Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
51525354555657585960
C Quick setup examples
This guide offers quick setup examples for installing WLI and creating file access policies.
C.1 Installing WLI
1. Go to the HP Software Depot:
http://www.hp.com/go/softwaredepot
2. Click Security and manageability.
3. Scroll down and select HP-UX Whitelisting.
4. Click Installation at the bottom of the page.
5. Review the software requirements.
6. Click Receive for Free >> at the bottom of the page.
7. Sign in as a registered user. You need to register as a new user if you are not already
registered.
8. Select WLI A.01.00 for HP-UX 11iv3 and complete the required fields.
9. Click Next >>.
10. Click Get Software at the bottom of the page.
11. On the Get Software tab, click Download Directly >> to receive the WLI depot.
12. On the Get Documentation tab, click Download Directly >> to receive the installation
instructions.
13. For installation on platforms without HP-UX Serviceguard, complete the steps in “HP-UX
WLI Installation Procedure” included with the installation instructions.
14. On HP-UX Serviceguard clusters, consider cluster-wide installation. For details, consult “HP
Serviceguard considerations” (page 37).
C.2 Configuring WLI
For details on configuring WLI, follow the procedure in “Configuring” (page 25), including
generating the first administrator key as described in Section 5.2 (page 25). An administrator
key can authorize execution of all WLI commands.
C.2.1 Authorizing an administrator key
The procedure to authorize an administrator key is described in “Configuring” (page 25). For
example, assume adm is a user listed in /etc/passwd and owns the recovery key /home/adm/
recov.pvt authorized during WLI configuration. User adm enters the following to authorize
/home/adm/adm.pvt as an administrator key:
% wliadm -n adm.admin1 -k /home/adm/recov.pvt /home/adm/adm.pub
A prompt appears for the passphrase for the recovery key.
As mentioned in “Configuring” (page 25), reboot the system to complete WLI configuration.
C.2.2 Authorizing a user key
You can optionally authorize user keys to generate file access policies and signatures. Authorizing
the user key is necessary for WLI to enforce file access policies generated by a user key. To
authorize a user key:
% wlicert -i <user>.<instance> -k <privkey> <pubkey>
where:
<user> A valid user from /etc/passwd
<instance>
An arbitrary string chosen by the user
<privkey>
Any administrator private key
C.1 Installing WLI 53