HP UX Security Products and Features Software specification

Image 62

HP UX Security Products and Features Software manual

Contents

HP-UX Whitelisting A.01.00 Administrator Guide Copyright 2010 Hewlett-Packard Development Company, L.P Table of Contents HP Serviceguard considerations Glossary Index List of Figures List of Examples Page File lock access controls Security featuresFile access policies Identity-based access controls Capabilities 4 api Page Product overview WLI architecture Commands Application API Applications WLI database WLI metadata files 3 .$WLISIGNATURE$ Page Key usage Generating keys Administrator keys User keys Installing WLI Installing, removing, and upgradingInstallation requirements Removing WLI Upgrading WLI Page Authorizing administrator keys ConfiguringAuthorizing the recovery key Signing DLKMs Backing up the WLI database Rebooting to restricted mode Page Creating a Flac policy Enhancing security with WLISigning an executable binary Creating an Ibac policy Removing a file access policyEnabling DLKMs to load during boot Loading unsigned DLKMs # wlisign -a -k /home/admin1/adminpriv /usr/conf/mod/cissWlisign -a -k adminpriv /usr/sbin/kcmodule # kcmodule ciss=unusedPage WLI database files Backup and restore considerationsOverview Read/write protected files Policy protected and metadata filesWrite protected Recommendations Metadata files Flac policiesIbac policies Page WLI database HP Serviceguard considerationsAdministration Policy protected files WLI reinstallation Troubleshooting and known issuesSoftware distributor issues Lost WLI administrator key or passphrase # tar -xf /tmp/wlikeydb.tar Wlisyspolicy -s mode=maintenance -k adminkeySu root # rm -r /etc/wli # kcmodule wli=unused # shutdown -r Related information Support and other resourcesContacting HP User input Typographic conventionsWebsites Times Page # make all # make cleanInstructions # su wliusr1 Flac add and delete program Ibac add and delete program Ibac add and delete program Page Administration examples Wlicert -s -c wli.admin1 -o wmd -k adm1.pvt Su root # wlisign -a -k adm1.pvt /usr/bin/tar Cat /tmp/.$WLIFSPARMS$ Tar -vtf tartest.tarBdf mydir Wlisys -k adm1.pvt -s wmdstoretype=pseudo Bpbackup -f backuplist Bprestore -f backuplist Authorizing an administrator key Quick setup examplesConfiguring WLI Authorizing a user key Creating a Flac policy Testing a Flac policyFlac policies Enabling a Flac policy Ibac policies Disabling an Ibac policy Removing an Ibac policy Glossary ASMPage Symbols Index Index