Manualshelf

PCI-DSS Compliance for an HP-UX Host

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
11121314151617181920
15
10.1 Establish a process for linking all access to system components
(especially access done with administrative privileges such as root) to
each individual user
It is critical to have a process or system that links user access to system components accessed, and in particular, for
those users with administrative privileges. This system provides the ability to trace back suspicious activity to a
specific user. Post-incident forensic teams depend on these logs to initiate the investigation.
HP-UX RBAC provides the capability to assign sets of tasks to ordinary user accounts. HP-UX RBAC allows you to
distribute administrative responsibilities by creating roles with appropriate authorizations and assigning them to
non-root users and groups.
HP-UX RBAC also provides ACPS that determines whether a subject is authorized to perform an operation on an
object.
For more information about HP-UX RBAC, see Appendix A.
10.2 Implement automated audit trails for all system components
This requirement deals with logging user activities for all system components. Generating audit trails of suspect
activities alerts the system administrator, sends data to other monitoring mechanisms (like intrusion detection
systems), and provides a history trail for post-incident follow-up.
Monitoring user activities can be addressed on HP-UX host by audit subsystem. The auditing system records
instances of access to objects on the system, logs any attempts to bypass the protection mechanism and any
misuses of privileges. The audit data can be read by log analysis tool such as HP-UX Host Intrusion Detection
System (HIDS) which correlates the events generated and alerts administrators.
HP-UX Auditing System Extensions provides enhancements to the existing HP-UX auditing system. Audit Extensions
helps enhanced filtering capabilities to filter non-relevant data and tools to generate web-based audit reports for
compliance purpose.
For more information on audit configuration, see Chapter 9 ‘Audit Administration’ in HP-UX System Administrator's
Guide: Security Management HP-UX 11i Version.
For more information about HP-UX Audit, see Appendix A.
10.3 Record at least the following audit trail entries for all system
components for each event: User identification, Type of event, Date and
time, Success or failure indication, Origination of event, Identity or name
of affected data, system component, or resource
HP-UX audit records include user identification, type of events, date and time stamps, success or failure indications,
origin of event, identity, system component or resource. This information helps in detailed forensic analysis to
detect an unauthorized access, unsuccessful login attempts, a potential compromise or a cyber attack on the
system.
The HP Operations Manager called as HPOM, also helps in addressing this requirement. The primary objective of
HPOM is to monitor, control, and maintain systems in distributed heterogeneous environments.
HPOM performs the following tasks:
Events -Notes the events in your environment.
Reports -Generates a meaningful message, or report, about the event.
Actions -Responds to the event with an action.
For more information about HPOM, see Appendix A.