Manuals
/
HP
/
Computer Equipment
/
Software
HP
UX 11i Role-based Access Control (RBAC) Software
manual
Models:
UX 11i Role-based Access Control (RBAC) Software
1
6
84
84
Download
84 pages
13.76 Kb
3
4
5
6
7
8
9
10
<
>
Troubleshooting
Install
Symbols
HP-UX Rbac Configuration Files
Access Control Basics
HP-UX Rbac Commands
Authorization
Features and Benefits
Using HP-UX Rbac
Page 6
Image 6
6
Page 5
Page 7
Page 6
Image 6
Page 5
Page 7
Contents
HP-UX 11i Security Containment Administrators Guide
Copyright 2007 Hewlett-Packard Development Company, L.P
Table of Contents
Fine-Grained Privileges
Index
Page
List of Figures
Page
List of Tables
Page
List of Examples
Page
New and Changed Information in This Edition
About This Document
Intended Audience
Publishing History
Typographic Conventions
HP-UX Release Name and Release Identifier
UserInput
Related Information
HP Encourages Your Comments
HP-UX 11i Releases
Page
Conceptual Overview
Authorization
HP-UX 11i Security Containment Introduction
Account Policy Management
Isolation
Features and Benefits
Defined Terms
Auditing
Features
Benefits
Installation
Installing HP-UX 11i Security Containment
Prerequisites and System Requirements
# swverify SecurityExt
Verifying the HP-UX 11i Security Containment Installation
# swlist -d @ /tmp/securitycontainmentbundle.depot
# swlist -a state -l fileset SecurityExt
Installing HP-UX Standard Mode Security Extensions
Installing HP-UX Role-Based Access Control
Verifying the HP-UX Role-Based Access Control Installation
# swverify Rbac
# swverify TrustedMigration
Uninstalling HP-UX 11i Security Containment
Uninstalling HP-UX Rbac
# swlist -a state -l fileset TrustedMigration
Uninstalling HP-UX Standard Mode Security Extensions
# swremove Rbac
# swremove TrustedMigration
Page
HP-UX Role-Based Access Control
HP-UX Rbac Versus Other Rbac Solutions
Overview
Access Control Basics
Simplifying Access Control with Roles
Example of Authorizations Per User
Example of Authorizations Per Role
HP-UX Rbac Components
HP-UX Rbac Commands
HP-UX Rbac Access Control Policy Switch
HP-UX Rbac Configuration Files
HP-UX Rbac Configuration Files
HP-UX Rbac Architecture
HP-UX Rbac Commands
HP-UX Rbac Manpages
HP-UX Rbac Manpages
HP-UX Rbac Example Usage and Operation
HP-UX Rbac Architecture
Planning Authorizations for the Roles
Planning the HP-UX Rbac Deployment
Planning the Roles
Planning Command Mappings
HP-UX Rbac Limitations and Restrictions
Configuring HP-UX Rbac
Configuring Roles
Creating Roles
Example Planning Results
Configuring Authorizations
Assigning Roles to Users
Assigning Roles to Groups
Configuring Additional Command Authorizations and Privileges
Is mainly intended for scripts
Overview
Example Roles Configuration in HP-UX Rbac B.11.23.02
Hierarchical Roles
Examples of Hierarchical Roles
Example 3-2 Example of the authadm Command Usage
Changes to the authadm Command for Hierarchical Roles
Example 3-1 The authadm Command Syntax
Hierarchical Roles Considerations
Configuring HP-UX Rbac with Fine-Grained Privileges
Configuring HP-UX Rbac with Compartments
Command
Matches the following /etc/rbac/cmdpriv entries
Configuring HP-UX Rbac to Generate Audit Trails
GID
Procedure for Auditing HP-UX Rbac Criteria
Using HP-UX Rbac
Following is the privrun command syntax
# privrun ipfstat
HP-UX Rbac in Serviceguard Clusters
Customizing privrun and privedit Using the Acps
Troubleshooting HP-UX Rbac
Rbacdbchk Database Syntax Tool
Privrun -v Information
Fine-Grained Privileges
Commands
Fine-Grained Privileges Commands
Fine-Grained Privileges Components
Fine-Grained Privileges Manpages
Available Privileges
Manpages
Available Privileges
Configuring Applications with Fine-Grained Privileges
Or launch policy
Privilege Model
Compound Privileges
# setfilexsec options filename
Security Implications of Fine-Grained Privileges
Fine-Grained Privileges in HP Serviceguard Clusters
Troubleshooting Fine-Grained Privileges
Privilege Escalation
# getprocxsec options pid
Compartments
Compartment Architecture
Compartment Architecture
Default Compartment Configuration
Planning the Compartment Structure
# setrules -p
Modifying Compartment Configuration
Activating Compartments
# cmpttune -e
Changing Compartment Rules
Compartment Configuration Files
Compartment Components
Changing Compartment Names
Compartment Commands
Compartment Commands
Compartment Configuration Files
Compartment Manpages
Compartment Rules and Syntax
Compartment Definition
File System Rules
IPC Rules
Permissionlist
Network Rules
IPC mechanism in the current compartment
Access
Miscellaneous Rules
Interface
Configuring Applications in Compartments
Troubleshooting Compartments
Example Rules File
Configured rules are loaded into the kernel
# vhardlinks
Compartments in HP Serviceguard Clusters
Do not configure standby LAN interfaces in a compartment
Standard Mode Security Extensions
Security Attributes and the User Database
Configuring Systemwide Attributes
Configuration Files
System Security Attributes
Commands
Attributes
Manpages
Auditing
Configuring Attributes in the User Database
Troubleshooting the User Database
Auditing Components
Planning Your Auditing Implementation
Audit Commands
Auditing Your System
Enabling Auditing
Monitoring Audit Files
# audevent -P -F -e admin -e login -e moddac
AUDEVENTARGS1 = -P -F -e admin -e login -e moddac
#audsys -n -c primaryauditfile -s
Performance Considerations
Guidelines for Administering Your Auditing System
Auditing Users
#audsys -f
Streamlining Audit Log Data
Audevent command options
Auditing Events
# /usr/sbin/userdbset -u user-nameAUDITFLAG=1
Audit Log Files
Self-auditing processes
Configuring Audit Log Files
Viewing Audit Logs
#/usr/sbin/audisp auditfile
Examples of Using the audisp Command
Page
Symbols
Index
Security attribute defining
Top
Page
Image
Contents