Manuals
/
HP
/
Computer Equipment
/
Software
HP
UX Security Products and Features Software
manual
Models:
UX Security Products and Features Software
1
48
62
62
Download
62 pages
27.73 Kb
45
46
47
48
49
50
51
52
Install
Symbols
Administrator keys
Configuring
Software distributor issues
File access policies
Quick setup examples
Commands
Bpbackup -f backuplist
# make clean
Page 48
Image 48
48
Page 47
Page 49
Page 48
Image 48
Page 47
Page 49
Contents
HP-UX Whitelisting A.01.00 Administrator Guide
Copyright 2010 Hewlett-Packard Development Company, L.P
Table of Contents
HP Serviceguard considerations
Glossary Index
List of Figures
List of Examples
Page
Security features
File access policies
File lock access controls
Identity-based access controls
Capabilities
4 api
Page
Product overview
WLI architecture
Commands
Application API
Applications
WLI database
WLI metadata files
3 .$WLISIGNATURE$
Page
Key usage
Generating keys
Administrator keys
User keys
Installing, removing, and upgrading
Installation requirements
Installing WLI
Removing WLI
Upgrading WLI
Page
Configuring
Authorizing the recovery key
Authorizing administrator keys
Signing DLKMs
Backing up the WLI database
Rebooting to restricted mode
Page
Enhancing security with WLI
Signing an executable binary
Creating a Flac policy
Removing a file access policy
Enabling DLKMs to load during boot
Creating an Ibac policy
# wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/ciss
Wlisign -a -k adminpriv /usr/sbin/kcmodule
Loading unsigned DLKMs
# kcmodule ciss=unused
Page
Backup and restore considerations
Overview
WLI database files
Policy protected and metadata files
Write protected
Read/write protected files
Recommendations
Flac policies
Ibac policies
Metadata files
Page
HP Serviceguard considerations
Administration
WLI database
Policy protected files
Troubleshooting and known issues
Software distributor issues
WLI reinstallation
Lost WLI administrator key or passphrase
Wlisyspolicy -s mode=maintenance -k adminkey
Su root # rm -r /etc/wli
# tar -xf /tmp/wlikeydb.tar
# kcmodule wli=unused # shutdown -r
Support and other resources
Contacting HP
Related information
Typographic conventions
Websites
User input
Times
Page
# make clean
Instructions
# make all
# su wliusr1
Flac add and delete program
Ibac add and delete program
Ibac add and delete program
Page
Administration examples
Wlicert -s -c wli.admin1 -o wmd -k adm1.pvt
Su root # wlisign -a -k adm1.pvt /usr/bin/tar
Tar -vtf tartest.tar
Bdf mydir
Cat /tmp/.$WLIFSPARMS$
Wlisys -k adm1.pvt -s wmdstoretype=pseudo
Bpbackup -f backuplist
Bprestore -f backuplist
Quick setup examples
Configuring WLI
Authorizing an administrator key
Authorizing a user key
Testing a Flac policy
Flac policies
Creating a Flac policy
Enabling a Flac policy
Ibac policies
Disabling an Ibac policy
Removing an Ibac policy
Glossary
ASM
Page
Symbols
Index
Index
Top
Page
Image
Contents