HP UX Security Products and Features Software manual Flac add and delete program

Page 46

openssl rsa -passin pass:mypasswd -out ukey.pub -in ukey.pvt -pubout

user_setup: api_flac_test api_ibac_test ukey.pvt ukey.pub if ! grep -q wliusr1 /etc/passwd; then \

useradd wliusr1; \

chown wliusr1 flac_test; chmod a+w flac_test; \ chown wliusr1 ibac_test; chmod a+w ibac_test; \ chown wliusr1 api_flac_test; chmod u+w flac_test; \ chown wliusr1 api_ibac_test; chmod u+w ibac_test; \ chown wliusr1 ukey.pvt; chmod go-w ukey.pvt; \ chown wliusr1 ukey.pub; chmod go-w ukey.pub; \

clean:

rm -f *.o api_flac_test api_ibac_test if grep -q wliusr1 /etc/passwd; then \

userdel -F wliusr1; \

fi

rm -f flac_test ibac_test rm -f ukey.pub ukey.pvt

A.3 FLAC add and delete program

/*

*(C) Copyright 2010 Hewlett-Packard Development Company, L.P.

*Description:

*api_flac_test.c

*/
#include<stdio.h>
#include<fcntl.h>
#include<sys/errno.h>
#include<api.h>
#define FLAC_TEST	"flac_test"
main(int argc, char *argv[])
{
wli_fap_t	ptype = WLIAPI_FAP_FLAC;
wliapi_err_t	err = WLIAPI_SUCCESS;
int	fd = 0;

fd = open(FLAC_TEST, O_CREATO_TRUNCO_RDWR, 0666); if ( fd < 0 ) {

(void) fprintf(stderr,

"Failed to create a test file; error %d\n", errno); return(-1);

}

close(fd);

err = wli_add_fap(FLAC_TEST, ptype); if (err) {

(void) fprintf(stderr,

"Failed to add fap %d\n", err); return(-1);

}

err = wli_del_fap(FLAC_TEST, ptype); if (err) {

fprintf(stderr,

"Failed to del fap %d\n", err);

}

return(err);

}

A.4 IBAC add and delete program

/*

*(C) Copyright 2010 Hewlett-Packard Development Company, L.P.

*Description:

46libwliapi example

Image 46

Contents HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page File access policies Security featuresFile lock access controls Identity-based access controls Capabilities4 api Page Product overview WLI architectureCommands Application APIApplications WLI database WLI metadata files3 .$WLISIGNATURE$ Page Key usage Generating keysAdministrator keys User keysInstallation requirements Installing, removing, and upgradingInstalling WLI Removing WLI Upgrading WLI Page Authorizing the recovery key ConfiguringAuthorizing administrator keys Signing DLKMs Backing up the WLI databaseRebooting to restricted mode Page Signing an executable binary Enhancing security with WLICreating a Flac policy Enabling DLKMs to load during boot Removing a file access policyCreating an Ibac policy Loading unsigned DLKMs # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/cissWlisign -a -k adminpriv /usr/sbin/kcmodule # kcmodule ciss=unusedPage Overview Backup and restore considerationsWLI database files Read/write protected files Policy protected and metadata filesWrite protected RecommendationsIbac policies Flac policiesMetadata files Page Administration HP Serviceguard considerationsWLI database Policy protected files WLI reinstallation Troubleshooting and known issuesSoftware distributor issues Lost WLI administrator key or passphrase# tar -xf /tmp/wlikeydb.tar Wlisyspolicy -s mode=maintenance -k adminkeySu root # rm -r /etc/wli # kcmodule wli=unused # shutdown -rContacting HP Support and other resourcesRelated information Websites Typographic conventionsUser input Times Page # make all # make cleanInstructions # su wliusr1Flac add and delete program Ibac add and delete programIbac add and delete program Page Administration examples Wlicert -s -c wli.admin1 -o wmd -k adm1.pvt Su root # wlisign -a -k adm1.pvt /usr/bin/tarCat /tmp/.$WLIFSPARMS$ Tar -vtf tartest.tarBdf mydir Wlisys -k adm1.pvt -s wmdstoretype=pseudoBpbackup -f backuplist Bprestore -f backuplistAuthorizing an administrator key Quick setup examplesConfiguring WLI Authorizing a user keyCreating a Flac policy Testing a Flac policyFlac policies Enabling a Flac policyIbac policies Disabling an Ibac policy Removing an Ibac policyGlossary ASMPage Symbols IndexIndex

Related manuals

Manual 130 pages 58.55 Kb