Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP) Software
12345678910
9
You can also use HP-UX Encrypted Volume and File system (EVFS) to protect disk data at rest, or disk
data that is not in use, such as when a disk device is physically transported. For more information on
EVFS, see the HP-UX Encrypted Volume and File system (EVFS) Administrator's Guide.
1.1.2 Subsystems Configured by SRP
SRP can configure the following subsystems and HP-UX features:
HP-UX Security Containment
HP Process Resource Manager (PRM)
IP interfaces
Initialization and Shutdown Services
HP-UX IPFilter
HP-UX IPSec
1.1.2.1 HP-UX Security Containment
HP-UX Security Containment is a set of features that enhance HP-UX security. HP-UX Security
Containment consists of the following components:
Security Containment Compartments
A Security Containment compartment is an environment with a isolated file directory structure,
isolated IPC, and isolated networking I/O for the processes and users in the compartment. If
a process in a compartment is compromised, it cannot damage other parts of the system
because it is isolated by the compartment configuration.
HP-UX Role-Based Access Control (RBAC)
HP-UX Role-based Access Control (RBAC) is an alternative to the traditional "all-or-nothing"
root user model, which grants permissions to the root user for all operations and denies
permissions to non-root users for certain operations.
RBAC checks if an entity (such as a user or process) has the proper authorization value to
perform an operation on a system resource. With RBAC, you can configure specific users to
have access to specific resources such as files and executables. You can also configure the
type of access allowed. For example, you can use RBAC so that only specific users can
execute a given utility.
The RBAC configuration structure assigns authorization values to roles and assigns users (or
subjects, which can also be executables) to roles. This structure enables you to assign a user
to multiple roles, and therefore, have multiple authorization values. This also enables you to
configure users that share some authorization values, but not necessarily share all of the same
authorization values.
Compartment Login
The compartment login feature enables you to control which compartment a user is allowed to
log in to and which users are allowed to log in to a compartment. For example, you can
configure the system so that only specific users can login to a given compartment.
The compartment login feature is often used with a remote login service such as HP-UX Secure
Shell (SSH) to create a restricted environment for remote users.
You can configure all three of the Security Containment components to work together. For example,
you can create a Security Containment compartment, cmpt1, with limited file access. You can define