HP UX Security Products and Features Software manual HP Serviceguard considerations

Page 4

6.5 Enabling DLKMs to load during boot		30
6.6	Loading unsigned DLKMs	31
7 Backup and restore considerations		33
7.1	Overview	33
7.2 WLI database files		33
	7.2.1 Write protected	34
	7.2.2 Read/write protected files	34
	7.2.3 Recommendations	34
7.3	Policy protected and metadata files	34
	7.3.1 FLAC policies	35
	7.3.2 IBAC policies	35
	7.3.3 Metadata files	35
	7.3.4 Recommendations	35
8 HP Serviceguard considerations		37
8.1	Overview	37
8.2	Administration	37
	8.2.1 WLI database	37
	8.2.2 Policy protected files	38
9 Troubleshooting and known issues		39
9.1	Software distributor issues	39
9.2	WLI reinstallation	39
9.3	Lost WLI administrator key or passphrase	39
9.4	WLI database corruption	39
10 Support and other resources		41
10.1 Contacting HP		41
	10.1.1 Before you contact HP	41
	10.1.2 HP contact information	41
	10.1.3 Subscription service	41
	10.1.4 Documentation feedback	41
10.2 Related information		41
10.3 Typographic conventions		42
A libwliapi example		45
A.1 Instructions		45
A.2 makefile		45
A.3 FLAC add and delete program		46
A.4 IBAC add and delete program		46
B Administration examples		49
C Quick setup examples		53
C.1 Installing WLI		53
C.2 Configuring WLI		53
	C.2.1 Authorizing an administrator key	53
	C.2.2 Authorizing a user key	53
C.3 FLAC policies		54

4Table of Contents

Image 4

Contents HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page File access policies Security featuresFile lock access controls Identity-based access controls Capabilities4 api Page Product overview WLI architectureCommands Application APIApplications WLI database WLI metadata files3 .$WLISIGNATURE$ Page Key usage Generating keysAdministrator keys User keysInstallation requirements Installing, removing, and upgradingInstalling WLI Removing WLI Upgrading WLI Page Authorizing the recovery key ConfiguringAuthorizing administrator keys Signing DLKMs Backing up the WLI databaseRebooting to restricted mode Page Signing an executable binary Enhancing security with WLICreating a Flac policy Enabling DLKMs to load during boot Removing a file access policyCreating an Ibac policy # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/ciss Wlisign -a -k adminpriv /usr/sbin/kcmoduleLoading unsigned DLKMs # kcmodule ciss=unusedPage Overview Backup and restore considerationsWLI database files Policy protected and metadata files Write protectedRead/write protected files RecommendationsIbac policies Flac policiesMetadata files Page Administration HP Serviceguard considerationsWLI database Policy protected files Troubleshooting and known issues Software distributor issuesWLI reinstallation Lost WLI administrator key or passphraseWlisyspolicy -s mode=maintenance -k adminkey Su root # rm -r /etc/wli# tar -xf /tmp/wlikeydb.tar # kcmodule wli=unused # shutdown -rContacting HP Support and other resourcesRelated information Websites Typographic conventionsUser input Times Page # make clean Instructions# make all # su wliusr1Flac add and delete program Ibac add and delete programIbac add and delete program Page Administration examples Wlicert -s -c wli.admin1 -o wmd -k adm1.pvt Su root # wlisign -a -k adm1.pvt /usr/bin/tarTar -vtf tartest.tar Bdf mydirCat /tmp/.$WLIFSPARMS$ Wlisys -k adm1.pvt -s wmdstoretype=pseudoBpbackup -f backuplist Bprestore -f backuplistQuick setup examples Configuring WLIAuthorizing an administrator key Authorizing a user keyTesting a Flac policy Flac policiesCreating a Flac policy Enabling a Flac policyIbac policies Disabling an Ibac policy Removing an Ibac policyGlossary ASMPage Symbols IndexIndex

Related manuals

Manual 130 pages 58.55 Kb