HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide
8
Figure 1.1 SRP Compartments Example
1.1.1 Securing SRP Compartments
SRP provides a framework for managing compartment and networking security. This framework is
primarily enforced with Security Containment compartment file access rules. The default set of
compartment access rules delivered with SRP has been developed to favor functional isolation,
application compatibility and user session functionality over strong security containment. To meet the
specific security requirements of your environment, you might need to replace these rules with security
configuration to meet your application usage and local security policy, as described in 14.2.1
Securing SRP Compartments with Compartment Rule Include Files.
To secure the network packets for an SRP compartment, you can use the HP-UX IPFilter or HP-UX IPSec
products. SRP can manage the configuration data for both these products, and you can use the SRP
srp_sys utility to include these products in the default set of products configured by SRP.