Technical Help

Hp-Ux Remaining Network Services

ChinniLax April 13, 2011

Remaining Network Services

If the machine is to be a DNS client then you’ll need to define the domain and it’s name server(s). You will have to configure which sources the resolver will use and in which order. You should configure so that the host file is checked first then DNS.

____ /usr/bin/touch /etc/resolv.conf
____ /usr/bin/echo "domain " > /etc/resolv.conf
____ /usr/bin/echo "nameserver " >> /etc/resolv.conf
____ /usr/bin/chown root:root /etc/resolv.conf
____ /usr/bin/chmod 644 /etc/resolv.conf
____ /usr/bin/cp /etc/nsswitch.files /etc/nsswitch.conf
____ /usr/bin/vi /etc/nsswitch.files
modify the hosts entry from hosts:files to hosts:files [NOTFOUND=continue] dns
____ /usr/bin/chown root:root /etc/nsswitch.conf
____ /usr/bin/chmod 644 /etc/nsswitch.conf

Hp-Ux Network Tuning

HP - UX

ChinniLax April 13, 2011

ChinniLax

Network Tuning

Reconfigure various network parameters to reduce your vulnerability to smurf attacks, SYN floods and ARP spoofing attacks. A description of the listed network parameters can be found in Appendix B. You can usendd –h sup to list all supported network parameters. Use ndd –h unsup to list unsupported network parameters. HP recommends that you DO NOT make changes to unsupported parameters.

____/usr/bin/vi /etc/rc.config.d/nddconf
____ Add following entries:

TRANSPORT_NAME[0]=ip

NDD_NAME[0]=ip_send_redirects

NDD_VALUE[0]=0

TRANSPORT_NAME[1]=ip

NDD_NAME[1]=ip_ire_flush_interval

NDD_VALUE[1]=60000

TRANSPORT_NAME[2]=arp

NDD_NAME[2]=arp_cleanup_interval

NDD_VALUE[2]=60000

TRANSPORT_NAME[3]=ip

NDD_NAME[3]=ip_forward_directed_broadcast

NDD_VALUE[3]=0

TRANSPORT_NAME[4]=ip

NDD_NAME[4]=ip_forward_src_routed

NDD_VALUE[4]=0

TRANSPORT_NAME[5]=ip

NDD_NAME[5]=ip_forwarding

NDD_VALUE[5]=0

TRANSPORT_NAME[6]=tcp

NDD_NAME[6]=tcp_ip_abort_cinterval

NDD_VALUE[6]=60000

____ ndd –c for the changes to take effect

Hp-Ux File System Configuration

HP - UX

ChinniLax April 13, 2011

ChinniLax

File System Configuration

Some file systems are static in nature and won’t change unless you’re doing some type of upgrade. Therefore to safeguard against unkown modifications to the files in these file systems and possible addition of trojan horses, it makes sense to mount these files systems read-only. (/usr and /opt are examples) You also want to ensure that setuid programs are not executed in a non-root file system. To do this these file systems must be mounted with the nosuid option. (/var and /home are examples). An example of a secure /etc/fstab can be found in Appendix C.

____ /usr/bin/vi /etc/fstab
____ Add ro option to /opt and /usr
____ Add nosuid to /stand, /var, /home

/usr/local by default has been configured with world-writeable permissions on all directories. Change this to a safer 755.

____ find /usr/local –type d –exec chmod 755 {} \;

Remove write group permissions for /etc/.

____ chmod –R g-w /etc

Technical Help

Please find our other blogs which related to technical and devotional. We are a team grabing information from technical support forms where many issues solved by real time experianced people in the support forums. most of the issues are fixed by our best fallowers. Our team is working in top MNC companies located in all over India in different technolagies, here we share real time issues and help documents. like Troubleshooting steps, documentation, whitepapers, SOP's and many more, .

Any one can contribute here with your real time issues, though it help to others to find and fix before they fight with support folks.