HP-UX Secure Resource Partitions (SRP) A.02.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)

Tue Oct 14 13:03:11 2008 Sample: 1 second

CPU scheduler state: Enabled

CPU CPU CPU LCPU

PRM Group PRMID Entitle Max Used State

________________________________________________________________________

OTHERS 1 21.88% 3.06%

EntDir 2 29.17% 80% 24.10%

MktWeb 3 21.88% 45% 12.36%

SRP2 4 14.58% 25% 22.88%

MktDB 65536 12.50% 12.46%

PRM application manager state: Enabled (polling interval: 30 seconds)

Verifying Network Data

Use the netstat -in and netstat -rn commands to verify the compartment interface and

route entries.

The output for the netstat -in command lists the IP interfaces configured on the system. An

asterisk next to the interface name indicates that the interface is configured but its state is down.

In the following example, the state for lan1, lan1:1 and lo0 is up and the state for lan1:1 is

down.

# netstat -in

Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll

lan1 1500 10.0.0.0 10.0.0.1 460732 0 279522 0 0

lan1:1 1500 192.0.2.0 19.0.2.1 32890 0 51537 0 0

lan1:2* 1500 192.0.2.0 19.0.2.2 0 0 0 0 0

lo0 32808 127.0.0.0 127.0.0.1 890170 0 890178 0 0

If an SRP compartment is up and has a dedicated IP interface, the netstat -rn command

shows a default route entry with the compartment IP address (192.0.2.1 in this example) as the

gateway. For example:

# netstat -rn

Routing tables

Destination Gateway Flags Refs Interface Pmtu

default 192.0.2.1 U 0 lan1:1 1500

Verifying IPFilter Data

Use the following ipfstat command to view the active (loaded) inbound and outbound IPFilter

rules:

ipfstat -io

For example:

# ipfstat -io

pass out quick proto tcp from 192.0.2.1/32 to any keep state

pass out quick proto udp from 192.0.2.1/32 to any keep state

pass out quick proto icmp from 192.0.2.1/32 to any keep state

pass in quick proto icmp from any to 192.0.2.1/32

block in quick from any to 192.0.2.1/32

Verifying IPSec Data

Enter the following IPSec commands to verify IPSec data:

• Use the following ipsec_report command to view the host rules:

ipsec_report -host

The output should include a host policy with the name SRP-compartment_name-base-1

Verification Procedures 77