Manuals
/
HP
/
Computer Equipment
/
Software
HP
UX 11i Role-based Access Control (RBAC) Software
manual
Models:
UX 11i Role-based Access Control (RBAC) Software
1
10
84
84
Download
84 pages
13.76 Kb
7
8
9
10
11
12
13
14
<
>
Troubleshooting
Install
Symbols
HP-UX Rbac Configuration Files
Access Control Basics
HP-UX Rbac Commands
Authorization
Features and Benefits
Using HP-UX Rbac
Page 10
Image 10
10
Page 9
Page 11
Page 10
Image 10
Page 9
Page 11
Contents
HP-UX 11i Security Containment Administrators Guide
Copyright 2007 Hewlett-Packard Development Company, L.P
Table of Contents
Fine-Grained Privileges
Index
Page
List of Figures
Page
List of Tables
Page
List of Examples
Page
New and Changed Information in This Edition
About This Document
Intended Audience
Publishing History
HP-UX Release Name and Release Identifier
Typographic Conventions
UserInput
HP Encourages Your Comments
Related Information
HP-UX 11i Releases
Page
Conceptual Overview
Authorization
HP-UX 11i Security Containment Introduction
Account Policy Management
Isolation
Features and Benefits
Defined Terms
Auditing
Features
Benefits
Installing HP-UX 11i Security Containment
Installation
Prerequisites and System Requirements
# swverify SecurityExt
Verifying the HP-UX 11i Security Containment Installation
# swlist -d @ /tmp/securitycontainmentbundle.depot
# swlist -a state -l fileset SecurityExt
Installing HP-UX Standard Mode Security Extensions
Installing HP-UX Role-Based Access Control
Verifying the HP-UX Role-Based Access Control Installation
# swverify Rbac
# swverify TrustedMigration
Uninstalling HP-UX 11i Security Containment
Uninstalling HP-UX Rbac
# swlist -a state -l fileset TrustedMigration
# swremove Rbac
Uninstalling HP-UX Standard Mode Security Extensions
# swremove TrustedMigration
Page
HP-UX Rbac Versus Other Rbac Solutions
HP-UX Role-Based Access Control
Overview
Simplifying Access Control with Roles
Access Control Basics
Example of Authorizations Per User
Example of Authorizations Per Role
HP-UX Rbac Components
HP-UX Rbac Commands
HP-UX Rbac Access Control Policy Switch
HP-UX Rbac Configuration Files
HP-UX Rbac Configuration Files
HP-UX Rbac Architecture
HP-UX Rbac Commands
HP-UX Rbac Manpages
HP-UX Rbac Manpages
HP-UX Rbac Example Usage and Operation
HP-UX Rbac Architecture
Planning the HP-UX Rbac Deployment
Planning Authorizations for the Roles
Planning the Roles
Planning Command Mappings
HP-UX Rbac Limitations and Restrictions
Configuring HP-UX Rbac
Creating Roles
Configuring Roles
Example Planning Results
Assigning Roles to Users
Configuring Authorizations
Assigning Roles to Groups
Configuring Additional Command Authorizations and Privileges
Is mainly intended for scripts
Overview
Example Roles Configuration in HP-UX Rbac B.11.23.02
Hierarchical Roles
Examples of Hierarchical Roles
Example 3-2 Example of the authadm Command Usage
Changes to the authadm Command for Hierarchical Roles
Example 3-1 The authadm Command Syntax
Hierarchical Roles Considerations
Configuring HP-UX Rbac with Fine-Grained Privileges
Command
Configuring HP-UX Rbac with Compartments
Matches the following /etc/rbac/cmdpriv entries
Configuring HP-UX Rbac to Generate Audit Trails
GID
Procedure for Auditing HP-UX Rbac Criteria
Using HP-UX Rbac
Following is the privrun command syntax
# privrun ipfstat
HP-UX Rbac in Serviceguard Clusters
Customizing privrun and privedit Using the Acps
Rbacdbchk Database Syntax Tool
Troubleshooting HP-UX Rbac
Privrun -v Information
Fine-Grained Privileges
Commands
Fine-Grained Privileges Commands
Fine-Grained Privileges Components
Fine-Grained Privileges Manpages
Available Privileges
Manpages
Available Privileges
Configuring Applications with Fine-Grained Privileges
Or launch policy
Compound Privileges
Privilege Model
# setfilexsec options filename
Security Implications of Fine-Grained Privileges
Fine-Grained Privileges in HP Serviceguard Clusters
Troubleshooting Fine-Grained Privileges
Privilege Escalation
# getprocxsec options pid
Compartments
Compartment Architecture
Compartment Architecture
Default Compartment Configuration
Planning the Compartment Structure
# setrules -p
Modifying Compartment Configuration
Activating Compartments
# cmpttune -e
Changing Compartment Rules
Compartment Configuration Files
Compartment Components
Changing Compartment Names
Compartment Commands
Compartment Commands
Compartment Configuration Files
Compartment Manpages
Compartment Definition
Compartment Rules and Syntax
File System Rules
IPC Rules
Permissionlist
Network Rules
IPC mechanism in the current compartment
Access
Miscellaneous Rules
Interface
Troubleshooting Compartments
Configuring Applications in Compartments
Example Rules File
Configured rules are loaded into the kernel
# vhardlinks
Compartments in HP Serviceguard Clusters
Do not configure standby LAN interfaces in a compartment
Standard Mode Security Extensions
Security Attributes and the User Database
Configuring Systemwide Attributes
Configuration Files
System Security Attributes
Attributes
Commands
Manpages
Auditing
Configuring Attributes in the User Database
Troubleshooting the User Database
Auditing Components
Planning Your Auditing Implementation
Audit Commands
Auditing Your System
Enabling Auditing
Monitoring Audit Files
# audevent -P -F -e admin -e login -e moddac
AUDEVENTARGS1 = -P -F -e admin -e login -e moddac
#audsys -n -c primaryauditfile -s
Performance Considerations
Guidelines for Administering Your Auditing System
Auditing Users
#audsys -f
Streamlining Audit Log Data
Audevent command options
Auditing Events
# /usr/sbin/userdbset -u user-nameAUDITFLAG=1
Audit Log Files
Self-auditing processes
Viewing Audit Logs
Configuring Audit Log Files
#/usr/sbin/audisp auditfile
Examples of Using the audisp Command
Page
Symbols
Index
Security attribute defining
Top
Page
Image
Contents