Manuals / HP / Computer Equipment / Software

HP UX Security Products and Features Software manual

Models: UX Security Products and Features Software

1 62

Download 62 pages 27.73 Kb

Page 48

48

Image 48

HP UX Security Products and Features Software manual

Contents

HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page Security features File access policiesFile lock access controls Identity-based access controls Capabilities4 api Page Product overview WLI architectureCommands Application APIApplications WLI database WLI metadata files3 .$WLISIGNATURE$ Page Key usage Generating keysAdministrator keys User keysInstalling, removing, and upgrading Installation requirementsInstalling WLI Removing WLI Upgrading WLI Page Configuring Authorizing the recovery keyAuthorizing administrator keys Signing DLKMs Backing up the WLI databaseRebooting to restricted mode Page Enhancing security with WLI Signing an executable binaryCreating a Flac policy Removing a file access policy Enabling DLKMs to load during bootCreating an Ibac policy # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/ciss Wlisign -a -k adminpriv /usr/sbin/kcmoduleLoading unsigned DLKMs # kcmodule ciss=unusedPage Backup and restore considerations OverviewWLI database files Policy protected and metadata files Write protectedRead/write protected files RecommendationsFlac policies Ibac policiesMetadata files Page HP Serviceguard considerations AdministrationWLI database Policy protected files Troubleshooting and known issues Software distributor issuesWLI reinstallation Lost WLI administrator key or passphraseWlisyspolicy -s mode=maintenance -k adminkey Su root # rm -r /etc/wli# tar -xf /tmp/wlikeydb.tar # kcmodule wli=unused # shutdown -rSupport and other resources Contacting HPRelated information Typographic conventions WebsitesUser input Times Page # make clean Instructions# make all # su wliusr1Flac add and delete program Ibac add and delete programIbac add and delete program Page Administration examples Wlicert -s -c wli.admin1 -o wmd -k adm1.pvt Su root # wlisign -a -k adm1.pvt /usr/bin/tarTar -vtf tartest.tar Bdf mydirCat /tmp/.$WLIFSPARMS$ Wlisys -k adm1.pvt -s wmdstoretype=pseudoBpbackup -f backuplist Bprestore -f backuplistQuick setup examples Configuring WLIAuthorizing an administrator key Authorizing a user keyTesting a Flac policy Flac policiesCreating a Flac policy Enabling a Flac policyIbac policies Disabling an Ibac policy Removing an Ibac policyGlossary ASMPage Symbols IndexIndex