Hp-Ux APPENDIX – Network Parameters

APPENDIX B – Network Parameters

ip_send_redirects – causes the machine not to emit any ICMP redirect Packets. Under normal operation this probably won’t have significant security implications.

ip_ire_flush_interval and arp_cleanup_interval – control how long information will live in the system’s ARP cache. The ARP cache maintains a mapping between Ethernet addresses and IP address. The default values are 10 minutes (?????). Lowering these values can help prevent some ARP spoofing attacks but at the cost of more ARP traffic on your local LAN and possibly reduced performance. Think carefully before you change these variables.

ip_forward_directed_broadcast – caused the machine to not transmit packets which are destined for a broadcast network address. If the machine is being used as a gateway between several networks this can help you from being used as an intermediary network in a "smurf" type network attach. The machine will still respond to broadcast packets directed at any LAN it may be connected to.

ip_forward_src_routed – prevents the machine from forwading any packets that have the source routing option turned on.

ip_forwarding – turning off ip_forwarding prevents the machine from accepting and forwarding on packets that are not destined for one of it’s local interface addresses. Such a feature can be used by attackers to bypass other network security measures.

tcp_ip_abort_cinterval – this is how long the kernel will wait for a TCP connection to be completed (in milliseconds). Tuning this value down can also help your system resist SYN flooding attacks.

You can use the following commands to view various information concerning Network parameter.

ndd –h sup – display all the parameters that are supported by HP.

ndd –h unsup – display all the parameter that are not supported by HP. Becareful modifying these!

ndd –c - set tunable parameters

APPENDIX C – Example secure /etc/fstab

/dev/vg00/lvol3 / hfs defaults 0 1

/dev/vg00/lvol1 /stand hfs nosuid 0 1

/dev/vg00/lvol4 /tmp hfs defaults 0 2

/dev/vg00/lvol5 /home hfs nosuid 0 2

/dev/vg00/lvol6 /opt hfs ro 0 2

/dev/vg00/lvol7 /usr hfs ro 0 2

/dev/vg00/lvol8 /var hfs nosuid 0 2

APPENDIX D – Sample SSHD Startup Script

#!/sbin/sh

# start up secure shell deaemon - sshd

PATH=/usr/sbin:/usr/bin:/sbin

export PATH

rval=0

case $1 in

'start_msg')

echo "Starting the sshd"

;;

'stop_msg')

echo "Stopping the sshd"

;;

'start')

if [ -f /etc/rc.config.d/sshd_config ]

then

/opt/openssh2/sbin/sshd -f /etc/rc.config.d/sshd_config

else

echo "ERROR: /etc/rc.config.d defaults file MISSING"

;;

'stop')

kill `cat /opt/openssh2/etc/sshd.pid`

;;

echo "usage: $0 {start|stop|start_msg|stop_msg}"

rval=1

;;

esac

exit $rval

Helping Other People Excel

Technical Help

Please find our other blogs which related to technical and devotional. We are a team grabing information from technical support forms where many issues solved by real time experianced people in the support forums. most of the issues are fixed by our best fallowers. Our team is working in top MNC companies located in all over India in different technolagies, here we share real time issues and help documents. like Troubleshooting steps, documentation, whitepapers, SOP's and many more, .

Any one can contribute here with your real time issues, though it help to others to find and fix before they fight with support folks.

Technical Help

Hp-Ux APPENDIX – Network Parameters

Related Posts

No comments