HP-UX Containers (SRP) A.03.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)

100

Service Variable Description

Default: Same as the IP address configured for this

container.

ipfilter

ipf_for_ipsec

Specify whether to allow IPFilter rules to allow IPSec packets

(Yes or No).

Default: No.

ipsec

ipsec_peer_addr(+)

Destination IP address for the IPSec policies.

Valid Input: An IPv4 address in dotted-decimal notation or

an IPv6 address in colon-hexadecimal notation.

Default: None

ipsec_transform

Transform for IPSec host policy.

Valid Input:

ESP_AES128_HMAC_SHA1

ESP_AES128_HMAC_MD5

ESP_3DES_HMAC_SHA1

ESP_3DES_HMAC_MD5

ESP_NULL_HMAC_SHA1

ESP_NULL_HMAC_MD5

Default:

ESP_AES128_HMAC_SHA1.

ipsec_psk(+)

Preshared key used by IPSec Peer.Valid value: A text string,

containing 1-128 ASCII characters (whitespaces are not

allowed).

Default: None.

(*) Required services for the workload container

(+) These variables need a value to be assigned for the adding or replacing the corresponding

services.

16.8.2 SSHD template

The sshd template configures an HP-UX Secure Shell server daemon in the container. The following

two tables describe the services and variables included with the sshd template.

Table 16.4 Services for the sshd template

Service

Description

cmpt

The cmpt service for the sshd template configures Security Containment file system

rules to allow the container to access the sshd directories in the global view specified

in exec_path and data_path variables. The srp command add’s the entries to

the compartment rules file (/etc/cmpt/continaier _name.rules) that authorize

access to these directories

The srp command also adds an include statement to add the rules from the

/opt/hpsrp/etc/cmpt/sshd.srp_incl file. As delivered by HP, this file is

empty. You can edit this file to contain compartment rules to be applied when

configuring the cmpt service with the sshd template.

ipfilter

The ipfilter service for the sshd template adds rules to allow inbound requests to

the specified ports used by the sshd server to pass. You can also specify additional

inbound destination TCP port numbers for IPFilter pass rules.

provision

The provision service executes the /opt/hpsrp/bin/util/secsh_setup script

to provision (deploy) an sshd in the container. By default, the tasks executed by the

/opt/hpsrp/bin/util/secsh_setup

script include: