Manualshelf

HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
919293949596979899100
93
the compartment for all access. For example:
discover compartment mySRP {
:
:
3. Start the SRP compartment:
srp -start compartment_name
4. Attempt to access the compartment applications. After you successfully access the
applications, enter the following command to generate a machine readable version of the
rules used to access the compartment:
getrules -m compartment_name
5. Compare the output from the getrules command with the compartment rules file and make
the necessary changes.
6. Stop the SRP compartment, remove the discover keyword from the compartment rules file,
and then restart the compartment.
17.2.2 Removing or Disabling IPFilter
If you are using IPFilter with SRP, you can see if IPFilter rules are blocking access to the compartment
applications. One way to do this is by removing the ipfilter service from the compartment by
entering the following command:
srp -d compartment_name [-t template] -s ipfilter
If you do not specify the -t argument, srp removes the IPFilter configuration for the base template.
To add the ipfilter service back to the compartment after you have completed testing, enter the
following command:
srp -d compartment_name [-t template] -s ipfilter
Another method to test if IPFilter rules are blocking access to the compartment applications is by
disabling the IPFilter module. Enter the following command:
/opt/ipf/bin/ipfilter -d
To enable IPFilter after you have completed testing, enter the following command:
/opt/ipf/bin/ipfilter -e
17.2.3 Removing or Disabling IPSec
If you are using IPSec with SRP, you can see if IPSec policies are blocking access to the compartment
applications. One method to determine if IPSec policies are blocking packets is by removing the
ipsec service from the compartment by entering the following command:
srp -d compartment_name -s ipsec
To add the ipsec service back to the compartment after you have completed testing, enter the
following command:
srp -d compartment_name -s ipsec
Another method to test if IPSec policies are blocking access to the compartment applications is by
stopping the IPSec product. Enter the following command:
/usr/sbin/ipsec_admin -stop
To restart IPSec after you have completed testing, enter the following command:
/usr/sbin/ipsec_admin -start