HP UX Security Products and Features Software guide

44

Image 44

HP UX Security Products and Features Software manual

Contents

HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page File lock access controls Security featuresFile access policies Identity-based access controls Capabilities 4 api Page Product overview WLI architecture Commands Application API Applications WLI database WLI metadata files 3 .$WLISIGNATURE$ Page Key usage Generating keys Administrator keys User keys Installing WLI Installing, removing, and upgradingInstallation requirements Removing WLI Upgrading WLI Page Authorizing administrator keys ConfiguringAuthorizing the recovery key Signing DLKMs Backing up the WLI database Rebooting to restricted mode Page Creating a Flac policy Enhancing security with WLISigning an executable binary Creating an Ibac policy Removing a file access policyEnabling DLKMs to load during boot # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/ciss Wlisign -a -k adminpriv /usr/sbin/kcmoduleLoading unsigned DLKMs # kcmodule ciss=unusedPage WLI database files Backup and restore considerationsOverview Policy protected and metadata files Write protectedRead/write protected files Recommendations Metadata files Flac policiesIbac policies Page WLI database HP Serviceguard considerationsAdministration Policy protected files Troubleshooting and known issues Software distributor issuesWLI reinstallation Lost WLI administrator key or passphrase Wlisyspolicy -s mode=maintenance -k adminkey Su root # rm -r /etc/wli# tar -xf /tmp/wlikeydb.tar # kcmodule wli=unused # shutdown -r Related information Support and other resourcesContacting HP User input Typographic conventionsWebsites Times Page # make clean Instructions# make all # su wliusr1 Flac add and delete program Ibac add and delete program Ibac add and delete program Page Administration examples Wlicert -s -c wli.admin1 -o wmd -k adm1.pvt Su root # wlisign -a -k adm1.pvt /usr/bin/tar Tar -vtf tartest.tar Bdf mydirCat /tmp/.$WLIFSPARMS$ Wlisys -k adm1.pvt -s wmdstoretype=pseudo Bpbackup -f backuplist Bprestore -f backuplist Quick setup examples Configuring WLIAuthorizing an administrator key Authorizing a user key Testing a Flac policy Flac policiesCreating a Flac policy Enabling a Flac policy Ibac policies Disabling an Ibac policy Removing an Ibac policy Glossary ASMPage Symbols Index Index