Manuals
/
Brands
/
Computer Equipment
/
Software
/
HP
/
Computer Equipment
/
Software
HP
UX Whitelisting manual
61
1
61
62
62
Download
62 pages, 731.73 Kb
61
Contents
HP-UX11iv3
Page
Table of Contents
7 Backup and restore considerations
8 HP Serviceguard considerations
9 Troubleshooting and known issues
Lost WLI administrator key or passphrase
10 Support and other resources
Glossary
Index
List of Figures
List of Examples
Page
1 Security features
1.1 File access policies
1.1.1 File lock access controls
1.1.2 Identity-basedaccess controls
1.2 Capabilities
1.2.4api
libwliapi
example” (page 45)
Page
2 Product overview
2.1 WLI architecture
2.1.1 Commands
2.1.1.1 Application API
2.1.1.2 Applications
2.1.1.3 Stackable file system module
2.1.1.4 Policy enforcement manager
2.1.1.5 File systems
2.2 WLI database
2.3 WLI metadata files
2.3.1.$WLI_FSPARMS$
auto
pseudo
pseudo
Metadata is stored separately in files within directories always named
Page
3 Key usage
3.1 Generating keys
3.2 User keys
3.3Administrator keys
4 Installing, removing, and upgrading
4.1 Installation requirements
Hardware requirement
Operating system requirements
Patch requirements
4.3Removing WLI
4.4Upgrading WLI
Page
5 Configuring
5.1Authorizing the recovery key
5.2 Authorizing administrator keys
5.3 Signing DLKMs
5.4 Backing up the WLI database
5.5 Rebooting to restricted mode
Page
6 Enhancing security with WLI
6.1 Signing an executable binary
6.2 Creating a FLAC policy
6.3 Creating an IBAC policy
6.4 Removing a file access policy
6.5 Enabling DLKMs to load during boot
6.6 Loading unsigned DLKMs
Page
7 Backup and restore considerations
7.1 Overview
7.2WLI database files
7.2.1 Write protected
7.2.2 Read/write protected files
7.3 Policy protected and metadata files
7.3.1 FLAC policies
7.3.2 IBAC policies
7.3.3 Metadata files
7.3.4Recommendations
Page
8 HP Serviceguard considerations
8.1 Overview
8.2 Administration
8.2.1WLI database
8.2.2Policy protected files
9 Troubleshooting and known issues
9.1 Software distributor issues
9.2WLI reinstallation
9.3Lost WLI administrator key or passphrase
9.4 WLI database corruption
%wlisyspolicy -smode=maintenance -k <admin_key
#rm -r /etc/wli
#tar -xf /tmp/wlikeydb.tar
#kcmodule wli=unused
#kcmodule wli=static
10 Support and other resources
10.1 Contacting HP
10.1.1 Before you contact HP
10.1.2HP contact information
10.1.3Subscription service
10.3Typographic conventions
Page
Page
example
A.1 Instructions
A.3 FLAC add and delete program
A.4 IBAC add and delete program
Page
Page
B Administration examples
#wlisign -a -kadm1.pvt /usr/bin/tar
/usr/bin/tar
%wlicert -s -cwli.admin1 -owmd -kadm1.pvt
%wliwrap -kadm1.pvt -owmd "/tar -cvftartest.tar /tmp/tartest
tartest.tar
%tar -vtftartest.tar
The archive contains metadata stored in regular files, not VxFS named streams
% bdf mydir
%cat /tmp/'.$WLI_FSPARMS$
wmdtype=pseudo
For example, to start a user backup of the files listed in backup_list:
%bpbackup -fbackup_list
To restore the files in backup_list:
%bprestore -fbackup_list
C Quick setup examples
C.1 Installing WLI
C.2 Configuring WLI
C.2.1 Authorizing an administrator key
C.2.2 Authorizing a user key
C.3 FLAC policies
C.3.1 Creating a FLAC policy
C.3.2 Enabling a FLAC policy
C.3.3 Testing a FLAC policy
C.3.4 Disabling a FLAC policy
C.4 IBAC policies
C.4.1 Creating an IBAC policy
C.4.2 Enabling an IBAC policy
C.4.3 Testing an IBAC policy
C.4.4 Disabling an IBAC policy
C.4.5 Removing an IBAC policy
Glossary
Page
Index
Symbols