HP UX Security Products and Features Software manual Table of Contents

Page 3

Table of Contents

 

1 Security features

9

1.1

File access policies

9

 

1.1.1 File lock access controls

9

 

1.1.2 Identity-based access controls

10

1.2

Capabilities

10

 

1.2.1 mem

10

 

1.2.2 wmd

10

 

1.2.3 dlkm

10

 

1.2.4 api

11

2 Product overview

13

2.1

WLI architecture

13

 

2.1.1 Commands

14

 

2.1.1.1 Application API

14

 

2.1.1.2 Applications

15

 

2.1.1.3 Stackable file system module

15

 

2.1.1.4 Policy enforcement manager

15

 

2.1.1.5 File systems

16

2.2

WLI database

16

2.3

WLI metadata files

16

 

2.3.1 .$WLI_FSPARMS$

17

 

2.3.2 .$WLI_POLICY$

17

 

2.3.3 .$WLI_SIGNATURE$

17

3 Key usage

19

3.1 Generating keys

19

3.2

User keys

20

3.3

Administrator keys

20

4 Installing, removing, and upgrading

21

4.1

Installation requirements

21

4.2

Installing WLI

21

4.3

Removing WLI

22

4.4

Upgrading WLI

23

5 Configuring

25

5.1

Authorizing the recovery key

25

5.2

Authorizing administrator keys

25

5.3

Signing DLKMs

26

5.4 Backing up the WLI database

26

5.5 Rebooting to restricted mode

27

6 Enhancing security with WLI

29

6.1 Signing an executable binary

29

6.2

Creating a FLAC policy

29

6.3

Creating an IBAC policy

30

6.4

Removing a file access policy

30

Table of Contents

3

Page 2 Page 4
Image 3
Page 2 Page 4
Contents HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page Security features File access policiesFile lock access controls Capabilities Identity-based access controls4 api Page WLI architecture Product overviewApplication API CommandsApplications WLI metadata files WLI database3 .$WLISIGNATURE$ Page Generating keys Key usageUser keys Administrator keysInstalling, removing, and upgrading Installation requirementsInstalling WLI Removing WLI Upgrading WLI Page Configuring Authorizing the recovery keyAuthorizing administrator keys Backing up the WLI database Signing DLKMsRebooting to restricted mode Page Enhancing security with WLI Signing an executable binaryCreating a Flac policy Removing a file access policy Enabling DLKMs to load during bootCreating an Ibac policy # kcmodule ciss=unused # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/cissWlisign -a -k adminpriv /usr/sbin/kcmodule Loading unsigned DLKMsPage Backup and restore considerations OverviewWLI database files Recommendations Policy protected and metadata filesWrite protected Read/write protected filesFlac policies Ibac policiesMetadata files Page HP Serviceguard considerations AdministrationWLI database Policy protected files Lost WLI administrator key or passphrase Troubleshooting and known issuesSoftware distributor issues WLI reinstallation# kcmodule wli=unused # shutdown -r Wlisyspolicy -s mode=maintenance -k adminkeySu root # rm -r /etc/wli # tar -xf /tmp/wlikeydb.tarSupport and other resources Contacting HPRelated information Typographic conventions WebsitesUser input Times Page # su wliusr1 # make cleanInstructions # make allIbac add and delete program Flac add and delete programIbac add and delete program Page Administration examples Su root # wlisign -a -k adm1.pvt /usr/bin/tar Wlicert -s -c wli.admin1 -o wmd -k adm1.pvtWlisys -k adm1.pvt -s wmdstoretype=pseudo Tar -vtf tartest.tarBdf mydir Cat /tmp/.$WLIFSPARMS$Bprestore -f backuplist Bpbackup -f backuplistAuthorizing a user key Quick setup examplesConfiguring WLI Authorizing an administrator keyEnabling a Flac policy Testing a Flac policyFlac policies Creating a Flac policyIbac policies Removing an Ibac policy Disabling an Ibac policyASM GlossaryPage Index SymbolsIndex
Related manuals
Manual 130 pages 58.55 Kb
Top Page Image Contents