HP UX Security Products and Features Software manual Backup and restore considerations, Overview

Page 33

7 Backup and restore considerations

7.1 Overview

This section describes how WLI-protected files are read from and written back to their original locations when the WLI security mode is restricted. Maintenance mode is necessary for some files to backup and restore. Because backup and restore procedures vary considerably across HP-UX installations, no specific commands or procedures are recommended.

With WLI installed and configured, backup and restore procedures depend on the WLI security mode, as described in wlisyspolicy(1M). In maintenance mode, WLI access restrictions are completely disabled. Backup and restore operations are the same as if WLI is not installed. Files produced or installed by WLI can be read or written with only file ownership and permissions bits restricting access.

The security downgrade from switching to maintenance mode even temporarily might be unacceptable. To maintain a highly secure environment, both administrators and users might need to backup and restore files with the server online and mode set to restricted only.

In restricted mode, access restrictions on WLI protected files and directories inhibits typical backup and restore operations. Additional actions are necessary for backup and restore operations on WLI database files and policy protected files. The system administrator needs to create new or adjust existing backup and restore procedures.

Changing the passphrase of a WLI key, either administrator or user, does not affect any files covered in the following sections. Guidelines for systems with high security often include passphrase change requirements. Such requirements do not imply more frequent WLI file backups.

Symantec NetBackup is required for backup and restore operations if the value of the wmdstoretype attribute is auto and WLI protected files exist on a VxFS file system at revision 5.0.1 or later. This attribute and file system combination causes policy protected file metadata to be stored in a named data stream. A named data stream is associated with a file inode, but is not accessible to traditional HP-UX commands. For more details and syntax on setting wmdstoretype, see wlisys(1M).

The fundamental operations are reading protected files for backup commands and writing these same files back to their original locations for restore commands. Difficulties encountered are essentially the same whether traditional UNIX commands like tar and cpio are used or proprietary tools like Symantec NetBackup.

HP recommends that administrators implement or modify backup and restore procedures that include all files with WLI protection. For discussion of backup and restore operations, WLI protected files can be divided into the following categories:

WLI database files—managed through WLI administrator commands

Policy protected and metadata files—managed through WLI user commands

7.2WLI database files

The WLI database is described in (page 16). Files comprising this database are managed by commands that require an administrator key:

wliadm wlicert wlisys wlisyspolicy

WLI database files can have following protection classes:

write protected read/write protected

7.1 Overview

33

Page 32 Page 34
Image 33
Page 32 Page 34
Contents HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page Security features File access policiesFile lock access controls Capabilities Identity-based access controls4 api Page WLI architecture Product overviewApplication API CommandsApplications WLI metadata files WLI database3 .$WLISIGNATURE$ Page Generating keys Key usageUser keys Administrator keysInstalling, removing, and upgrading Installation requirementsInstalling WLI Removing WLI Upgrading WLI Page Configuring Authorizing the recovery keyAuthorizing administrator keys Backing up the WLI database Signing DLKMsRebooting to restricted mode Page Enhancing security with WLI Signing an executable binaryCreating a Flac policy Removing a file access policy Enabling DLKMs to load during boot Creating an Ibac policy Wlisign -a -k adminpriv /usr/sbin/kcmodule # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/cissLoading unsigned DLKMs # kcmodule ciss=unusedPage Backup and restore considerations OverviewWLI database files Write protected Policy protected and metadata filesRead/write protected files RecommendationsFlac policies Ibac policiesMetadata files Page HP Serviceguard considerations AdministrationWLI database Policy protected files Software distributor issues Troubleshooting and known issuesWLI reinstallation Lost WLI administrator key or passphraseSu root # rm -r /etc/wli Wlisyspolicy -s mode=maintenance -k adminkey# tar -xf /tmp/wlikeydb.tar # kcmodule wli=unused # shutdown -rSupport and other resources Contacting HPRelated information Typographic conventions WebsitesUser input Times Page Instructions # make clean# make all # su wliusr1Ibac add and delete program Flac add and delete programIbac add and delete program Page Administration examples Su root # wlisign -a -k adm1.pvt /usr/bin/tar Wlicert -s -c wli.admin1 -o wmd -k adm1.pvtBdf mydir Tar -vtf tartest.tarCat /tmp/.$WLIFSPARMS$ Wlisys -k adm1.pvt -s wmdstoretype=pseudoBprestore -f backuplist Bpbackup -f backuplistConfiguring WLI Quick setup examplesAuthorizing an administrator key Authorizing a user keyFlac policies Testing a Flac policyCreating a Flac policy Enabling a Flac policyIbac policies Removing an Ibac policy Disabling an Ibac policyASM GlossaryPage Index SymbolsIndex
Top Page Image Contents