Manualshelf

HP-UX Whitelisting Version A.01.02 Release Notes (766165-001,March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX Whitelisting
12345678910
Table Of Contents
4 Configuring
NOTE: Contents of this chapter are not applicable if WLI A.01.00 or A.01.01 is already
configured on your system and is being upgraded to WLI A.01.02.
When WLI installation completes, the system reboots. The kernel rebuilt with WLI components
becomes active for enabling WLI services. To bring WLI to a completely operational state, perform
the following steps manually:
Enabling WLI
Authorize the recovery key
Authorize administrator keys
Identify and sign essential DLKMs
Back up the WLI database
Reboot with security mode set to restricted
Enabling WLI
NOTE: This section can be ignored if WLI A.01.02 is installed on your system where WLI A.01.00
was already installed..
In WLI A.01.02, the WLI kernel module is disabled by default. The WLI kernel module must be
enabled before it can be used.
To enable WLI kernel module on your system, perform the following steps:
1. Execute the following commands as root:
# kcmodule wli=best
# reboot
2. Once the system is up, verify the WLI module is loaded as follows:
# kcmodule wli
Module State Cause
wli static explicit
3. Execute the following as root:
# mkdir m 0755 /dev/wli
Get the major number of WLI module:
# major_num=`lsdev -hd wli | awk '{print $1}'`)
# mknod /dev/wli/admin c $major_num 0
# chmod 0666 /dev/wli/admin
# chown root:root /dev/wli/admin
WLI is now enabled.
After enabling WLI A.01.02 on your system, you may notice some performance degradation and
higher memory consumption depending your system configuration.
Authorizing the recovery key
After WLI is installed and the server is rebooted, the wliadm command must be executed to
initialize database files and authorize the recovery key. Root user (user ID 0) authority is required
to execute the initialization command:
10 Configuring