HP-UX System Administrator's Guide: Security Management HP-UX 11i v3 (B3921-90020, September 2010)
Table Of Contents
- HP-UX System Administrator's Guide: Security Management
- Table of Contents
- About this Document
- Part I Protecting Systems
- 1 Installing the HP-UX Operating Environment Securely
- 1.1 Installation Security Considerations
- 1.2 Preventing Security Breaches During the Boot Process
- 1.3 Enable Login Security for root
- 1.4 Using Boot Authentication to Prevent Unauthorized Access
- 1.5 Setting Install-Time Security Options
- 1.6 Installing Security Patches
- 1.7 Postinstallation Security Tips for Backup and Recovery
- 2 Administering User and System Security
- 2.1 Managing User Access
- 2.2 Authenticating Users During Login
- 2.3 Authenticating Users with PAM
- 2.4 Managing Passwords
- 2.4.1 System Administrator Responsibilities
- 2.4.2 User Responsibilities
- 2.4.3 Criteria of a Good Password
- 2.4.4 Changing the /etc/passwd Password File
- 2.4.5 The /etc/shadow Shadow Password File
- 2.4.6 Eliminating Pseudo-Accounts and Protecting Key Subsystems in /etc/passwd
- 2.4.7 Secure Login with HP-UX Secure Shell
- 2.4.8 Securing Passwords Stored in NIS
- 2.4.9 Securing Passwords Stored in LDAP Directory Server
- 2.5 Defining System Security Attributes
- 2.6 Handling setuid and setgid Programs
- 2.7 Preventing Stack Buffer Overflow Attacks
- 2.8 Protecting Unattended Terminals and Workstations
- 2.9 Protecting Against System Access by Remote Devices
- 2.10 Securing Login Banners
- 2.11 Protecting the root Account
- 3 HP-UX Standard Mode Security Extensions
- 4 Remote Access Security Administration
- 4.1 Overview of Internet Services and Remote Access Services
- 4.2 The inetd Daemon
- 4.3 Protection Against Spoofing with TCP Wrappers
- 4.4 Secure Internet Services
- 4.5 Controlling an Administrative Domain
- 4.6 Securing Remote Sessions Using HP-UX Secure Shell (SSH)
- 4.6.1 Key Security Features of HP-UX Secure Shell
- 4.6.2 Software Components of HP-UX Secure Shell
- 4.6.3 Running HP-UX Secure Shell
- 4.6.4 HP-UX Secure Shell Privilege Separation
- 4.6.5 HP-UX Secure Shell Authentication
- 4.6.6 Communication Protocols
- 4.6.7 HP-UX Secure Shell and the HP-UX System
- 4.6.8 Associated Technologies
- 4.6.9 Strong Random Number Generator Requirement
- 4.6.10 TCP Wrappers Support
- 4.6.11 chroot Directory Jail
- 1 Installing the HP-UX Operating Environment Securely
- Part II Protecting Data
- 5 File System Security
- 5.1 Controlling File Access
- 5.2 Setting Access Control Lists
- 5.3 Using HFS ACLs
- 5.4 Using JFS ACLs
- 5.4.1 Definition of a JFS ACL
- 5.4.2 How the System Generates a JFS ACL
- 5.4.3 Minimal JFS ACL
- 5.4.4 Additional JFS ACL user and group Entries
- 5.4.5 JFS ACL group and class Entries
- 5.4.6 Using the setacl and getacl Commands
- 5.4.7 Effect of chmod on class Entries
- 5.4.8 Example of Changing a Minimal JFS ACL
- 5.4.9 Default JFS ACLs
- 5.4.10 Changing JFS ACL with the setacl Command
- 5.5 Comparison of JFS and HFS ACLs
- 5.6 ACLs and NFS
- 5.7 Security Considerations for /dev Device Special Files
- 5.8 Protecting Disk Partitions and Logical Volumes
- 5.9 Security Guidelines for Mounting and Unmounting File Systems
- 5.10 Controlling File Security on a Network
- 6 Compartments
- 7 Fine-Grained Privileges
- 5 File System Security
- Part III Protecting Identity
- 8 HP-UX Role-Based Access Control
- 8.1 Overview
- 8.2 Access Control Basics
- 8.3 HP-UX RBAC Components
- 8.4 Planning the HP-UX RBAC Deployment
- 8.5 Configuring HP-UX RBAC
- 8.6 Using HP-UX RBAC
- 8.7 Troubleshooting HP-UX RBAC
- 9 Audit Administration
- 8 HP-UX Role-Based Access Control
- A Trusted Systems
- B Other Security Products
- B.1 HP-UX AAA Server (RADIUS)
- B.2 HP-UX Bastille
- B.3 HP-UX Directory Server
- B.4 HP-UX Encrypted Volume and File System (EVFS)
- B.5 HP-UX HIDS
- B.6 HP-UX IPFilter
- B.7 HP-UX IPSec
- B.8 HP-UX LDAP-UX Integration
- B.9 HP-UX Secure Resource Partitions (SRP)
- B.10 HP-UX Secure Shell
- B.11 HP-UX Trusted Computing Services
- B.12 Security Patches
- Glossary
- Index
-U Matches only those entries containing the real user ID (RUID) corresponding to
the specified RUID or the RUID associated with the username.
-G Matches only those entries containing the real group ID (RGID) corresponding to
the specified RGID or the RGID associated with the group name.
-a
Matches only those entries requiring the specified authorization. Authorization
is defined as (operation, object) pairs in the /etc/rbac/cmd_priv database file.
The specified authorization must exactly match the authorization present in the
/etc/rbac/cmd_priv file—wildcards are not supported.
-c Matches the specified compartment in the /etc/rbac/cmd_priv database file.
The specified compartment must exactly match the compartment present in
/etc/rbac/cmd_priv.
-p Matches the specified privileges with the privileges in the /etc/rbac/cmd_priv
database file. You can specify more than one privilege. When specifying multiple
privileges, separate each privilege with a comma. Be aware when you specify a
privilege using the privrun -p option that privrun will match all entries that
contain the specified privilege—including groups of privileges and compound
privileges that include the -p specified privilege. The privrun command will
execute according to the first match in /etc/rbac/cmd_priv.
-x Uses a fall-through mode that modifies the behavior of privrun only when an
authorization or authentication check fails. Rather than exiting with an error
message, the target command runs, but without any additional privileges. The
target command executes as though the user ran the command directly without
privrun.
-v Invokes privrun in verbose mode. The verbose level increases if two -v options
are specified. An increased verbose level prints more information.
-h Prints privrun help information.
-t
Uses a test mode that performs all the normal authorization and authentication
checks according to the configuration files to see if the desired privrun invocation
will succeed. The only difference is that instead of executing the command, upon
success, privrun -t just returns. Use this to preview whether a given privrun
invocation will succeed.
The following is an example of the most basic privrun usage—wrapping a legacy
application. In this case, the ipfstat command runs as a privrun command argument
in order to run according to the authorizations associated with the invoking user:
# privrun ipfstat
As long as the user logged in has the necessary authorization, defined in
/etc/rbac/cmd_priv, the privrun wrapper command will execute the legacy
command with the privileges (UID and GID) defined in the /etc/rbac/cmd_priv
entry.
Multiple entries can exist for the same command, potentially with different required
authorizations and different resulting privileges. In this case, privrun iterates
158 HP-UX Role-Based Access Control