Manuals / HP / Computer Equipment / Software

HP UX 11i Role-based Access Control (RBAC) Software manual Defined Terms, Features and Benefits

Models: UX 11i Role-based Access Control (RBAC) Software

1 84
Download 84 pages 13.76 Kb
Page 18
Image 18

program to be set to the superuser using the setuid command. This allows the program great latitude in reading and modifying system resources.

Privileges break up the latitude of the superuser into many different levels. The fine-grained privileges feature of HP-UX 11i Security Containment implements the concept of privileges.

Isolation

Compartments are a method of isolating components of a system from one another. Conceptually, processes belong to a compartment, and resources are associated with an access list that specifies how processes in different compartments can access them. That is, processes can access resources or communicate with processes belonging to a different compartment only if a rule exists between those compartments. Processes that belong to the same compartment can communicate with each other and access resources in that compartment without a rule.When configured properly, they can be an effective method to safeguard your HP-UX system and the data that resides on it.

Auditing

Auditing is the concept of tracking significant events on a system. You can record and analyze security events to help detect attempted security breaches and to understand successful breaches so that you can prevent them in the future.

Prior to the release of HP-UX 11i Security containment, auditing was available only on trusted mode HP-UX systems. With HP-UX 11i Security Containment, you can use enhanced auditing on standard mode HP-UX 11i v2 systems. You can configure HP-UX RBAC to audit access control request to the audit system.

Defined Terms

The following terms are used throughout this manual.

HP-UX RBAC

HP-UXRole-Based Access Control. Refer to Chapter 3 “HP-UXRole-Based Access Control” for information about HP-UX RBAC.

HP-UX SMSE

HP-UX Standard Mode Security Extensions. This set of features includes the user database and standard mode auditing.

NOTE: When you run swlist, the HP-UX SMSE product name appears as

TrustedMigration.

Refer to Chapter 6 “Standard Mode Security Extensions” for information about HP-UX SMSE.

Trusted Mode

Trusted Mode is a legacy method of securing the HP-UX operating system. Refer to Managing Systems and Workgroups: A Guide for HP-UX Systems Administrators for HP-UX 11i v 2 for information about trusted mode.

Legacy applications

In this document, a legacy application is an application created without awareness of fine-grained privileges or compartments. All applications released before HP-UX 11i Security Containment are legacy applications.

Features and Benefits

HP-UX 11i Security Containment Version B.11.23.02 contains a number of features to help you secure your HP-UX standard mode system.

18 HP-UX 11i Security Containment Introduction

Page 17 Page 19
Page 18
Image 18
HP UX 11i Role-based Access Control (RBAC) Software manual Defined Terms, Features and Benefits, Isolation, Auditing
Page 17 Page 19