HP UX Security Products and Features Software specs

58

Image 58

HP UX Security Products and Features Software manual

Contents

HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page File access policies Security featuresFile lock access controls Identity-based access controls Capabilities 4 api Page Product overview WLI architecture Commands Application API Applications WLI database WLI metadata files 3 .$WLISIGNATURE$ Page Key usage Generating keys Administrator keys User keys Installation requirements Installing, removing, and upgradingInstalling WLI Removing WLI Upgrading WLI Page Authorizing the recovery key ConfiguringAuthorizing administrator keys Signing DLKMs Backing up the WLI database Rebooting to restricted mode Page Signing an executable binary Enhancing security with WLICreating a Flac policy Enabling DLKMs to load during boot Removing a file access policyCreating an Ibac policy Loading unsigned DLKMs # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/cissWlisign -a -k adminpriv /usr/sbin/kcmodule # kcmodule ciss=unusedPage Overview Backup and restore considerationsWLI database files Read/write protected files Policy protected and metadata filesWrite protected Recommendations Ibac policies Flac policiesMetadata files Page Administration HP Serviceguard considerationsWLI database Policy protected files WLI reinstallation Troubleshooting and known issuesSoftware distributor issues Lost WLI administrator key or passphrase # tar -xf /tmp/wlikeydb.tar Wlisyspolicy -s mode=maintenance -k adminkeySu root # rm -r /etc/wli # kcmodule wli=unused # shutdown -r Contacting HP Support and other resourcesRelated information Websites Typographic conventionsUser input Times Page # make all # make cleanInstructions # su wliusr1 Flac add and delete program Ibac add and delete program Ibac add and delete program Page Administration examples Wlicert -s -c wli.admin1 -o wmd -k adm1.pvt Su root # wlisign -a -k adm1.pvt /usr/bin/tar Cat /tmp/.$WLIFSPARMS$ Tar -vtf tartest.tarBdf mydir Wlisys -k adm1.pvt -s wmdstoretype=pseudo Bpbackup -f backuplist Bprestore -f backuplist Authorizing an administrator key Quick setup examplesConfiguring WLI Authorizing a user key Creating a Flac policy Testing a Flac policyFlac policies Enabling a Flac policy Ibac policies Disabling an Ibac policy Removing an Ibac policy Glossary ASMPage Symbols Index Index