HP-UX Security Containment B.11.23.01 Release Notes HP-UX Servers and Workstations HP-UX 11i v2 Manufacturing Part Number: 5991-1125 E0605 Printed in the US © Copyright 2005 Hewlett-Packard Development Company, L.P.
Legal Notices The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material.
HP-UX Security Containment B.11.23.01 Release Notes Announcement 1 HP-UX Security Containment B.11.23.01 Release Notes Announcement The following information is for HP-UX 11i Security Containment version B.11.23.01. HP-UX 11i Security Containment is a set of components that enhances security on the HP-UX 11i version 2 operating system. HP-UX 11i Security Containment introduces three core technologies: compartments, fine-grained privileges, and role-based access control.
HP-UX Security Containment B.11.23.01 Release Notes What’s in This Version What’s in This Version HP-UX 11i Security Containment version B.11.23.01 contains a number of features to help you secure your HP-UX standard mode system. Features HP-UX 11i Security Containment version B.11.23.01 includes the following components: • Compartments Compartments isolate unrelated resources on a system to prevent catastrophic system damage if one compartment is penetrated.
HP-UX Security Containment B.11.23.01 Release Notes What’s in This Version — Audit The HP-UX auditing system records security-related events for analysis. Administrators use auditing to detect and analyze security breaches. Auditing is now available on standard mode HP-UX systems; it was previously available only on trusted mode systems. — User Security Database Previously, all HP-UX security attributes and password policy restrictions were set on a system-wide basis.
HP-UX Security Containment B.11.23.01 Release Notes What’s in This Version • Interoperable with existing HP-UX 11i security products You can integrate your HP-UX 11i Security Containment with your existing HP-UX security solution. HP-UX 11i Security Containment works with all other HP-UX 11i security products and features. • No need to modify existing applications HP-UX 11i Security Containment is transparent at the application layer.
HP-UX Security Containment B.11.23.01 Release Notes Known Problems and Workarounds Known Problems and Workarounds The following are known problems and workarounds for HP-UX 11i Security Containment. • Port and address blocking behavior not documented Issue You can configure the compartments feature so that a specific compartment (and all processes in that compartment) cannot communicate on a specific port and address combination.
HP-UX Security Containment B.11.23.01 Release Notes Known Problems and Workarounds Issue If you unplumb a standby interface configured in a running Serviceguard cluster (ifconfig unplumb) and then Serviceguard tries to fail over from the primary interface to the standby interface, the interface failover will fail as expected. If the standby interface is replumbed after the failover fails, further attempts by the primary interface to fail over to the standby interface can fail.
HP-UX Security Containment B.11.23.01 Release Notes Known Problems and Workarounds Update the system with IGELAN-DRV Version B.11.23.05 or higher.
HP-UX Security Containment B.11.23.01 Release Notes Using DLPI with HP-UX 11i Security Containment Using DLPI with HP-UX 11i Security Containment Data Link Provider Interface (DLPI) is an industry standard definition for message communications to STREAMS-based network interface drivers. Refer to the DLPI Programmer’s Guide for more information about the DLPI implementation on HP-UX. With HP-UX 11i Security Containment Version B.11.23.
HP-UX Security Containment B.11.23.
HP-UX Security Containment B.11.23.01 Release Notes Compatibility Information and Installation Requirements independent software unit, you must reconfigure HP-UX RBAC before you can use it with the fine-grained privileges and compartments components of HP-UX 11i Security Containment. Use the following command to reconfigure HP-UX RBAC: # swconfig -x reconfigure=true RBAC To download the HP-UX 11i Security Containment bundle from Software Depot, follow these steps: Step 1.
HP-UX Security Containment B.11.23.01 Release Notes Compatibility Information and Installation Requirements # swinstall -x autoreboot=true -s /tmp/.depot SecurityExt To verify the installation of HP-UX 11i Security Containment, follow these steps: Step 1. Run the swverify command to ensure that the bundle installed correctly: # swverify SecurityExt If the installation is successful, many files are displayed and a success message appears after the verification is complete.
HP-UX Security Containment B.11.23.01 Release Notes Patches and Fixes in This Version Patches and Fixes in This Version The following patches are included with HP-UX 11i Security Containment. Table 1-1 Patches Included with HP-UX 11i Security Containment Patch Number Description PHKL_33535 Security enhancement, vfs_teardown_stack PHKL_33649 VxFS 3.5 vx_idrop fix for VFS unstacking PHKL_33650 VxFS 3.
HP-UX Security Containment B.11.23.
HP-UX Security Containment B.11.23.
HP-UX Security Containment B.11.23.
HP-UX Security Containment B.11.23.01 Release Notes Patches and Fixes in This Version Table 1-1 Patches Included with HP-UX 11i Security Containment Patch Number Description PHKL_32787 Manpage patch for statfs (2) PHKL_32789 Manpage patch for .statvfs PHCO_32519 Manpage patch for fdetach (3c) PHCO_32310 Manpage patch for PM-USYNC section 2 PHCO_32311 Manpage patch for PM-ACCT section 2 HP-UX 11i Security Containment Version B.11.23.01 contains no fixes.
HP-UX Security Containment B.11.23.01 Release Notes Additional Documentation Additional Documentation The following user documents are available with HP-UX 11i Security Containment: • HP-UX 11i Security Containment Administrator’s Guide at the following address: http://www.docs.hp.com/en/internet.html • HP-UX Role-Based Access Control B.11.23.02 Release Notes at the following address: http://docs.hp.com/en/internet.
HP-UX Security Containment B.11.23.
