HP UX Security Products and Features Software manual Capabilities, Identity-based access controls

Page 10

A FLAC policy prevents modification of file status information such as modification time, permission bits, owner ID, and group ID stored within the file inode.

1.1.2 Identity-based access controls

Abbreviated as IBAC, this policy type denies access to a designated file or directory for all executables except those specifically authorized. File or directory access is normally granted to an executing binary if all access restrictions are met. In addition to traditional UNIX restrictions, an IBAC policy identifies a specific executable binary that, once authenticated, is permitted to access the protected file. A single file can have multiple IBAC policies, each one identifying a particular executable.

An IBAC policy prevents unauthorized executables from opening a file. An executable specified in an IBAC policy is sometimes referred to as an authorized executable for the IBAC-protected file. If access to an IBAC protected file is permitted by WLI, then read, write, and execute permissions are determined by the file permission bits and effective userid. Other restrictions imposed outside of WLI, such as ACLs, are not be affected by WLI.

The user ID or effective user ID of a process is not directly involved in the enforcement of this policy type as well. A binary executable must have a valid WLI signature for it to be included in an IBAC policy. When an IBAC protected file is opened, the signature on the binary executing the open() is verified through the corresponding public key.

1.2 Capabilities

The WLI A.01.00 release provides the following capabilities corresponding to system operations that are protected when WLI security mode is restricted. Capabilities may be granted to binary executables on a permanent basis using wlisign, or only for a single execution with wliwrap.

1.2.1mem

WLI does not allow read or write operations on the memory image files /dev/mem and /dev/ kmem unless mem capability is granted to the binary executable attempting the open(). Some commands like adb open the memory image files to query and update kernel memory. Because these are device special files, WLI file access policies cannot be assigned to them.

If mem capability is granted to an executing process that is attempting to open one of the memory image files, the open() is still subject to failure from traditional open() restrictions such as those imposed by file permission bits.

1.2.2wmd

WLI does not allow its metadata to be created or written to unless wmd capability is granted to the executable requesting access. The wmd capability also allows read access on metadata files with WLI read protection. These restrictions are enforced whether the metadata is stored in VxFS name streams or protected metadata files. For more information about WLI metadata files, see Section 2.3 (page 16). This capability is useful for backup and restore commands like tar.

1.2.3dlkm

WLI permits the system to load a DLKM if the DLKM has been signed with wlisign using an authorized key. The signature on the DLKM is not required to include dlkm capability. The authorized key used for the signing also does not require dlkm capability.

Unsigned DLKMs can also be loaded. If the key authorizing wliwrap execution is granted dlkm capability, the wliwrap command grants dlkm capability to its child process. The child process can be an executing instance of kcmodule. The command file /usr/sbin/kcmodule must also be signed to be recognized as an authorized executable. The signature on /usr/sbin/ kcmodule is not required to include dlkm capability.

10 Security features

Page 9 Page 11
Image 10
Page 9 Page 11
Contents HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page File access policies Security featuresFile lock access controls Identity-based access controls Capabilities4 api Page Product overview WLI architectureCommands Application APIApplications WLI database WLI metadata files3 .$WLISIGNATURE$ Page Key usage Generating keysAdministrator keys User keysInstallation requirements Installing, removing, and upgradingInstalling WLI Removing WLI Upgrading WLI Page Authorizing the recovery key ConfiguringAuthorizing administrator keys Signing DLKMs Backing up the WLI databaseRebooting to restricted mode Page Signing an executable binary Enhancing security with WLICreating a Flac policy Enabling DLKMs to load during boot Removing a file access policyCreating an Ibac policy Loading unsigned DLKMs # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/cissWlisign -a -k adminpriv /usr/sbin/kcmodule # kcmodule ciss=unusedPage Overview Backup and restore considerationsWLI database files Read/write protected files Policy protected and metadata filesWrite protected RecommendationsIbac policies Flac policiesMetadata files Page Administration HP Serviceguard considerationsWLI database Policy protected files WLI reinstallation Troubleshooting and known issuesSoftware distributor issues Lost WLI administrator key or passphrase# tar -xf /tmp/wlikeydb.tar Wlisyspolicy -s mode=maintenance -k adminkeySu root # rm -r /etc/wli # kcmodule wli=unused # shutdown -rContacting HP Support and other resourcesRelated information Websites Typographic conventionsUser input Times Page # make all # make cleanInstructions # su wliusr1Flac add and delete program Ibac add and delete programIbac add and delete program Page Administration examples Wlicert -s -c wli.admin1 -o wmd -k adm1.pvt Su root # wlisign -a -k adm1.pvt /usr/bin/tarCat /tmp/.$WLIFSPARMS$ Tar -vtf tartest.tarBdf mydir Wlisys -k adm1.pvt -s wmdstoretype=pseudoBpbackup -f backuplist Bprestore -f backuplistAuthorizing an administrator key Quick setup examplesConfiguring WLI Authorizing a user keyCreating a Flac policy Testing a Flac policyFlac policies Enabling a Flac policyIbac policies Disabling an Ibac policy Removing an Ibac policyGlossary ASMPage Symbols IndexIndex
Related manuals
Manual 130 pages 58.55 Kb
Top Page Image Contents