HP UX Security Products and Features Software manual Glossary Index

Page 5

C.3.1 Creating a FLAC policy

54

C.3.2 Enabling a FLAC policy

54

C.3.3 Testing a FLAC policy

54

C.3.4 Disabling a FLAC policy

55

C.3.5 Removing a FLAC policy

55

C.4 IBAC policies

55

C.4.1 Creating an IBAC policy

55

C.4.2 Enabling an IBAC policy

55

C.4.3 Testing an IBAC policy

55

C.4.4 Disabling an IBAC policy

56

C.4.5 Removing an IBAC policy

56

Glossary

57

Index

59

Table of Contents

5

Page 4 Page 6
Image 5
Page 4 Page 6
Contents HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page File lock access controls Security featuresFile access policies Capabilities Identity-based access controls4 api Page WLI architecture Product overviewApplication API CommandsApplications WLI metadata files WLI database3 .$WLISIGNATURE$ Page Generating keys Key usageUser keys Administrator keysInstalling WLI Installing, removing, and upgradingInstallation requirements Removing WLI Upgrading WLI Page Authorizing administrator keys ConfiguringAuthorizing the recovery key Backing up the WLI database Signing DLKMsRebooting to restricted mode Page Creating a Flac policy Enhancing security with WLISigning an executable binary Creating an Ibac policy Removing a file access policyEnabling DLKMs to load during boot Wlisign -a -k adminpriv /usr/sbin/kcmodule # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/cissLoading unsigned DLKMs # kcmodule ciss=unusedPage WLI database files Backup and restore considerationsOverview Write protected Policy protected and metadata filesRead/write protected files RecommendationsMetadata files Flac policiesIbac policies Page WLI database HP Serviceguard considerationsAdministration Policy protected files Software distributor issues Troubleshooting and known issuesWLI reinstallation Lost WLI administrator key or passphraseSu root # rm -r /etc/wli Wlisyspolicy -s mode=maintenance -k adminkey# tar -xf /tmp/wlikeydb.tar # kcmodule wli=unused # shutdown -rRelated information Support and other resourcesContacting HP User input Typographic conventionsWebsites Times Page Instructions # make clean# make all # su wliusr1Ibac add and delete program Flac add and delete programIbac add and delete program Page Administration examples Su root # wlisign -a -k adm1.pvt /usr/bin/tar Wlicert -s -c wli.admin1 -o wmd -k adm1.pvtBdf mydir Tar -vtf tartest.tarCat /tmp/.$WLIFSPARMS$ Wlisys -k adm1.pvt -s wmdstoretype=pseudoBprestore -f backuplist Bpbackup -f backuplistConfiguring WLI Quick setup examplesAuthorizing an administrator key Authorizing a user keyFlac policies Testing a Flac policyCreating a Flac policy Enabling a Flac policyIbac policies Removing an Ibac policy Disabling an Ibac policyASM GlossaryPage Index SymbolsIndex
Top Page Image Contents