Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
141142143144145146147148149150
8 HP-UX Role-Based Access Control
The information in this chapter describes HP-UX Role-Based Access Control (HP-UX RBAC).
This chapter addresses the following topics:
Overview (Section 8.1)
Access control basics (Section 8.2)
HP-UX RBAC components (Section 8.3)
Planning the HP-UX RBAC deployment (Section 8.4)
Configuring HP-UX RBAC (Section 8.5)
Using HP-UX RBAC (Section 8.6)
Troubleshooting HP-UX RBAC (Section 8.7)
8.1 Overview
Security, especially platform security, has always been an important issue for enterprise
infrastructure. Even so, many organizations often neglected or overlooked such security
concepts as individual accountability and least privilege in the past. However, recently
introduced legislation in the United States including the Health Insurance Portability and
Accountability Act (HIPAA) and the Sarbanes-Oxley Act has helped to highlight the
importance of these security concepts.
Most enterprise environments have systems administered by multiple users. Typically, this
is accomplished by providing the administrators with the password to a common, shared
account, known as root. While the root account simplifies access control management
by enabling administrators with the root password to perform all operations the root
account also presents several inherent obstacles for access control management, for
example:
After providing administrative users with the root password, there is no easy way
to further constrain those users.
In the best case, revoking access for a single administrator requires changing the
common password and notifying other administrators. More realistically, simply
changing the password is probably not sufficient to effectively revoke access because
alternative access mechanisms might have already been implemented.
Individual accountability with a shared root account is virtually impossible to achieve.
Consequently, proper analysis after a security event becomes difficult, and in some
cases impossible.
The HP-UX Role-Based Access Control (RBAC) feature resolves these obstacles by providing
the capability to assign sets of tasks to ordinary, but appropriately configured, user
accounts. HP-UX RBAC also mitigates the management overhead associated with assigning
and revoking individual authorizations on a per-user basis.
8.1 Overview 143