Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
121122123124125126127128129130
The setfilexsec command to configure the compartment attribute of a binary
file. For example, to configure the application apple into the compartment fruit,
enter the following command:
# setfilexsec -c fruit apple
HP-UX RBAC,see Section 8.5.5.
6.5.4 Login Directly to a Compartment
The compartment login configuration enables users and administrators to login directly
to a compartment. It provides a mechanism to set controls on those users that are allowed
to login to a service running in a specified compartment or prevent access to the system
based on previously configured authorization information.
NOTE: The Compartment Login feature is only supported on standard systems, it is not
supported on trusted systems.
For more information, see HP-UX Compartment Login using Secure Shell (SSH):
www.hp.com/go/hpux-security-docs
Click HP-UX 11i Security Containment Software.
6.6 Troubleshooting Compartments
If something is not working on the system and you suspect the problem is occurring
because of the compartment structure, you can check the compartment rules as follows.
Problem 1: Access is not being controlled according to the compartment rules I
configured. Solution: the rules may not be set in the kernel. To check whether the rules
are set in the kernel, follow these steps:
1. Use the following command to list the valid compartment rules in the kernel.
# getrules
2. Use the following command to list all rules configured on the system, including rules
that have not been loaded into the kernel.
# setrules -p
3. Compare the output of the two commands. If they are the same, all rules are loaded
into the kernel. If the output differs, you need to load rules into the kernel.
4. Use the following command to load rules into the kernel. :
# setrules
Problem 3: Access to a file is not functioning properly. Solution: If multiple hard links
point to this file, the compartment rules configuration may contain inconsistent rules for
accessing the file. To check for inconsistencies, follow these steps:
126 Compartments