HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)

Default: None.

Configuration Data

If the compartment address is an IPv4 address, SRP adds IPFilter rules to the /etc/opt/ipf/

ipf.conf file. If the compartment address is an IPv6 address, SRP adds IPFilter rules to the

/etc/opt/ipf/ipf6.conf file.

SRP configures rules that allow inbound packets from any remote IP address to the compartment

IP address with the specified destination TCP port numbers. SRP also specifies the keep state

keywords to allow outbound responses for these packets.

SRP inserts these rules at the top of the IPFilter rules file and uses the quick keyword.

The IPFilter configuration file already contains rules from the base template to allow all outbound

TCP, UDP, and ICMP packets from the compartment IP address, as described in “Configuration

Data” (page 42).

The provision Service

The provision service executes the customizable script /opt/hpsrp/bin/util/

apache_setup to provision (deploy) an Apache service in the SRP compartment. This script

also configures the SRP compartment to start the Apache server when the compartment starts.

Because the SRP compartment starts at system startup time, a Apache server will automatically

start in the compartment at system startup time.

Input Data

SRP prompts for the following data. You can also specify a variable name and value in the

command line, as described in “Creating an SRP Compartment or Adding Data to a Compartment”

(page 67)

Copy Apache data from path

The directory from which you want to copy Apache data.

The provision service creates a copy of this subtree and

its contents and installs it in the specified data_path for

use by the SRP compartment. The input for this variable

is typically the newconfig subdirectory under the Apache

product directory.

Variable Name: data_src.

Default: /opt/hpws/apache/newconfig.

Apache data path

The target directory for the copied Apache data.

Variable Name: data_path.

Default:

/var/hpsrp/compartment_name/opt/hpws/apache.

Apache user name

Specifies the Unix user name under which the Apache

processes in this compartment will run.

Variable Name: user.

Default: www.

Apache HTTP port number

Specifies the TCP port number on which the compartment

Apache server will receive HTTP requests.

Variable Name: http_port.

Valid Input: A TCP port number in the range 1- 65535.

Default: 80, the IANA registered port number for HTTP.

Adding the apache Template to an SRP Compartment 49