HP-UX Security Containment B.11.23.01 Release Notes

What’s in This Version

Chapter 1 5

—Audit

The HP-UX auditing system records security-related events for analysis.

Administrators use auditing to detect and analyze security breaches. Auditing is now

available on standard mode HP-UX systems; it was previously available only on

trusted mode systems.

— User Security Database

Previously, all HP-UX security attributes and password policy restrictions were set on

a system-wide basis. The introduction of the user security database enables you to set

security attributes on a per-user basis that overrides system-wide defaults.

— Per-User Security Attributes

HP-UX SMSE introduced number of new security attributes that can be set on a

per-user basis. For more information about the new security attributes, refer to the

HP-UX 11i Security Containment Administrator's Guide.

NOTE The HP-UX 11i Security Containment Release Notes discuss compartments and

fine-grained privileges in detail. For details about HP-UX Standard Mode

Security Extensions and HP-UX Role-Based Access Control, refer to the

separate release notes for these products listed in “Additional Documentation”

on page 19.

Benefits

There are many benefits to using HP-UX 11i Security Containment to secure your system.

• Integrated security

You can use the security containment features in combination to enhance the security of

your HP-UX systems.

• Fewer users need full superuser access to systems

Using fine-grained privileges with HP-UX RBAC, you can give users specific

administrator-level privileges on a system without giving those users full superuser

access. These users can perform only specific administrative tasks on the system, as

defined by their roles. This provides strong internal system security.

• Isolation of system resources

Using compartments, you can isolate applications and resources on a single system. Even

if the security of one application is compromised, other resources on the system remain

secure.