Manualshelf

HP 9000 Containers A.03.01 on HP Integrity Server Administrator Guide HP-UX 11i v3 (5900-3112, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
51525354555657585960
8.12.5 Backup applications with HP 9000 classic containers
In addition to the limitations for the system container type, classic container requires additional
care because directories such as /etc and /dev are shared with the host system. HP recommends
using backup applications from the global container rather than from a classic container.
WARNING! Do not attempt to restore a complete image from an HP 9000 server to an HP 9000
classic container because it destroys the contents in HP-UX 11i v3 /etc. HP recommends storing
the backup applications on the Integrity host system to avoid this.
If backup applications need to run commands inside the container for any reason, use the following
command syntax:
$ srp_su <srp_name> root -c chroot <hp9000_root> <command> <args>
8.13 Auditing with HP 9000 Containers
The HP-UX audit subsystem is not virtualized at a container level. So, auditing cannot be managed
completely from within the container. However, you can enable auditing at the global container
level, and filter container-specific records.
Audit management in global is not different from that on a system without containers.
At the command level, audsys(1M) is used for enabling or disabling auditing; audevent(1M)
is used to select events; audomon(1M) for monitoring, and so on.
For HP 9000 system containers, users are selected from within the container using the userdbset
(with SMSE) or audusr (with trusted mode) commands.
For example,
$ srp_su <srp_name>
$ audusr -a <user>
$ userdbset u <user> AUDIT_FLAG=1
After configuring, audit records generated by processes in all the containers are written to audit
log files in the global view. To view all the audit records generated, run the following command:
$ auditdp -r <global_log>
To view records for a specific system container from the global, run the following command:
$ audisp -C <srp_name>
$ auditdp -r <global_log> -s +cmpt=<srp_name>
The records displayed in the global might show an incorrect mapping between user or group IDs
and names. This is because the records contain only the IDs, and the UID to user name (or GID to
group name) mapping in the global might be different from the mapping inside container.
To view raw audit data of all containers with IDs correctly mapped to names, run the sample script
provided in /opt/audit/AudReport/bin/hp9000_audit_global. This script is included
in AuditExt B.11.31.04.01 (or later), which can be downloaded from the HP Software Depot
website at http://www.software.hp.com —> HP-UX Auditing System Extensions.
To view audit logs for a specific system container:
$ hp9000_audit_global -C <srp_name> -a <global_log>
To view audit logs for all the containers:
$ hp9000_audit_global -a <global_log>
To copy the relevant records from the global into a system container:
$ /opt/audit/AudReport/bin/srp_auditdp_copy \
r <global_log> -R <local_log> -C <srp_name>
To copy the records from the global to all system containers:
58 Administration of HP 9000 Containers