HP UX Security Products and Features Software manual Backup and restore considerations, Overview

7 Backup and restore considerations

7.1 Overview

This section describes how WLI-protected files are read from and written back to their original locations when the WLI security mode is restricted. Maintenance mode is necessary for some files to backup and restore. Because backup and restore procedures vary considerably across HP-UX installations, no specific commands or procedures are recommended.

With WLI installed and configured, backup and restore procedures depend on the WLI security mode, as described in wlisyspolicy(1M). In maintenance mode, WLI access restrictions are completely disabled. Backup and restore operations are the same as if WLI is not installed. Files produced or installed by WLI can be read or written with only file ownership and permissions bits restricting access.

The security downgrade from switching to maintenance mode even temporarily might be unacceptable. To maintain a highly secure environment, both administrators and users might need to backup and restore files with the server online and mode set to restricted only.

In restricted mode, access restrictions on WLI protected files and directories inhibits typical backup and restore operations. Additional actions are necessary for backup and restore operations on WLI database files and policy protected files. The system administrator needs to create new or adjust existing backup and restore procedures.

Changing the passphrase of a WLI key, either administrator or user, does not affect any files covered in the following sections. Guidelines for systems with high security often include passphrase change requirements. Such requirements do not imply more frequent WLI file backups.

Symantec NetBackup is required for backup and restore operations if the value of the wmdstoretype attribute is auto and WLI protected files exist on a VxFS file system at revision 5.0.1 or later. This attribute and file system combination causes policy protected file metadata to be stored in a named data stream. A named data stream is associated with a file inode, but is not accessible to traditional HP-UX commands. For more details and syntax on setting wmdstoretype, see wlisys(1M).

The fundamental operations are reading protected files for backup commands and writing these same files back to their original locations for restore commands. Difficulties encountered are essentially the same whether traditional UNIX commands like tar and cpio are used or proprietary tools like Symantec NetBackup.

HP recommends that administrators implement or modify backup and restore procedures that include all files with WLI protection. For discussion of backup and restore operations, WLI protected files can be divided into the following categories:

•WLI database files—managed through WLI administrator commands

•Policy protected and metadata files—managed through WLI user commands

7.2WLI database files

The WLI database is described in (page 16). Files comprising this database are managed by commands that require an administrator key:

wliadm wlicert wlisys wlisyspolicy

WLI database files can have following protection classes:

write protected read/write protected