HP UX Security Products and Features Software specs

48

Image 48

HP UX Security Products and Features Software manual

Contents

HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page Security features File access policiesFile lock access controls Identity-based access controls Capabilities 4 api Page Product overview WLI architecture Commands Application API Applications WLI database WLI metadata files 3 .$WLISIGNATURE$ Page Key usage Generating keys Administrator keys User keys Installing, removing, and upgrading Installation requirementsInstalling WLI Removing WLI Upgrading WLI Page Configuring Authorizing the recovery keyAuthorizing administrator keys Signing DLKMs Backing up the WLI database Rebooting to restricted mode Page Enhancing security with WLI Signing an executable binaryCreating a Flac policy Removing a file access policy Enabling DLKMs to load during bootCreating an Ibac policy # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/ciss Wlisign -a -k adminpriv /usr/sbin/kcmoduleLoading unsigned DLKMs # kcmodule ciss=unusedPage Backup and restore considerations OverviewWLI database files Policy protected and metadata files Write protectedRead/write protected files Recommendations Flac policies Ibac policiesMetadata files Page HP Serviceguard considerations AdministrationWLI database Policy protected files Troubleshooting and known issues Software distributor issuesWLI reinstallation Lost WLI administrator key or passphrase Wlisyspolicy -s mode=maintenance -k adminkey Su root # rm -r /etc/wli# tar -xf /tmp/wlikeydb.tar # kcmodule wli=unused # shutdown -r Support and other resources Contacting HPRelated information Typographic conventions WebsitesUser input Times Page # make clean Instructions# make all # su wliusr1 Flac add and delete program Ibac add and delete program Ibac add and delete program Page Administration examples Wlicert -s -c wli.admin1 -o wmd -k adm1.pvt Su root # wlisign -a -k adm1.pvt /usr/bin/tar Tar -vtf tartest.tar Bdf mydirCat /tmp/.$WLIFSPARMS$ Wlisys -k adm1.pvt -s wmdstoretype=pseudo Bpbackup -f backuplist Bprestore -f backuplist Quick setup examples Configuring WLIAuthorizing an administrator key Authorizing a user key Testing a Flac policy Flac policiesCreating a Flac policy Enabling a Flac policy Ibac policies Disabling an Ibac policy Removing an Ibac policy Glossary ASMPage Symbols Index Index