Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Setting Up Your Trusted System
Chapter 8 791
• Converts the at, batch and crontab input files to use the
submitter’s audit ID.
• Starting with HP-UX 11.0, changes the default value for umask
to 077 (-rw-------, drwx------); see umask (1).
5. Verify that the audit files are on your system:
a. Use swlist -l fileset to list the installed file sets. Look for
the file set called SecurityMon which contains the auditing
program files. To reduce the listing, you might try
swlist -l fileset | grep Security
b. In addition, verify that the following files (not specified in
SecurityMon) also exist:
• /etc/rc.config.d/auditing contains parameters to
control auditing. You may modify this file with SAM or by
hand.
• /sbin/rc2.d/S760auditing is the script that starts
auditing. It should not be modified.
6. After conversion to a Trusted System, you are ready to use your
audit subsystem and run your HP-UX system as a Trusted System.
To enable auditing, run SAM and use the “Auditing and Security”
window.
You may also enable auditing without running SAM, by manually
editing the script in /etc/rc.config.d/auditing.
If you need to convert from a Trusted System back to a standard system,
run SAM and use the “Auditing and Security” window. The “Audited
Events”, “Audited System Calls”, and “Audited Users” selections all
provide an unconvert option.
A simple way for users to tell if their system has been converted to a
Trusted System is to look for the “last successful/unsuccessful
login” message that is displayed by a Trusted System at user login.
The following sections provide detailed information on HP-UX security
features and basic security tasks.