Add SCA Policy for HP-UX B.11.31

[dariommr]

Wazuh version	Component	Install type	Install method	Platform
4.2.3-rev	SCA	Agent	Packages	HP-UX B.11.31

Hello Team,
I am reaching you with this request for Security Assessment Policies for HP-UX B.11.31.

The only document I found is this, and it is from 2009 and for version 11i: https://www.cisecurity.org/wp-content/uploads/2017/04/CIS_HP-UX_11i_Benchmark_v1.5.0.pdf

I hope this could be helpful.

There will be two different policies for the same OS, one will use the bastille tool from HP, the other one will use standard UNIX commands

[jcruzlp]

Branch for tracking the changes and progress: https://github.com/wazuh/wazuh/tree/10696-hpux-sca

Added literature to all checks, only remains to add rules that must be tested when the machine is provided,
Some of them probably will be removed, but in this way, we can maximize the use of the machine.

The created SCA seems to work correctly in the test we performed:

The only thing remaining is to verify that the values correlate with what we need and then is ready to make, also is necessary to create SPECS for this, since it's a new one.

[maumrsms]

Hello team,
I've tried to add the policies worked here but they don't seem to work:

Now checking the rules I noticed we're using some Bastille related files. For example:

I haven't seen any mention about this nor its configuration (I'm not even sure if Bastille comes out-of-the-box in HP-UX).
I imagine that some specific configuration would be needed on it too (files ownership in /var/opt/sec_mgmt/bastille/log/Assessment at least)
Could you please provide more information about this?

[maumrsms]

Hello team,

I've just confirmed that this solution requires Bastille to be installed in /opt/sec_mgmt/bastille/ for the Agent to be able to create it source files in /var/opt/sec_mgmt/bastille/log/Assessment.

I managed to replicate the situation in a different box after renaming the Bastille binary (/opt/sec_mgmt/bastille/bin/bastille):


With the binary out, the Agent was not able to generate iits source files in /var/opt/sec_mgmt/bastille/log/Assessment, thus, most items as "Not Applicable"

[sebastiandbustos]

Hello Team,
The customer informs the HP-UX policy is working with the exception of 2 checks, here is the information provided by the customer with the checks and the errors:

21039
Configure IPFilter to allow only select communication.
Invalid path or wrong permissions to run command 'ipf -v -l'

21133 - Resolve "unowned" files and directories.
Timeout overtaken running command 'find / ( -nouser -o -nogroup )'

Please let me know.
Thank you.

[sebastiandbustos]

Jose Izquierdo provided the corrected policy, updating the issue with the file.

cis_hpux_11i.zip