HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide
Input Data
SRP prompts for the following data. You can also specify a variable name and value in the
command line, as described in “Creating an SRP Compartment or Adding Data to a Compartment”
(page 67).
Apache data path The root directory for Apache data. The cmpt service adds
rules to allow the compartment all access to this directory.
Users and processes in the SRP compartment can read, write,
traverse (nsearch), and delete (ulink) the contents of these
directories.
Variable Name: data_path.
Default:
/var/hpsrp/compartment_name/opt/hpws/apache.
Apache executable path The root directory for Apache executables. The cmpt service
adds rules to allow the compartment read access to this
directory.
Variable Name: exec_path.
Default: /opt/hpws/apache.
Configuration Data
SRP adds entries to the SRP compartment rules file (/etc/cmpt/compartment_name.rules)
that authorize access to the exec_path and data_path directories. SRP also adds an include
statement to add the rules from the /opt/hpsrp/etc/cmpt/apache.srp_incl file.
The ipfilter Service
The ipfilter service for the apache template adds rules to allow inbound requests to the
specified ports used by the Apache server to pass. You can also specify additional inbound
destination TCP port numbers for IPFilter pass rules.
Input Data
SRP prompts for the following data. You can also specify a variable name and value in the
command line, as described in “Creating an SRP Compartment or Adding Data to a Compartment”
(page 67).
Apache HTTP port number
Specifies the TCP port number on which the compartment
Apache server will receive HTTP requests.
Variable Name: http_port.
Valid Input: A TCP port number in the range 1- 65535.
Default: 80, the IANA registered port number for HTTP.
Apache HTTPS port number
Specifies the TCP port number on which the compartment
Apache server will receive HTTPS (SSL) requests.
Variable Name: https_port.
Valid Input: A TCP port number in the range 1- 65535.
Default: 443, the IANA registered port number for HTTPS.
IPFilter Port Numbers
Specifies additional local TCP port numbers for IPFilter
rules that allow inbound packets.
Variable Name: ipf_tcp_ports.
Valid Input: One or more TCP port numbers each in the
range 1- 65535, separated by commas.
48 Using the apache Template