HP UX 11i Role-based Access Control (RBAC) Software manual Installation

Page 21

2 Installation

This chapter contains the information you need to install and remove HP-UX 11i Security Containment, HP-UX Role-Based Access Control, and Standard Mode Security Extensions. This chapter addresses the following topics:

“Prerequisites and System Requirements”

“Installing HP-UX 11i Security Containment”

“Verifying the HP-UX 11i Security Containment Installation”

“Installing HP-UXRole-Based Access Control”

“Verifying the HP-UXRole-Based Access Control Installation”

“Installing HP-UX Standard Mode Security Extensions”

“Verifying the HP-UX Standard Mode Security Extensions Installation”

“Uninstalling HP-UX 11i Security Containment”

“Uninstalling HP-UX RBAC”

“Uninstalling HP-UX Standard Mode Security Extensions”

Prerequisites and System Requirements

You must meet the following system requirements to install HP-UX 11i Security Containment.

Hardware

HP 9000 systems

HP Integrity systems

Software

HP-UX 11i Version 2 September 2004 release or later

Disk Space

66 Mbytes

Installing HP-UX 11i Security Containment

The following procedures describe how to download and install the HP-UX 11i Security Containment product from the SecurityExt bundle. This bundle includes the following software:

Compartments

Fine-grained privileges

HP-UX RBAC

HP-UX SMSE

Audit

Subsequent sections of this chapter describe how to install the HP-UX RBAC, HP-UX SMSE, and audit features separately, from different software bundles. Refer to “Installing HP-UXRole-Based Access Control” and “Installing HP-UX Standard Mode Security Extensions”.

Prerequisites and System Requirements

21

Page 20 Page 22
Image 21
Page 20 Page 22
Contents HP-UX 11i Security Containment Administrators Guide Copyright 2007 Hewlett-Packard Development Company, L.P Table of Contents Fine-Grained Privileges Index Page List of Figures Page List of Tables Page List of Examples Page Intended Audience About This DocumentNew and Changed Information in This Edition Publishing HistoryTypographic Conventions HP-UX Release Name and Release IdentifierUserInput Related Information HP Encourages Your CommentsHP-UX 11i Releases Page HP-UX 11i Security Containment Introduction AuthorizationConceptual Overview Account Policy ManagementDefined Terms Features and BenefitsIsolation AuditingFeatures Benefits Installation Installing HP-UX 11i Security ContainmentPrerequisites and System Requirements # swlist -d @ /tmp/securitycontainmentbundle.depot Verifying the HP-UX 11i Security Containment Installation# swverify SecurityExt # swlist -a state -l fileset SecurityExtVerifying the HP-UX Role-Based Access Control Installation Installing HP-UX Role-Based Access ControlInstalling HP-UX Standard Mode Security Extensions # swverify RbacUninstalling HP-UX Rbac Uninstalling HP-UX 11i Security Containment# swverify TrustedMigration # swlist -a state -l fileset TrustedMigrationUninstalling HP-UX Standard Mode Security Extensions # swremove Rbac# swremove TrustedMigration Page HP-UX Role-Based Access Control HP-UX Rbac Versus Other Rbac SolutionsOverview Access Control Basics Simplifying Access Control with RolesExample of Authorizations Per User HP-UX Rbac Components Example of Authorizations Per RoleHP-UX Rbac Configuration Files HP-UX Rbac Access Control Policy SwitchHP-UX Rbac Commands HP-UX Rbac Configuration FilesHP-UX Rbac Manpages HP-UX Rbac CommandsHP-UX Rbac Architecture HP-UX Rbac ManpagesHP-UX Rbac Architecture HP-UX Rbac Example Usage and OperationPlanning Authorizations for the Roles Planning the HP-UX Rbac DeploymentPlanning the Roles HP-UX Rbac Limitations and Restrictions Planning Command MappingsConfiguring HP-UX Rbac Configuring Roles Creating RolesExample Planning Results Configuring Authorizations Assigning Roles to UsersAssigning Roles to Groups Configuring Additional Command Authorizations and Privileges Is mainly intended for scripts Hierarchical Roles Example Roles Configuration in HP-UX Rbac B.11.23.02Overview Examples of Hierarchical RolesExample 3-1 The authadm Command Syntax Changes to the authadm Command for Hierarchical RolesExample 3-2 Example of the authadm Command Usage Hierarchical Roles ConsiderationsConfiguring HP-UX Rbac with Fine-Grained Privileges Configuring HP-UX Rbac with Compartments CommandMatches the following /etc/rbac/cmdpriv entries GID Configuring HP-UX Rbac to Generate Audit TrailsProcedure for Auditing HP-UX Rbac Criteria Following is the privrun command syntax Using HP-UX Rbac# privrun ipfstat HP-UX Rbac in Serviceguard Clusters Customizing privrun and privedit Using the Acps Troubleshooting HP-UX Rbac Rbacdbchk Database Syntax ToolPrivrun -v Information Fine-Grained Privileges Commands CommandsFine-Grained Privileges Fine-Grained Privileges ComponentsManpages Available PrivilegesFine-Grained Privileges Manpages Available PrivilegesOr launch policy Configuring Applications with Fine-Grained PrivilegesPrivilege Model Compound Privileges# setfilexsec options filename Troubleshooting Fine-Grained Privileges Fine-Grained Privileges in HP Serviceguard ClustersSecurity Implications of Fine-Grained Privileges Privilege Escalation# getprocxsec options pid Compartment Architecture CompartmentsCompartment Architecture Planning the Compartment Structure Default Compartment ConfigurationActivating Compartments Modifying Compartment Configuration# setrules -p # cmpttune -eCompartment Components Compartment Configuration FilesChanging Compartment Rules Changing Compartment NamesCompartment Configuration Files Compartment CommandsCompartment Commands Compartment ManpagesCompartment Rules and Syntax Compartment DefinitionFile System Rules Permissionlist IPC RulesIPC mechanism in the current compartment Network RulesAccess Interface Miscellaneous RulesConfiguring Applications in Compartments Troubleshooting CompartmentsExample Rules File # vhardlinks Configured rules are loaded into the kernelDo not configure standby LAN interfaces in a compartment Compartments in HP Serviceguard ClustersStandard Mode Security Extensions Configuration Files Configuring Systemwide AttributesSecurity Attributes and the User Database System Security AttributesCommands AttributesManpages Troubleshooting the User Database Configuring Attributes in the User DatabaseAuditing Auditing ComponentsAuditing Your System Audit CommandsPlanning Your Auditing Implementation Enabling AuditingAUDEVENTARGS1 = -P -F -e admin -e login -e moddac # audevent -P -F -e admin -e login -e moddacMonitoring Audit Files #audsys -n -c primaryauditfile -sAuditing Users Guidelines for Administering Your Auditing SystemPerformance Considerations #audsys -fAuditing Events Audevent command optionsStreamlining Audit Log Data # /usr/sbin/userdbset -u user-nameAUDITFLAG=1Self-auditing processes Audit Log FilesConfiguring Audit Log Files Viewing Audit Logs#/usr/sbin/audisp auditfile Examples of Using the audisp Command Page Index SymbolsSecurity attribute defining
Related manuals
Manual 10 pages 36.76 Kb
Top Page Image Contents