thanks Bill!) was the only one who responded - he gave
general guidelines for use so I'll include his response. As I'd
already done this on a 3410 I pretty much knew most of what Bill wrote.
My question was just to check if anyone knew of a reason it wouldn't
work on a V. Anyway Bill's information is likely useful to other
people so I'll include it here for the archives.
My original question follows his response.
Hi,
You can load and run Bastille and the SecPatchCheck with no problems.
Bastille won't make any changes until you give the go-ahead.
SecPatchCheck makes no changes at all--it is just a report program.
Now for the details: Bastille only works through an Xwindow interface
(mostly because of it's Linux GUI-only roots) so you need an Xterminal
or Xwindow emulator running on a PC.
Bastille will make many recommendations. Whether you take them or not is
for you to decide. Unfortunately, you will need detailed knowledge of
the applications and networking requirements for your production
machine. You can tighten up on all the recommended areas but it may
break the programs that you are running on the machine. Or you may take
the recommendation to turn off telnet and use SSH but none of your users
have SSH on their PCs.
The SecPatchCheck simply produces a list of problem patches (it analyzes
all the patches for consistency) and missing patches and manual changes
that are needed. Most all patches related to security simply enhance
security features but do not turn off any functionality. As with any
patch recommendations, you need to read the README files to match up
your system needs with the changes provided by the patch.
Bill
________________________________
From: hpux-admin-owner@DutchWorks.nl
[mailto:hpux-admin-owner@DutchWorks.nl] On Behalf Of Jeff Lightner
Sent: Friday, March 11, 2005 3:09 PM
To: hpux-admin@dutchworks.nl
Subject: [HPADM] SecPatchCk and Bastille
All,
My question is does anyone know of any gotchas that would affect me
running SecPatchCk or Bastille on a V class with 11.0?
Looking at SecPatchCk and Bastille they both indicate they work on 11.0.
Next week in fairly short order I'm going to need to install and run
these on a V Class machine. Since the machine is currently in
Production I can't do any prep work on it. Previously I've installed
and run these on an 11i machine that wasn't V class. Just looking for
any heads up I need to be prepared for as my timeline once we've moved
the Production stuff off is very short.
P.S. Don't ask why I'm not using a different machine, still using a V
or any questions in that vein This is a temporary setup until we get
new servers that are on the way. Besides only God knows the answers to
such questions anyway... :-)
Jeffrey C. Lightner
Unix Systems Administrator
DS Waters of North America
678-486-3516
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:46 EDT