 |
Introduction
- Why security?
- HP-UX security features
- HP-UX security certifications
- Course agenda
Securing user accounts: user passwords
- Understanding the /etc/passwd file
- Understanding the /etc/shadow file
- Encrypting passwords
- Managing user passwords
- Configuring shadow passwords
- Configuring password aging
- Cracking passwords with John the Ripper
- Authenticating users via PAM
- Configuring /etc/pam.conf
Securing user accounts: special cases
- Protecting user accounts: guidelines
- Protecting the root account: guidelines
- Limiting root and operator access via /etc/security
- Limiting root and operator access via sudo
- Limiting root and operator access via the restricted SAM builder
- Limiting root and operator access via the SMH
- Configuring accounts for guest users
- Configuring accounts for single application users
- Configuring accounts for teams and groups
- Preventing dormant accounts
Securing user accounts: Standard Mode Security Extensions (SMSE)
- Configuring SMSE user security
- Understanding Standard Mode Security Enhancements Benefits
- Understanding SMSE Attributes
- Configuring /etc/security.dsc
- Configuring /etc/default/security
- Configuring /etc/passwd and /etc/shadow
- Configuring /var/adm/userdb/ via userdbset, userdbget, and userdbck
- Enforcing SMSE security policies
Securing user accounts: Role Based Access Control (RBAC)
- RBAC features and benefits
- Installing RBAC
- Configuring assigning RBAC roles
- Configuring assigning RBAC authorizations
- Configuring RBAC commands privileges
- Verifying the RBAC database
- Configuring RBAC auditing
- Running commands with privrun
- Editing files with privedit
Protecting data via file permissions and JFS Access Control Lists (ACLs)
- Understanding how hackers exploit improper file and directory permissions
- Viewing and changing file permissions
- Searching for files with improper permissions
- Configuring and using the SUID bit
- Configuring and using the SGID bit
- Configuring and using the sticky bit
- Configuring and using JFS ACLs
Protecting data via swverify, md5sum, and Tripwire
- File integrity checking overview
- Verifying executable integrity with swverify
- Verifying file integrity with md5sum
- Verifying file integrity with Tripwire
- Installing Tripwire
- Creating Tripwire keys
- Creating the Tripwire configuration file
- Creating the Tripwire policy file
- Creating the Tripwire database
- Performing a Tripwire integrity check
- Updating the Tripwire database
- Updating the Tripwire policy file
Protecting data via Encrypted Volumes and File Systems (EVFS)
- EVFS features
- EVFS architecture
- EVFS volumes
- EVFS volume encryption keys, user keys, and recovery keys
- Step 1: Installing and configuring EVFS software
- Step 2: Creating user keys
- Step 3: Creating recovery keys
- Step 4: Creating an LVM or VxVM volume
- Step 5: Creating EVFS device files
- Step 6: Creating and populating the volume’s EMD
- Step 7: Enabling the EVFS volume
- Step 8: Creating and mounting a file system
- Step 9: Enabling autostart
- Step 10: Migrating data to the EVFS volume
- Step 11: Backing up the EVFS configuration
- Managing EVFS volume users
- Managing the EVFS key database
- Extending an EVFS volume
- Reducing an EVFS volume
- Removing EVFS volumes
- Backing up EVFS volumes
- EVFS limitations
- EVFS and TPM/TCS integration overview
Securing network services: inetd tcpwrapper
- inetd service overview
- inetd configuration file overview
- Securing inetd
- Securing the inetd internal services
- Securing the RPC services
- Securing the Berkeley services
- Securing FTP
- Securing FTP service classes
- Securing anonymous FTP
- Securing guest FTP
- Securing other ftpaccess security features
- Securing other inetd services
- Securing other non-inetd services
- Securing inetd via TCPwrapper
Securing network services: SSH
- Legacy Network Service Vulnerabilities: DNS
- Legacy Network Service Vulnerabilities: Sniffers
- Legacy Network Service Vulnerabilities: IP spoofing
- Solution: Securing the Network Infrastructure
- Solution: Using Symmetric Key Encryption
- Solution: Using Public Key Encryption
- Solution: Using Public Key Authentication
- HP-UX Encryption Authentication Product overview
- Configuring SSH Encryption Server Authentication
- Configuring SSH Client/User Authentication
- Configuring SSH Single Sign-On
- Using the UNIX SSH Clients
- Using PuTTY SSH Clients
Securing network services: IPFilter
- Firewall overview
- Packet filtering firewalls
- Network Address Translation firewalls
- Host versus perimeter firewalls
- Installing IPFilter
- Managing IPFilter rulesets
- Configuring a default deny policy
- Preventing IP and loopback spoofing
- Controlling ICMP service access
- Controlling access to UDP services
- Controlling access to TCP services
- Controlling access via active and passive FTP
- Testing IPFilter rulesets
- Monitoring IPFilter
Securing network services: Nmap Nessus
- Network scanner overview
- Available network scanners
- Installing and running Nmap
- Installing and running Nessus
- Connecting to the Nessus server
- Selecting Nessus plugins
- Selecting Nessus targets
- Starting a Nessus scan
- Viewing Nessus results
- Saving the Nessus reports
Monitoring activity via system log files
- Monitoring log files
- Monitoring logins via last, lastb, and who
- Monitoring processes via ps, top, and whodo
- Monitoring file access via ll, fuser, and lsof
- Monitoring network connections via netstat, idlookup, and lsof
- Monitoring inetd connections
- Monitoring system activity via syslogd
- Configuring /etc/syslog.conf
- Hiding connections, processes, and arguments
- Doctoring log files and time stamps
Monitoring activity via SMSE auditing
- Auditing overview
- Trusted system versus SMSE auditing
- Enabling and disabling auditing
- Verifying auditing
- Selecting events system calls to audit
- Selecting users to audit
- Viewing audit trails
- Switching audit trails
- Understanding audomon AFS FSS switches
- Understanding audomon audit trail names
- Configuring audomon parameters
- Configuring audomon custom scripts
Monitoring suspicious activity via HP’s Host Intrusion Detection System (HIDS)
- HIDS overview
- HIDS architecture
- Installing HP’s HIDS product
- Configuring HIDS detection templates and properties
- Configuring HIDS surveillance groups
- Configuring HIDS surveillance schedules
- Configuring HIDS response scripts
- Assigning surveillance schedules to clients
- Monitoring HIDS alerts and errors
Managing security patches with Software Assistant (SWA)
- Security patch overview
- SWA overview
- Reading US-CERT advisory bulletins
- Reading HP-UX security bulletins
- Installing swa
- Generating swa reports
- Viewing swa reports
- Retrieving swa recommended patches
- Installing swa patches
- Installing other products recommended by swa
- Applying other manual changes
- Regenerating swa reports
- Purging swa caches
- Viewing swa logs
- Customizing swa defaults
- Preventing unauthorized swa and swlist access
- Preventing buffer overflow attacks
- Setting the executable_stack kernel parameter
- Setting the chatr +es executable stack option
Hardening HP-UX with Bastille
- Bastille overview
- Installing Bastille
- Generating a Bastille assessment
- Creating a Bastille configuration file
- Applying a Bastille configuration file
- Applying a pre-configured Bastille configuration file
- Applying a pre-configured Bastille configuration via Ignite-UX
- Reviewing the Bastille logs
- Monitoring changes with bastille_drift
- Reverting to the pre-Bastille configuration
Protecting data via chroot(), Fine Grained Privileges (FGP), and security compartments
- Part 1: Concepts
- Overview: isolating applications
- Part 2: Implementing chroot()
- Limiting file access via chroot()
- Configuring chroot()ed applications
- Part 3: Implementing FGP
- Limiting privileges via FGP
- Installing FGP Software
- Installing FGP Software
- Recognized Privileges
- Permitted, Effective, and Retained Privilege Sets
- Configuring FGP Privileges via setfilexsec
- Configuring FGP Privileges via RBAC
- Configuring Using FGP TRIALMODE
- Part 4: Compartment concepts
- Limiting IPC, network, and file access (without compartments)
- Limiting IPC, network, and file access (with compartments)
- Concept: Compartment rules
- Concept: The INIT compartment
- Compartment use cases
- Part 5: Configuring compartments
- Planning the compartment structure
- Installing compartment software
- Enabling compartment functionality
- Creating and modifying compartments
- Viewing compartments
- Executing commands in compartments without RBAC
- Executing commands in compartments with RBAC
- Executing commands in discovery mode
- Removing compartments
- Disabling compartment functionality
- Part 6: Configuring compartment rules
- Network interface rules
- File system rules
- IPC rules
- Signal rules
- Privilege limitation rules
- Preprocessor directives
Appendix: Improving user and password security with trusted systems
- Trusted system overview
- Configuring password format policies
- Configuring password aging policies
- Configuring user account policies
- Configuring terminal security policies
- Configuring access control policies
- Configuring password aging policies
- Understanding the /tcb directory structure
|
|
Printable version
