Best Practices for Deploying HP-UX Secure Resource Partitions (SRP) for SAP Whitepaper
22
set BLOCK_FILE='/etc/cmpt/include/SAP_BLOCK.h'
# Build custom include file for SAP to allow access to directories
set sap_sid = `echo "$2" | tr "[A-Z]" "[a-z]"`
set sidadm = `echo "$sap_sid"`adm
if (-e "/etc/cmpt/$1_$5.h") then
echo "File /etc/cmpt/$1_$5.h already exists. Existing rule file will be used.\nIf it will be
replaced, delete it manually"
else
sed -e "s/_DB_SID_/$3/g" -e "s/_SAP_SID_/$2/g" -e "s/_sap_sid_/$sap_sid/g" -e
"s/_SAP_SYSNUM_/$4/g" /etc/cmpt/include/SAP_$5.h >> /etc/cmpt/
$1_$5.h
endif
# add SAP directories to global block file so all other SAP instances don't
# have access to these directories.
if ("grep $2 $BLOCK_FILE" == 1) then
echo "\n/* added for SAP instance $1 on `date` */\n" >> $BLOCK_FILE
echo "perm none /sapmnt/$2">> $BLOCK_FILE
echo "perm none /usr/sap/$2">> $BLOCK_FILE
echo "perm none /oracle/$3">> $BLOCK_FILE
echo "perm none /home/$sidadm">> $BLOCK_FILE
echo "perm none /oracle/client_$3">> $BLOCK_FILE
echo "perm none /usr/sap/ccms/$2_$4">> $BLOCK_FILE
echo "perm none /usr/sap/trans_$2">> $BLOCK_FILE
echo "perm none /sapmnt/$2/exe/saposcol">> $BLOCK_FILE
echo "" >> $BLOCK_FILE
else
echo "Block file $BLOCK_FILE already exists with an entry for SAP system $2.\n Current Block file
will be included in compartment $1\n\n"
endif
if ("grep cust_inc_$4 /etc/cmpt/$1.rules" == "1") then
srp -b -a $1 -t custom -s cmpt -id cust_inc_$$ cmpt_rule_file=/etc/cmpt/$1_$5.h
else
srp -b -r $1 -t custom -s cmpt -id cust_inc_$4 cmpt_rule_file=/etc/cmpt/$1_$5.h
endif
exit 0