HP-UX security resources

2 minute read

Recently a friend asked me about HP-UX security and where to find useful information. We have to admit it, there are not many resources out there about HP-UX security and the great majority of them are obsolete since they are about HP-UX 10.20 or even 9.x. Let’s take a look…

HP Docs is the first place to look for information, there you will find a lot of docs regarding HP-UX security, IPFilter, HP-UX Bastille and other products and manuals concerning security. Following is a reference of useful docs that can be found on this site:

The most up to date document is HP-UX System Administrator’s Guide: Security Management, this is the main reference for any HP-UX admin. It covers HP-UX 11iv3 and is filled with detailed information on how-to protect your system, how is the security implemented in HP-UX and an appendix with references to other security products of HP that can be used to hardening your systems.
HP-UX 11i Security Containment Administrator’s Guide HP-UX 11.23
HP9000 Computer Systems: Administering Your HP-UX Trusted System. Useful information concerning older systems.
HP-UX System Administration Tasks: HP9000. It has full chapter about system security, useful for older systems.
Managing Systems and Workgroups: A Guide for HP-UX System Administrators. HP-UX 11iv1 and 11iv2 information.

Second in our small list is the yet classic but still very useful Kevin Steves’ great document “Building a Bastion Host Using HP-UX 11”. This is without any doubt (at least for me) the best document about HP-UX hardening ever done. Although it was written seven years ago it still applies to a wide variety of areas.

In the Center fo Information Security you will find the “CIS Level 1 Benchmark for HP-UX”. These benchmarks are a compilation of security configurations, settings and best practices. Current version applies to all three versions of HP-UX 11i so it is worthwhile to read them. It will ask for registration prior to allow you to download the docs.

In the ITRC Forums there is a HP-UX Security forum, it is not the most active forum in ITRC but if you post a question you will find that the people is willing to help you.

HP Security Bulletins. Through ITRC you can subscribe to several digests and bulletins, including the HP-UX Security and HP-UX 11.x patches.

Security specific websites. There are a lot of sites and portals focused in security, and in all of them you can find papers about Unix security hardening in general and even some HP-UX specific papers, but as I said at the beginning most of them are obsolete. I usually read Security Focus but there are many others just do a search in Google and you will find them.

Security mailing lists. Probably the most known security mailing list is Bugtraq but there are others, they talk about HP-UX security bugs from time to time.

And this is the end… well not really. These are the resources I use in my everyday work, if any of you know about other resources please comment them.

See you next time.

Juanma.

Twitter Facebook LinkedIn

Juan Manuel Rey

HP-UX security resources

Comments

You May Also Enjoy

Automate your Azure Bastion tunnels with a shell script

A look into CBL-Mariner, Microsoft’s internal Linux distribution

Running pi-hole as a podman container in Fedora

A first look into Azure VMware Solution