HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

17 Verifying and Troubleshooting SRP

This chapter contains procedures for verifying and troubleshooting SRP. This chapter addresses the

following topics:

• 17.1 Verification Procedures

• 17.2 Troubleshooting Procedures

• 17.3 Reporting Problems

NOTE: You can run system administration and performance tools (such as glance, gpm, kprof,

kgmon, ktrace, and caliper) in the INIT compartment.

17.1 Verification Procedures

This section includes the following procedures to verify the subsystem data configured by SRP:

• 17.1.1 Verifying SRP Subsystems

• 17.1.2 Verifying Security Containment Compartment Data

• 17.1.3 Verifying RBAC Data

• 17.1.4 Verifying PRM Data

• 17.1.5 Verifying Network Data

• 17.1.6 Verifying IPFilter Data

• 17.1.7 Verifying IPSec Data

17.1.1 Verifying SRP Subsystems

You can use the srp_setup utility to quickly verify the status of the subsystems with data managed

by SRP.

17.1.2 Verifying Security Containment Compartment Data

Use the following procedures to verify Security Containment Compartment configuration data:

• Verify that the compartment rules are loaded into the kernel.

Enter the following command:

getrules -m compartment_name

• Manually test the file access rules.

such as cd and touch commands for files not available from the SRP. From the INIT

compartment, you can create a temporary file in a directory for which the SRP compartment

does not have ulink (delete) access. Login to the SRP compartment and attempt to delete the

file.

• Verify that the processes configured for the SRP compartment are running in the compartment.

Use the ps -ef command to find the PID for applications in your SRP compartment. For

example:

# ps -ef | grep sshd

root 968 1 0 Oct 14 ? 0:00 /usr/sbin/sshd