Manuals
/
HP
/
Computer Equipment
/
Software
HP
UX 11i Role-based Access Control (RBAC) Software
manual
Models:
UX 11i Role-based Access Control (RBAC) Software
1
1
84
84
Download
84 pages
13.76 Kb
1
2
3
4
5
6
7
8
Troubleshooting
Install
Symbols
HP-UX Rbac Configuration Files
Access Control Basics
HP-UX Rbac Commands
Authorization
Features and Benefits
Using HP-UX Rbac
Page 1
Image 1
HP-UX
11i Security Containment Administrator's Guide
Version B.11.23.02
HP Part Number:
5991-8678
Published: E0606
Edition:
HP-UX
11i v2
Page 1
Page 2
Page 1
Image 1
Page 1
Page 2
Contents
HP-UX 11i Security Containment Administrators Guide
Copyright 2007 Hewlett-Packard Development Company, L.P
Table of Contents
Fine-Grained Privileges
Index
Page
List of Figures
Page
List of Tables
Page
List of Examples
Page
Intended Audience
About This Document
New and Changed Information in This Edition
Publishing History
HP-UX Release Name and Release Identifier
Typographic Conventions
UserInput
HP Encourages Your Comments
Related Information
HP-UX 11i Releases
Page
HP-UX 11i Security Containment Introduction
Authorization
Conceptual Overview
Account Policy Management
Defined Terms
Features and Benefits
Isolation
Auditing
Features
Benefits
Installing HP-UX 11i Security Containment
Installation
Prerequisites and System Requirements
# swlist -d @ /tmp/securitycontainmentbundle.depot
Verifying the HP-UX 11i Security Containment Installation
# swverify SecurityExt
# swlist -a state -l fileset SecurityExt
Verifying the HP-UX Role-Based Access Control Installation
Installing HP-UX Role-Based Access Control
Installing HP-UX Standard Mode Security Extensions
# swverify Rbac
Uninstalling HP-UX Rbac
Uninstalling HP-UX 11i Security Containment
# swverify TrustedMigration
# swlist -a state -l fileset TrustedMigration
# swremove Rbac
Uninstalling HP-UX Standard Mode Security Extensions
# swremove TrustedMigration
Page
HP-UX Rbac Versus Other Rbac Solutions
HP-UX Role-Based Access Control
Overview
Simplifying Access Control with Roles
Access Control Basics
Example of Authorizations Per User
HP-UX Rbac Components
Example of Authorizations Per Role
HP-UX Rbac Configuration Files
HP-UX Rbac Access Control Policy Switch
HP-UX Rbac Commands
HP-UX Rbac Configuration Files
HP-UX Rbac Manpages
HP-UX Rbac Commands
HP-UX Rbac Architecture
HP-UX Rbac Manpages
HP-UX Rbac Architecture
HP-UX Rbac Example Usage and Operation
Planning the HP-UX Rbac Deployment
Planning Authorizations for the Roles
Planning the Roles
HP-UX Rbac Limitations and Restrictions
Planning Command Mappings
Configuring HP-UX Rbac
Creating Roles
Configuring Roles
Example Planning Results
Assigning Roles to Users
Configuring Authorizations
Assigning Roles to Groups
Configuring Additional Command Authorizations and Privileges
Is mainly intended for scripts
Hierarchical Roles
Example Roles Configuration in HP-UX Rbac B.11.23.02
Overview
Examples of Hierarchical Roles
Example 3-1 The authadm Command Syntax
Changes to the authadm Command for Hierarchical Roles
Example 3-2 Example of the authadm Command Usage
Hierarchical Roles Considerations
Configuring HP-UX Rbac with Fine-Grained Privileges
Command
Configuring HP-UX Rbac with Compartments
Matches the following /etc/rbac/cmdpriv entries
GID
Configuring HP-UX Rbac to Generate Audit Trails
Procedure for Auditing HP-UX Rbac Criteria
Following is the privrun command syntax
Using HP-UX Rbac
# privrun ipfstat
HP-UX Rbac in Serviceguard Clusters
Customizing privrun and privedit Using the Acps
Rbacdbchk Database Syntax Tool
Troubleshooting HP-UX Rbac
Privrun -v Information
Fine-Grained Privileges Commands
Commands
Fine-Grained Privileges
Fine-Grained Privileges Components
Manpages
Available Privileges
Fine-Grained Privileges Manpages
Available Privileges
Or launch policy
Configuring Applications with Fine-Grained Privileges
Compound Privileges
Privilege Model
# setfilexsec options filename
Troubleshooting Fine-Grained Privileges
Fine-Grained Privileges in HP Serviceguard Clusters
Security Implications of Fine-Grained Privileges
Privilege Escalation
# getprocxsec options pid
Compartment Architecture
Compartments
Compartment Architecture
Planning the Compartment Structure
Default Compartment Configuration
Activating Compartments
Modifying Compartment Configuration
# setrules -p
# cmpttune -e
Compartment Components
Compartment Configuration Files
Changing Compartment Rules
Changing Compartment Names
Compartment Configuration Files
Compartment Commands
Compartment Commands
Compartment Manpages
Compartment Definition
Compartment Rules and Syntax
File System Rules
Permissionlist
IPC Rules
IPC mechanism in the current compartment
Network Rules
Access
Interface
Miscellaneous Rules
Troubleshooting Compartments
Configuring Applications in Compartments
Example Rules File
# vhardlinks
Configured rules are loaded into the kernel
Do not configure standby LAN interfaces in a compartment
Compartments in HP Serviceguard Clusters
Standard Mode Security Extensions
Configuration Files
Configuring Systemwide Attributes
Security Attributes and the User Database
System Security Attributes
Attributes
Commands
Manpages
Troubleshooting the User Database
Configuring Attributes in the User Database
Auditing
Auditing Components
Auditing Your System
Audit Commands
Planning Your Auditing Implementation
Enabling Auditing
AUDEVENTARGS1 = -P -F -e admin -e login -e moddac
# audevent -P -F -e admin -e login -e moddac
Monitoring Audit Files
#audsys -n -c primaryauditfile -s
Auditing Users
Guidelines for Administering Your Auditing System
Performance Considerations
#audsys -f
Auditing Events
Audevent command options
Streamlining Audit Log Data
# /usr/sbin/userdbset -u user-nameAUDITFLAG=1
Self-auditing processes
Audit Log Files
Viewing Audit Logs
Configuring Audit Log Files
#/usr/sbin/audisp auditfile
Examples of Using the audisp Command
Page
Index
Symbols
Security attribute defining
Top
Page
Image
Contents