HP-UX 11i Version 2 May 2005 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v2 Foundation OE LTU

141

142

143

144

145

146

147

148

149

150

Security

HP-UX 11i Security Containment

Chapter 8

150

HP-UX 11i Security Containment

HP-UX 11i Security Containment provides the next generation of security features

including the following:

•Compartments

• Fine-grained privileges

• HP-UX Role-Based Access Control (HP-UX RBAC)

• HP-UX Auditing System

• Standard Mode Security Extensions

HP-UX 11i Security Containment is only available on the Web at

http://software.hp.com and is expected to release in the near future.

Summary of Change

• Compartments provide isolation between unrelated resources to prevent damage to

a whole system if a compartment is penetrated. Applications configured in

compartments have restricted access to resources outside their configured

compartments.

• Fine-grained privileges let you grant processes only the privileges needed for a

specific task, only for the time needed to complete the task. Privilege-aware

applications can elevate their privileges to the required level for an operation and

lower it after the operation is complete.

• HP-UX Role-Based Access Control (HP-UX RBAC) lets you group common or related

tasks into roles. Once roles are created, you assign users to a role or set of roles that

enable them to run the commands defined by those roles. RBAC allows users to

perform tasks previously requiring root privileges, without granting the user full

root privileges.

• HP-UX Auditing System,

with the installation of the Standard Mode Security

Extensions (SMSE) product, provides the selective recording of events for analysis

and detection of security breaches. Security containment makes auditing features

available on standard mode systems. Auditing was previously available only in

trusted mode.

• Standard Mode Security Extensions (SMSE)

(available on Software Pack) include

several security attributes previously set on a system-wide basis, that can now be

configured on a per-user basis. A new user database stores per-user information to

support security features such as password history, auditing, and time-of-day login

restrictions. This per-user information allows you to configure security features

uniquely for each user.

1. See “HP-UX Auditing System” on page 152.

2. See “HP-UX Standard Mode Security Extensions” on page 159.