Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
21222324252627282930
Compatibility with the Bastille Revert Feature
If you use the bastille -r command to revert to the Bastille baseline configuration, you lose
any IPFilter rules configured using SRP that are not in the baseline. HP recommends that you
do not configure the IPFilter service with SRP if you are using Bastille to manage IPFilter rules.
If Bastille is managing IPFilter rules, the /etc/opt/ipf/ipf.conf or /etc/opt/ipf/
ipf.conf file contains a statement similar to the following:
# WARNING: This file was generated automatically and will be replaced
# the next time you run Bastille. DO NOT EDIT IT DIRECTLY!!!
Compatibility with PRM SRP Commands
The HP PRM product includes the following commands to associate a Security Containment
compartment with a PRM group:
prm2scomp
scomp2prm
srpgen
HP recommends that you use the srp utility instead of the PRM SRP commands. You cannot use
the srp utility to manage with Security Containment compartments and PRM groups created
with the above commands, but SRP compartments can coexist with these compartments and
PRM groups.
Compatibility with Serviceguard
All Serviceguard daemons must run in the INIT compartment. However, you can run
Serviceguard packages in other compartments. Modifications to Serviceguard scripts might be
necessary if the scripts are not compartment enabled. For more information, see the
“Compartments in Serviceguard Clusters” chapter in HP-UX System Administrator's Guide: Security
Management.
You can also use an SRP compartment as a Serviceguard package. This can be accomplished by
creating a duplicate but inactive SRP compartment on the secondary system and using srp
start and stop commands in Serviceguard control scripts.
22 Introduction