Manualshelf

HP-UX Security Containment Extensions B.11.31.03 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Security Containment Software
123456789
1 HP-UX Security Containment Extensions
HP-UX 11i Security Containment includes three core technologies: compartments, fine-grained
privileges, and role-based access control. Together, these three components provide a highly
secure operating environment without requiring applications to be modified.
HP-UX Security Containment Extensions enables users and administrators to login directly to a
compartment, offers a tool that helps a system administrator setup and configure a compartment,
and includes enhancements to support HP-UX Containers (SRP) A.02.00 and later.
To acquire and install HP-UX Security Containment Extensions, go to Software Depot:
http://www.software.hp.com
1.1 Features
HP-UX Security Containment Extensions offers the following features:
Containment Wizard
The application containment wizard, contain, is a tool that helps a system administrator
setup and configure a compartment. The contain tool creates a compartment and configures
the applications specified on the command line for execution in the compartment. After the
compartment has been created and the applications have been configured, the contain
tool gives the user an opportunity to run these applications in the newly created compartment.
The containment wizard then collects the list of required access rules for these applications
and attempts to simplify these rules based on the system administrator's input.
Compartment Login
The compartment login configuration enables users and administrators to login directly to
a compartment. It provides a mechanism to set controls on those users that are allowed to
login to a service running in a specified compartment or prevent access to the system based
on previously configured authorization information.
NOTE: The Compartment Login feature is only supported on standard systems, it is not
supported on trusted systems.
ContainmentPlus
The ContainmentPlus product enables a collection of enhancements to the core Security
Containment features to support HP-UX Containers (SRP) A.02.00 and later.
1.2 New features
HP-UX Security Containment Extensions B.11.31.03 offers the following new features in the
ContainmentPlus product:
Support added to allow some subsystem characteristics to be administered on a
per-compartment basis when a compartment is configured through the HP-UX Containers
(SRP) A.03.00 product. Refer to the HP-UX Containers documentation for more information:
www.hp.com/go/hpux-security-docs
Select the HP-UX Containers (SRP) Software product.
The compartment configuration files now support new syntax rules: system, blocked,
and tl. See compartments(4).
New cmpt_restrict_tl kernel parameter that defines the restrictions for the
inter-compartment communications through Streams Local Transport Drivers. See
cmpt_restrict_tl(5).
1.1 Features 5