HP-UX Whitelisting Version A.01.02 Release Notes (766165-001,March 2014)
Table Of Contents
1 About this product
HP-UX Whitelisting (WLI) offers file and system resource protection based on RSA encryption
technology on HP Integrity servers running HP-UX 11iv3. WLI is complementary to the traditional
UNIX discretionary access controls (DAC) based on user, group, and file permissions. The more
granular DAC access control list (ACL) permissions available on VxFS and HFS file systems are
likewise not affected.
WLI is also complementary to other HP-UX security mechanisms such as Role-Based Access Control
(RBAC) and Compartments. HP-UX RBAC, based on role assignment to users, provides services
that allow non-root users to perform tasks requiring root user privilege. HP-UX Compartments restrict
user applications by limiting their access to resources not configured within specific compartments.
In contrast to user file ownership and user role assignment, WLI file and resource access is based
on RSA key ownership. RSA keys are instrumental in granting resource access privileges, referred
to as capabilities in WLI literature, and assigning file access policies. With WLI enforcement in
effect, file and resource access is associated with RSA keys and user ID is not a factor. WLI
restrictions on file and resource access apply equally to root and non-root users.
WLI maintains a database that recognizes two types of RSA keys. User keys can assign file access
policies and sign binary executables for inclusion in file access policies. Administrator keys have
the authority of user keys, plus authority to add user and administrator key recognition to the WLI
database, allow access to restricted resources, and set WLI configuration attributes. A set of
commands is provided that execute only for keys recognized by the WLI database. A subset of
these commands requires administrator key recognition to execute.
WLI relies on HP-UX OpenSSL for RSA key generation. WLI requires that private keys are passphrase
protected. The key owner is responsible for safely storing private keys and changing passphrases.
WLI does not retain private key location or passphrase information. Key recognition and signature
verification are accomplished by retrieving public keys and their relationships from the WLI database
during run-time operations.
WLI contains the following:
• A statically linked kernel component for generating and enforcing file access policies and
resource restrictions.
• User commands for specifying file access policies and signing binary executables for inclusion
in file access policies. User commands require an authorized user key for execution.
• Administrator commands for authorizing user and administrator keys, granting resource access
privileges, and setting configuration attributes. Administrator commands require an authorized
administrator key to execute.
• A set of manpages providing a WLI overview, and descriptions of WLI commands and
configuration files.
• A shared library, libwliapi.so, which provides programmable functions for creating,
deleting, and verifying access on WLI file access policies.
Features and benefits
WLI provides the following features and benefits.
File access policies
WLI restricts access to files residing on VxFS (aka JFS), HFS, and NFS file systems through file
access policies. Both WLI user and administrator keys can authorize generation of file access
policies. Enforcement of file access policies can be enabled or disabled only through administrator
Features and benefits 5