Contact Us Contact Us

HP-UX Bastille

  Software Depot
Electronic download
Frequently asked questions
Product details and specifications

HP-UX Bastille is a system configuration tool to manage security-related settings in common HP-UX services and programs. By systematically changing these settings to more secure values, HP-UX Bastille creates a hardened system with reduced exposure to known security vulnerabilities. Guided by the HP-UX Bastille GUI, users start by building a security configuration profile for the system from a catalog of security issues and their lock-down actions. The HP-UX Bastille lock-down engine is then run to perform the actions specified in the configuration profile. HP-UX Bastille assessment reports are available to audit the current security state of the system, and monitor any drift from a baseline or benchmark configuration.

Security auditors can use HP-UX Bastille assessment capabilities to verify compliance with regulatory requirements or industry-consensus standards such as the Center for Internet Security (CIS) benchmark.

HP-UX Bastille is built upon the open-source program Bastille-Linux, and is fully supported and maintained by HP for HP-UX systems.

HP-UX Bastille features and benefits

         Over 100 security items consolidated from essential hardening checklists and security guidelines

o       System services, daemons, user account policies, kernel settings, firewall, file permissions, and others

o       Drawn from industry benchmarks, government standards, and customer feedback on security

o       Available from a single tool

         Wizard-style GUI to build security configuration profiles

o       Trade-offs between security, usability, and functionality made clear through explanatory text

o       Users unfamiliar with a particular security item can still make informed decisions

o       Guided presentation (customized for each system) eases burden of reviewing the full catalog of items

o       Rapid creation of configuration profiles to fit varied system versions and application mixes

         Assessment reports for system security configuration status

o       Available in HTML, text, and config file formats

o       Enables regular auditing for monitoring compliance or configuration drift

o       Benchmark mapping tool to view compliance with external benchmarks such as CIS

         The revert option restores system configuration to state prior to lock down

o       Invaluable if unexpected incompatibilities occur

o       Enables rapid trial and error testing of security profiles

         Integrated with System Insight Manager (SIM)

o       Lock down and reporting available from SIM menus

o       SIM.config pre-tested configuration for SIM server lock down



  • HP-UX 11i v2 or HP-UX 11i v3 for HP-UX Bastille B.3.3.01 and B.3.3
  • HP-UX 11i v1 for HP-UX Bastille B.3.0.31
  • Root access is needed to run Bastille.


HP-UX Bastille requires the HP compiled version of Perl D.5.8.0.D or later.

  • Use the swlist perl command to verify the version.
  • The required packages are available here.

disk space:

  • 1 MB for HP-UX Bastille
  • 155 Mb for Perl
    • Both the 32- and 64-bit versions are not required, so you may elect to remove one of them to save disk space.
    • The quoted space is for the standard Perl bundle which includes both versions.
    • Perl is installed by default on recent Operating Environment Updates and Releases, so separate download is not required.


  • None



New features in B.3.3.01

         Support for HP-UX SRP version A.03.00

o       HP-UX Bastille can lock down HP-UX SRP host operating system containers and the HP-UX SRP containers running under the host, but with a subset of its normal collection of security lockdown items. HP-UX Bastille lockdown items incompatible within the HP-UX SRP host or container are ignored if selected in an HP-UX Bastille security configuration profile. Examples include HP-UX IPFilter in SRP containers and host, and core-networking parameters in an SRP container.

o       Two new HP-UX Bastille configuration profiles are included to provide default lock down selections:

1.      SRPCONT.config: Default settings for an HP-UX SRP system container

2.      SRPHOST.config: Default file settings for the HP-UX SRP host system



         bastille(1m) and bastille_drift(1m) man pages are delivered with the product.

         Click on the link to access the  HP-UX Bastille Version B.3.3 User Guide


Additional product information
Product #: B6849AA
Version: B.3.3.01
Software specification: HP-UX 11i v3 (HPUXBastille_B.3.3.01_HP-UX_B.11.23_32_64.depot)
HP-UX 11i v2 (HPUXBastille_B.3.3_HP-UX_B.11.23_32_64.depot)
HP-UX 11i v1 (HPUXBastille_B.3.0.31_HP-UX_B.11.23_32_64.depot)