HP-UX 11i v3 March 2014 Release Notes
shared data, such as user and group identification, server identification, and access control
information.
• STREAMS: NOSYNC feature allows multiple instances of a put procedure for a queue and the
service routine for that queue to run concurrently. All references to the global variable
uniprocessor have been removed.
• NetTL - Network Tracing and Logging: The nettl command is enhanced with formatting
support for IPoIB the header, command-line option to configure trace buffer value, pre-capture
trace values, and new options to manage trace filters.
Initial (February 2007) Release Notes, Chapter 8: “Security”
• New: HP-UX 11i Security Containment: Provides compartments, which isolate unrelated
resources on a system to prevent catastrophic system damage if one compartment is penetrated.
When configured in a compartment, an application (processes, binaries, data files and
communication channels used) has restricted access to resources outside its compartment.
Also provides fine-grained privileges, which allow you to grant privileges to processes needed
for the task and, optionally, only for the time needed to complete the task.
• HP-UX Auditing System: Enhanced in several ways, including: auditing subsystem is now
working without converting the system to trusted mode; standard mode audit user selection
information is stored in a per-user configuration user database; userdbset command specifies
which users are to be audited in standard mode; and several other enhancements.
• New: HP-UX Bastille: Although Bastille has been available on the Web (and on the HP-UX 11i
v2 OEs) for some time, it is now available, at version B.3.0.20, on the HP-UX 11i v3 OEs for
the first time for customers migrating from HP-UX 11i v1 and includes several enhancements.
• HP-UX Host Intrusion Detection System: Updated to release 4.0 with features including reducing
alert volume by aggregation; reducing alert volume by monitoring only critical files; configuring
critical users; supporting specification of usernames and user IDs; and measuring the event
rate.
• HP-UX IPFilter: Updated to version A.03.05.13 with defect fixes and enhancements including
filtering on X.25 interfaces, filtering on 10GigE interfaces; IPFilter not plumbed into the
networking stack by default; no reboot required to enable IPFilter.
• New: HP-UX IPSec: Previously only available on the AR media. Now delivered on the HP-UX
11i v3 Operating Environments. Provides an infrastructure to allow secure communications
(authentication, integrity, confidentiality) over IP networks between systems and devices that
implement the IPsec protocol suite.
• HP-UX Secure Shell: Updated to version A.04.40.005 with many new features including high
performance enabled SSH/SCP patch; configuration directives in the server; auth selection
patch; increase in the default size of RSA and DSA keys; delayed compression; and many
other features, as well as defect fixes.
• HP-UX Security Attributes Configuration tool (secweb): Updated to support long user name.
• New: HP-UX Standard Mode Security Extensions: Enhances the security of systems running in
standard mode by providing security features that were previously available only on systems
that had been converted to trusted mode.
• Install-Time Security: Adds a security step to the install/update process that allows you to run
the Bastille security lockdown engine during system installation with one of four configurations
ranging from default security to “DMZ.”
• Kerberos Client: Updated to version 1.3.5.03 with new features including support for powerful
cryptographic algorithms like 3DES, RC4, and AES; support for IPv6; support for TCP; and
defect fixes.
• OpenSSL: Updated to version A.00.09.08d.001 with support (in default version) for several
hardware ENGINES (see section for specifics); support for elliptic curve cryptography; and
104 What is new