Manualshelf

HP-UX 11i Security Containment Administrator's Guide for HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX 11i Security Containment Software
11121314151617181920
program to be set to the superuser using the setuid command. This allows the program great
latitude in reading and modifying system resources.
Privileges break up the latitude of the superuser into many different levels. The fine-grained
privileges feature of HP-UX 11i Security Containment implements the concept of privileges.
Isolation
Compartments are a method of isolating components of a system from one another. Conceptually,
processes belong to a compartment, and resources are associated with an access list that specifies
how processes in different compartments can access them. That is, processes can access resources
or communicate with processes belonging to a different compartment only if a rule exists between
those compartments. Processes that belong to the same compartment can communicate with
each other and access resources in that compartment without a rule.When configured properly,
they can be an effective method to safeguard your HP-UX system and the data that resides on
it.
Auditing
Auditing is the concept of tracking significant events on a system. You can record and analyze
security events to help detect attempted security breaches and to understand successful breaches
so that you can prevent them in the future.
Prior to the release of HP-UX 11i Security containment, auditing was available only on trusted
mode HP-UX systems. With HP-UX 11i Security Containment, you can use enhanced auditing
on standard mode HP-UX 11i v2 systems. You can configure HP-UX RBAC to audit access control
request to the audit system.
Defined Terms
The following terms are used throughout this manual.
HP-UX RBAC
HP-UX Role-Based Access Control. Refer to Chapter 3 “HP-UX Role-Based Access Control” for
information about HP-UX RBAC.
HP-UX SMSE
HP-UX Standard Mode Security Extensions. This set of features includes the user database and
standard mode auditing.
NOTE: When you run swlist, the HP-UX SMSE product name appears as
TrustedMigration.
Refer to Chapter 6 “Standard Mode Security Extensions” for information about HP-UX SMSE.
Trusted Mode
Trusted Mode is a legacy method of securing the HP-UX operating system. Refer to Managing
Systems and Workgroups: A Guide for HP-UX Systems Administrators for HP-UX 11i v 2 for
information about trusted mode.
Legacy applications
In this document, a legacy application is an application created without awareness of fine-grained
privileges or compartments. All applications released before HP-UX 11i Security Containment
are legacy applications.
Features and Benefits
HP-UX 11i Security Containment Version B.11.23.02 contains a number of features to help you
secure your HP-UX standard mode system.
18 HP-UX 11i Security Containment Introduction