Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
11121314151617181920
16
NOTE: By default, RBAC configuration also authorizes the root user to log in to all compartments.
1.3.6 Compatibility with the Bastille Revert Feature
If you use the bastille -r command to revert to the Bastille baseline configuration, you may lose
any IPFilter rules configured using SRP that are not in the baseline. HP recommends that you do not
configure the IPFilter service with SRP if you are using Bastille to manage IPFilter rules. If Bastille is
managing IPFilter rules, the /etc/opt/ipf/ipf.conf or /etc/opt/ipf/ipf.conf file contains
a statement similar to the following:
# WARNING: This file was generated automatically and will be replaced
# the next time you run Bastille. DO NOT EDIT IT DIRECTLY!!!
1.3.7 Compatibility with PRM SRP Commands
The HP PRM product includes the following commands to associate a Security Containment
compartment with a PRM group:
prm2scomp
scomp2prm
srpgen
HP recommends that you use the srp utility instead of the PRM SRP commands. You cannot use the
srp utility to manage with Security Containment compartments and PRM groups created with the
above commands, but SRP compartments can coexist with these compartments and PRM groups.
1.3.8 Serviceguard Support
All Serviceguard daemons must run in the INIT compartment. See
18 Using Serviceguard with SRP,
for more information on using Serviceguard with SRP.
1.4 Installing SRP
The HP-UX-SRP bundle consists of two products: CMGR and SRP. To use SRP, you must install both
products in the bundle.
For system and environment requirements, see the HP-UX SRP A.02.02 Release Notes located at:
www.hp.com/go/hpux-security-docs
Select the HP-UX Secure Resource Partitions (SRP) Software product.
You can acquire and install HP-UX Secure Resource Partitions free of charge from Software Depot:
http://www.software.hp.com
1.5 Migrating to A.02.02
No manual migration steps are required to migrate from a previous version of HP-UX SRP. If you are
upgrading from a previous SRP version, ensure that all the SRPs on the system are stopped before
running the swinstall command to install the new SRP package. The following command displays
the status of all the SRPs on the system:
# srp status
HP-UX SRP version A.02.02 delivers new default values in the following configuration files:
/etc/rc.config.d/srpconf
/etc/opt/hpsrp/cmpt/apache.srp_incl