Manuals
/
HP
/
Computer Equipment
/
Software
HP
UX 11i Role-based Access Control (RBAC) Software
manual
List of Examples
Models:
UX 11i Role-based Access Control (RBAC) Software
1
11
84
84
Download
84 pages
13.76 Kb
8
9
10
11
12
13
14
15
Troubleshooting
Install
Symbols
HP-UX Rbac Configuration Files
Access Control Basics
HP-UX Rbac Commands
Authorization
Features and Benefits
Using HP-UX Rbac
Page 11
Image 11
List of Examples
3-1
The authadm Command Syntax
41
3-2
Example of the authadm Command Usage
41
11
Page 10
Page 12
Page 11
Image 11
Page 10
Page 12
Contents
HP-UX 11i Security Containment Administrators Guide
Copyright 2007 Hewlett-Packard Development Company, L.P
Table of Contents
Fine-Grained Privileges
Index
Page
List of Figures
Page
List of Tables
Page
List of Examples
Page
Publishing History
About This Document
Intended Audience
New and Changed Information in This Edition
UserInput
Typographic Conventions
HP-UX Release Name and Release Identifier
HP-UX 11i Releases
Related Information
HP Encourages Your Comments
Page
Account Policy Management
Authorization
HP-UX 11i Security Containment Introduction
Conceptual Overview
Auditing
Features and Benefits
Defined Terms
Isolation
Features
Benefits
Prerequisites and System Requirements
Installation
Installing HP-UX 11i Security Containment
# swlist -a state -l fileset SecurityExt
Verifying the HP-UX 11i Security Containment Installation
# swlist -d @ /tmp/securitycontainmentbundle.depot
# swverify SecurityExt
# swverify Rbac
Installing HP-UX Role-Based Access Control
Verifying the HP-UX Role-Based Access Control Installation
Installing HP-UX Standard Mode Security Extensions
# swlist -a state -l fileset TrustedMigration
Uninstalling HP-UX 11i Security Containment
Uninstalling HP-UX Rbac
# swverify TrustedMigration
# swremove TrustedMigration
Uninstalling HP-UX Standard Mode Security Extensions
# swremove Rbac
Page
Overview
HP-UX Role-Based Access Control
HP-UX Rbac Versus Other Rbac Solutions
Example of Authorizations Per User
Access Control Basics
Simplifying Access Control with Roles
HP-UX Rbac Components
Example of Authorizations Per Role
HP-UX Rbac Configuration Files
HP-UX Rbac Access Control Policy Switch
HP-UX Rbac Configuration Files
HP-UX Rbac Commands
HP-UX Rbac Manpages
HP-UX Rbac Commands
HP-UX Rbac Manpages
HP-UX Rbac Architecture
HP-UX Rbac Architecture
HP-UX Rbac Example Usage and Operation
Planning the Roles
Planning Authorizations for the Roles
Planning the HP-UX Rbac Deployment
HP-UX Rbac Limitations and Restrictions
Planning Command Mappings
Configuring HP-UX Rbac
Example Planning Results
Configuring Roles
Creating Roles
Assigning Roles to Groups
Configuring Authorizations
Assigning Roles to Users
Configuring Additional Command Authorizations and Privileges
Is mainly intended for scripts
Examples of Hierarchical Roles
Example Roles Configuration in HP-UX Rbac B.11.23.02
Hierarchical Roles
Overview
Hierarchical Roles Considerations
Changes to the authadm Command for Hierarchical Roles
Example 3-1 The authadm Command Syntax
Example 3-2 Example of the authadm Command Usage
Configuring HP-UX Rbac with Fine-Grained Privileges
Matches the following /etc/rbac/cmdpriv entries
Configuring HP-UX Rbac with Compartments
Command
GID
Configuring HP-UX Rbac to Generate Audit Trails
Procedure for Auditing HP-UX Rbac Criteria
Following is the privrun command syntax
Using HP-UX Rbac
# privrun ipfstat
HP-UX Rbac in Serviceguard Clusters
Customizing privrun and privedit Using the Acps
Privrun -v Information
Troubleshooting HP-UX Rbac
Rbacdbchk Database Syntax Tool
Fine-Grained Privileges Components
Commands
Fine-Grained Privileges Commands
Fine-Grained Privileges
Available Privileges
Available Privileges
Manpages
Fine-Grained Privileges Manpages
Or launch policy
Configuring Applications with Fine-Grained Privileges
# setfilexsec options filename
Privilege Model
Compound Privileges
Privilege Escalation
Fine-Grained Privileges in HP Serviceguard Clusters
Troubleshooting Fine-Grained Privileges
Security Implications of Fine-Grained Privileges
# getprocxsec options pid
Compartment Architecture
Compartments
Compartment Architecture
Planning the Compartment Structure
Default Compartment Configuration
# cmpttune -e
Modifying Compartment Configuration
Activating Compartments
# setrules -p
Changing Compartment Names
Compartment Configuration Files
Compartment Components
Changing Compartment Rules
Compartment Manpages
Compartment Commands
Compartment Configuration Files
Compartment Commands
File System Rules
Compartment Rules and Syntax
Compartment Definition
Permissionlist
IPC Rules
IPC mechanism in the current compartment
Network Rules
Access
Interface
Miscellaneous Rules
Example Rules File
Configuring Applications in Compartments
Troubleshooting Compartments
# vhardlinks
Configured rules are loaded into the kernel
Do not configure standby LAN interfaces in a compartment
Compartments in HP Serviceguard Clusters
Standard Mode Security Extensions
System Security Attributes
Configuring Systemwide Attributes
Configuration Files
Security Attributes and the User Database
Manpages
Commands
Attributes
Auditing Components
Configuring Attributes in the User Database
Troubleshooting the User Database
Auditing
Enabling Auditing
Audit Commands
Auditing Your System
Planning Your Auditing Implementation
#audsys -n -c primaryauditfile -s
# audevent -P -F -e admin -e login -e moddac
AUDEVENTARGS1 = -P -F -e admin -e login -e moddac
Monitoring Audit Files
#audsys -f
Guidelines for Administering Your Auditing System
Auditing Users
Performance Considerations
# /usr/sbin/userdbset -u user-nameAUDITFLAG=1
Audevent command options
Auditing Events
Streamlining Audit Log Data
Self-auditing processes
Audit Log Files
#/usr/sbin/audisp auditfile
Configuring Audit Log Files
Viewing Audit Logs
Examples of Using the audisp Command
Page
Index
Symbols
Security attribute defining
Top
Page
Image
Contents