HP UX Security Products and Features Software manual Glossary, Asm

Page 57

Glossary

ASM

Oracle Automatic Storage Management

authorized

A signed binary executable specified in an IBAC policy. The executable is permitted access to

executable

the protected file also specified in the IBAC.

CFS

Veritas Cluster File System

DAC

Discretionary Based Access Controls. A traditional file access control used on Unix-based

 

operating systems.

DLKM

Dynamically Loadable Kernel Module

FAP

File Access Policy. WLI metadata that restricts access to a regular file or directory. IBAC and

 

FLAC policies are FAPs. A file can have multiple IBAC policies but only one FLAC.

FLAC

File Lock Access Control. This file access policy restricts access to read-only for all executables.

HA

High Availability

IBAC

Identity Based Access Control. This file access policy restricts access to an authorized executable.

maintenance

WLI does not enforce file access policies and resource restrictions. All read and write protection

mode

on WLI database files is disabled.

named stream

VxFS feature that allows a single file inode to be associated with multiple data streams. On

 

VxFS 5.0.1 and later VxFS revisions, WLI stores policy and signature metadata in a named

 

stream associated with the file for which the policy or signature applies.

restricted mode

WLI enforces file access policies and resource restrictions in accord with other security attributes.

 

Read and write protection on WLI database files is enabled.

rng

The HP-UX kernel random number generator. Strong random numbers are generated from the

 

informational entropy in system interrupt arrival times from networking and other external

 

sources.

RSA

Rivest, Shamir & Adleman. Algorithms and protocol for generating asymmetric cryptographic

 

keys and establishing secure communications.

VFS

Virtual File System. The kernel component that virtualizes file system operations for NFS, HFS,

 

and VxFS for storage management on physical media.

57

Image 57
Contents HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page Security features File access policiesFile lock access controls Capabilities Identity-based access controls4 api Page WLI architecture Product overviewApplication API CommandsApplications WLI metadata files WLI database3 .$WLISIGNATURE$ Page Generating keys Key usageUser keys Administrator keysInstalling, removing, and upgrading Installation requirementsInstalling WLI Removing WLI Upgrading WLI Page Configuring Authorizing the recovery keyAuthorizing administrator keys Backing up the WLI database Signing DLKMsRebooting to restricted mode Page Enhancing security with WLI Signing an executable binaryCreating a Flac policy Removing a file access policy Enabling DLKMs to load during bootCreating an Ibac policy Wlisign -a -k adminpriv /usr/sbin/kcmodule # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/cissLoading unsigned DLKMs # kcmodule ciss=unusedPage Backup and restore considerations OverviewWLI database files Write protected Policy protected and metadata filesRead/write protected files RecommendationsFlac policies Ibac policiesMetadata files Page HP Serviceguard considerations AdministrationWLI database Policy protected files Software distributor issues Troubleshooting and known issuesWLI reinstallation Lost WLI administrator key or passphraseSu root # rm -r /etc/wli Wlisyspolicy -s mode=maintenance -k adminkey# tar -xf /tmp/wlikeydb.tar # kcmodule wli=unused # shutdown -rSupport and other resources Contacting HPRelated information Typographic conventions WebsitesUser input Times Page Instructions # make clean# make all # su wliusr1Ibac add and delete program Flac add and delete programIbac add and delete program Page Administration examples Su root # wlisign -a -k adm1.pvt /usr/bin/tar Wlicert -s -c wli.admin1 -o wmd -k adm1.pvtBdf mydir Tar -vtf tartest.tarCat /tmp/.$WLIFSPARMS$ Wlisys -k adm1.pvt -s wmdstoretype=pseudoBprestore -f backuplist Bpbackup -f backuplistConfiguring WLI Quick setup examplesAuthorizing an administrator key Authorizing a user keyFlac policies Testing a Flac policyCreating a Flac policy Enabling a Flac policyIbac policies Removing an Ibac policy Disabling an Ibac policyASM GlossaryPage Index SymbolsIndex
Related manuals
Manual 130 pages 58.55 Kb