Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software

Table of Contents

1 Security features..............................................................................................................9

1.1 File access policies.............................................................................................................................9

1.1.1 File lock access controls.............................................................................................................9

1.1.2 Identity-based access controls.................................................................................................10

1.2 Capabilities......................................................................................................................................10

1.2.1 mem...........................................................................................................................................10

1.2.2 wmd...........................................................................................................................................10

1.2.3 dlkm........................................................................................................................................10

1.2.4 api...........................................................................................................................................11

2 Product overview..........................................................................................................13

2.1 WLI architecture..............................................................................................................................13

2.1.1 Commands..............................................................................................................................14

2.1.1.1 Application API...............................................................................................................14

2.1.1.2 Applications....................................................................................................................15

2.1.1.3 Stackable file system module..........................................................................................15

2.1.1.4 Policy enforcement manager...........................................................................................15

2.1.1.5 File systems.....................................................................................................................16

2.2 WLI database...................................................................................................................................16

2.3 WLI metadata files..........................................................................................................................16

2.3.1 .$WLI_FSPARMS$..................................................................................................................17

2.3.2 .$WLI_POLICY$.....................................................................................................................17

2.3.3 .$WLI_SIGNATURE$..............................................................................................................17

3 Key usage.....................................................................................................................19

3.1 Generating keys...............................................................................................................................19

3.2 User keys.........................................................................................................................................20

3.3 Administrator keys..........................................................................................................................20

4 Installing, removing, and upgrading..........................................................................21

4.1 Installation requirements................................................................................................................21

4.2 Installing WLI..................................................................................................................................21

4.3 Removing WLI................................................................................................................................22

4.4 Upgrading WLI...............................................................................................................................23

5 Configuring...................................................................................................................25

5.1 Authorizing the recovery key..........................................................................................................25

5.2 Authorizing administrator keys......................................................................................................25

5.3 Signing DLKMs...............................................................................................................................26

5.4 Backing up the WLI database..........................................................................................................26

5.5 Rebooting to restricted mode............................................................................................................27

6 Enhancing security with WLI.......................................................................................29

6.1 Signing an executable binary..........................................................................................................29

6.2 Creating a FLAC policy...................................................................................................................29

6.3 Creating an IBAC policy..................................................................................................................30

6.4 Removing a file access policy..........................................................................................................30

Table of Contents 3