HP-UX Containers (SRP) A.03.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)

100

Service Variable Variable Description

Ipfilter

ipf_tcp_ports

Specifies the local TCP port numbers for IPFilter rules that allow

inbound packets.

Variable Name: ipf_tcp_ports.

Valid Input: One or more TCP port numbers each in the range

1-65535, separated by commas.

Default: 22. This is the IANA registered port number for SSH

remote login.

Provision

data_path

Same as described in

cmpt

service.

exec_path

Same as described in

cmpt

service.

data_src

Specifies the directory from which you want to copy SSH

configuration data. In most cases, this should be the newconfig

directory shipped with the HP-UX Secure Shell product.

Default:

/opt/ssh/newconfig

sshd_port

Specifies the TCP port number on which the container sshd will

receive connection requests.

Variable Name: sshd_port.

Valid Input: A TCP port number in the range 1-65535.

Default:

, the IANA registered port number for SSH login.

script_name

Specifies the provision script to be used to configure sshd server in

the container.

Variable Name: script_name

Default:

/opt/hpsrp/bin/util/secsh_setup

16.8.3 Apache template

The apache template configures an HP-UX Apache web server in the container. The following two

tables describe the services and variables included with the apache template.

Table 16.6 Services for the apache template

Service

Description

cmpt

The cmpt service for the apache template configures Security Containment file

system rules to allow the container to access the specified Apache directories in

global view. The srp command adds the entries to the compartment rules file

(/etc/cmpt/continaier _name.rules) that authorizes access to the directories

specified in the exec_path and data_path variables.

ipfilter

The ipfilter service for the apache template adds rules to allow inbound requests

to the specified ports used by the Apache server to pass. You can also specify

additional inbound destination TCP port numbers for IPFilter pass rules. The srp

command inserts these rules at the top of the IPFilter rules file and uses the quick

keyword. The IPFilter configuration file already contains rules from the base template

to allow all outbound TCP, UDP, and ICMP packets from the container IP address.

provision

The provision service executes the script

/opt/hpsrp/bin/util/apache_setup to provision (deploy) an apache service

in the container. By default, the tasks executed by the

/opt/hpsrp/bin/util/apache_setup script include:

• Creating bin, cgi-bin, conf, htdocs, and logs subdirectories below

the container Apache home directory.