List of Figures | HP UX Security Products and Features Software

List of Figures

2-1

WLI architecture

14

6List of Figures

Image 6

HP UX Security Products and Features Software manual List of Figures

Contents

HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page Security features File access policiesFile lock access controls Identity-based access controls Capabilities 4 api Page Product overview WLI architecture Commands Application API Applications WLI database WLI metadata files 3 .$WLISIGNATURE$ Page Key usage Generating keys Administrator keys User keys Installing, removing, and upgrading Installation requirementsInstalling WLI Removing WLI Upgrading WLI Page Configuring Authorizing the recovery keyAuthorizing administrator keys Signing DLKMs Backing up the WLI database Rebooting to restricted mode Page Enhancing security with WLI Signing an executable binaryCreating a Flac policy Removing a file access policy Enabling DLKMs to load during bootCreating an Ibac policy Loading unsigned DLKMs # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/cissWlisign -a -k adminpriv /usr/sbin/kcmodule # kcmodule ciss=unusedPage Backup and restore considerations OverviewWLI database files Read/write protected files Policy protected and metadata filesWrite protected Recommendations Flac policies Ibac policiesMetadata files Page HP Serviceguard considerations AdministrationWLI database Policy protected files WLI reinstallation Troubleshooting and known issuesSoftware distributor issues Lost WLI administrator key or passphrase # tar -xf /tmp/wlikeydb.tar Wlisyspolicy -s mode=maintenance -k adminkeySu root # rm -r /etc/wli # kcmodule wli=unused # shutdown -r Support and other resources Contacting HPRelated information Typographic conventions WebsitesUser input Times Page # make all # make cleanInstructions # su wliusr1 Flac add and delete program Ibac add and delete program Ibac add and delete program Page Administration examples Wlicert -s -c wli.admin1 -o wmd -k adm1.pvt Su root # wlisign -a -k adm1.pvt /usr/bin/tar Cat /tmp/.$WLIFSPARMS$ Tar -vtf tartest.tarBdf mydir Wlisys -k adm1.pvt -s wmdstoretype=pseudo Bpbackup -f backuplist Bprestore -f backuplist Authorizing an administrator key Quick setup examplesConfiguring WLI Authorizing a user key Creating a Flac policy Testing a Flac policyFlac policies Enabling a Flac policy Ibac policies Disabling an Ibac policy Removing an Ibac policy Glossary ASMPage Symbols Index Index