NIST Checklist Logo
NIST Security Configuration Checklists Repository
BETA
Browse Repository by
   Product Category
   Vendor
   Submitting
Organization

Our Sponsor
white space white space

HP-UX Benchmark

Name HP-UX Benchmark
Version Version 1.3.1
Status Final
Creation Date 2005-10-21
Revision Date 2005-10-21
Product Category Operating system
Vendor Hewlett-Packard
Product HP-UX
Product Version HP-UX Version 11.x
Product Role Server operating system
Checklist Summary This document provides recommendations for securing HP-UX operating systems. This benchmark document covers HP-UX version 11.x for both servers and desktops. It also provides some guidance for earlier versions of HP-UX, but instructs administrators to strongly consider upgrading to HP-UX version 11i. Desktop systems typically have different security expectations than server-class systems. In an effort to facilitate use of this benchmark on these different classes of machines, shaded text has been used to indicate questions and/or actions that are typically not applicable to desktop systems in a large enterprise environment. These shaded items may be skipped on these desktop platforms.
Known Issues The actions listed in this document are written with the assumption that they will be executed in the order presented here. Some actions may need to be modified if the order is changed. Actions are written so that they may be copied directly from this document into a root shell window with a "cut-and-paste" operation. The actions listed in this document are written with the assumption that they will be executed by the root user running the /sbin/sh shell, using a umask of 077 ('umask 077'), and without noclobber set ('set +o noclobber'). Before performing the steps of this benchmark it is strongly recommended that administrators make backup copies of critical configuration files that may get modified by various benchmark items. The script provided in Appendix A of this document will automatically back up all files that may be modified by the actions. If this step is not performed, then the site may have no reasonable back-out strategy for reversing system modifications made as a result of this document.
Target Audience Unix system and network administrators
Target Operational Environment Enterprise
Checklist Installation Tools Not Available.
Rollback Capability Not Available.
Testing Information Not Available.
NIAP/CMVP Status  
Regulatory Compliance   
Comments, Warnings, Disclaimer, Miscellaneous
 Refer to Known Issues.
Disclaimer Proper use of the recommendations requires careful analysis and adaptation to specific user requirements. The recommendations are not in any way intended to be a "quick fix" for anyone's information security needs. CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative effect of the products or the recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness or completeness of any product or recommendation. CIS is providing the products and the recommendations "as is" and "as available" without representations, warranties or covenants of any kind.
Product Support  
Submitting Organization/Authors The Center for Internet Security (CIS)
Point of Contact hpux-bench@cisecurity.org
Sponsor  
Licensing

Commercial use license

EDUCAUSE Member license

US Federal, state and local government agency license
Checklist Homepage http://www.cisecurity.org/
Download Package http://www.cisecurity.org/sub_form.html
Integrity sha1 (CIS_HPUX_Benchmark_v1.3.1.pdf) =
4a970b676de4720588cb79d2b4a069ac1717c2b8

sha256 (CIS_HPUX_Benchmark_v1.3.1.pdf) =
6889816c1646fb909d36cdde3fe0f03a8dba42ac54
36c357a67ec163e7ec3110
Change History

Version 1.3.1: 2005-10-21
Version 1.3.0: 2004-10-21
Version 1.1.0: 2003-04-01
Version 1.0.4: 2002-09-01
Version 1.0: 2002-10-01
Dependency/Requirement  
References Free benchmark documents and security tools for various OS platforms and applications:
http://www.cisecurity.org/

Pre-compiled software packages for various OS platforms:
ftp://ftp.cisecurity.org/

IT Resource Center:
http://www.itrc.hp.com

HP-UX Security Patch Check tool:
http://www.software.hp.com/cgibin/
swdepot_parser.cgi/cgi/displayProductInfo.pl?
productNumber=B6834AA.

Other HP-UX Security Software (HP-UX Secure Shell, IDS/9000, HP-UX Bastille, etc.):
http://www.software.hp.com/ISS_products_list.html

Information on NTP -
http://www.ntp.org/ Information on

MIT Kerberos -
http://web.mit.edu/kerberos/www/

Apache "Security Tips" document:
http://httpd.apache.org/
docs-2.0/misc/security_tips.html

Information on Sendmail and DNS:
http://www.sendmail.org/
http://www.deer-run.com/~hal/
dns-sendmail/DNSandSendmail.pdf

Pre-compiled software packages for HP-UX:
http://www.software.hp.com/
http://hpux.cs.utah.edu/

OpenSSH (secure encrypted network logins):
www.openssh.org

CIS HP-UX Benchmark 55 TCP Wrappers source distribution:
ftp.porcupine.org

PortSentry (monitors unused network ports for unauthorized access):
http://sourceforge.net/projects/sentrytools/

Open Source Sendmail (email server) distributions:
ftp://ftp.sendmail.org/

LPRng (Open Source replacement printing system for Unix):
http://www.lprng.org/

sudo (provides fine-grained access controls for superuser activity):
http://www.courtesan.com/sudo/
NIST Identifier 1047


NIST and the checklist submitter do not guarantee or warrant the checklist's accuracy or completeness. NIST is not responsible for loss, damage, or problems that may be caused by using the checklist.

Last updated: November 17, 2006
Page created: October 28, 2004
Disclaimer Notice & Privacy Statement / Security Notice
Send comments or suggestions to checklists@nist.gov
NIST is an Agency of the U.S. Commerce Department's Technology Administration