Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP) Software
919293949596979899100
91
If an SRP compartment is up and has a dedicated IP interface, the netstat -rn command shows a
default route entry with the compartment IP address (192.0.2.1) as the gateway. For example:
# netstat -rn
Routing tables
Destination Gateway Flags Refs Interface Pmtu
:
:
default 192.0.2.1 U 0 lan1:1 1500
17.1.6 Verifying IPFilter Data
Use the following ipfstat command to view the active (loaded) inbound and outbound IPFilter
rules:
ipfstat -io
For example:
# ipfstat -io
pass out quick proto tcp from 192.0.2.1/32 to any keep state
pass out quick proto udp from 192.0.2.1/32 to any keep state
pass out quick proto icmp from 192.0.2.1/32 to any keep state
pass in quick proto icmp from any to 192.0.2.1/32
block in quick from any to 192.0.2.1/32
17.1.7 Verifying IPSec Data
Enter the following IPSec commands to verify IPSec data:
Use the following ipsec_report command to view the host rules:
ipsec_report -host
The output should include a host policy with the name SRP-compartment_name-base-1
For example:
----------------- Configured Host Policy Rule -------------------
Rule Name: SRP-web2-base-1 ID: 7 Priority: 30
Src IP Addr: 192.0.2.1 Prefix: 32 Port number: 0
Dst IP Addr: 10.2.2.2 Prefix: 32 Port number: 0
Network Protocol: All Action: Dynamic key SA
Number of SA(s) Needed: 1 Pair(s)
Proposal 1: Transform: ESP-AES128-HMAC-SHA1
Lifetime Seconds: 28800
Lifetime Kbytes: 0
Use the following ipsec_report command to view the IKE rules:
ipsec_report -ike
The output should include an IKE policy with the name SRP-compartment_name-base-1.
For example:
---------------------------- IKE Rule -----------------------------
Rule Name: SRP-web2-base-1 Priority: 30 Cookie: 6
Remote IP Address: 10.2.2.2 Prefix: 32
Group Type: 2 Authentication Method: Pre-shared Keys
Authentication Algorithm: HMAC-MD5 Encryption Algorithm: 3DES-
CBC
Number of Quick Modes: 100 Lifetime (seconds): 28800
Action: Secure
Use the following ipsec_config command to view the authentication records:
ipsec_config show auth