HP-UX Whitelisting A.01.02 Administrator Guide (766164-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Whitelisting

Contents

HP secure development lifecycle......................................................................6

1 Security features.........................................................................................7

File access policies...................................................................................................................7

File lock access controls........................................................................................................7

Identity-based access controls................................................................................................8

Capabilities.............................................................................................................................8

mem..................................................................................................................................8

wmd..................................................................................................................................8

dlkm..................................................................................................................................8

api....................................................................................................................................9

2 Product overview......................................................................................10

WLI architecture.....................................................................................................................10

Commands.......................................................................................................................11

Application API.............................................................................................................11

Applications.................................................................................................................12

Stackable file system module...........................................................................................12

Policy enforcement manager...........................................................................................12

File systems..................................................................................................................13

WLI database........................................................................................................................13

WLI metadata files..................................................................................................................13

.$WLI_FSPARMS$..............................................................................................................13

.$WLI_POLICY$................................................................................................................14

.$WLI_SIGNATURE$..........................................................................................................14

3 Key usage...............................................................................................15

Generating keys.....................................................................................................................15

User keys...............................................................................................................................16

Administrator keys..................................................................................................................16

4 Installing, removing, and upgrading............................................................17

Installation requirements..........................................................................................................17

Installing WLI.........................................................................................................................17

Removing WLI........................................................................................................................18

Upgrading WLI......................................................................................................................19

5 Configuring.............................................................................................20

Enabling WLI.........................................................................................................................20

Authorizing the recovery key....................................................................................................20

Authorizing administrator keys..................................................................................................21

Signing DLKMs......................................................................................................................21

Backing up the WLI database..................................................................................................22

Rebooting to restricted mode....................................................................................................22

6 Enhancing security with WLI......................................................................23

Signing an executable binary...................................................................................................23

Creating a FLAC policy...........................................................................................................23

Creating an IBAC policy..........................................................................................................24

Removing a file access policy...................................................................................................24

Enabling DLKMs to load during boot.........................................................................................24

Loading unsigned DLKMs........................................................................................................25

7 Backup and restore considerations..............................................................26

Overview..............................................................................................................................26

Contents 3