Administrator's Guide
8.4 Planning the HP-UX RBAC Deployment..........................................................151
8.4.1 Planning the Roles..............................................................................152
8.4.2 Planning Authorizations for the Roles....................................................152
8.4.3 Planning Command Mappings.............................................................153
8.4.4 HP-UX RBAC Limitations and Restrictions................................................153
8.5 Configuring HP-UX RBAC............................................................................154
8.5.1 Configuring Roles...............................................................................155
8.5.1.1 Creating Roles.............................................................................155
8.5.1.2 Assigning Roles to Users...............................................................156
8.5.1.3 Assigning Roles to Groups............................................................157
8.5.2 Configuring Authorizations..................................................................157
8.5.3 Configuring Additional Command Authorizations and Privileges...............158
8.5.4 Configuring HP-UX RBAC with Fine-Grained Privileges.............................160
8.5.5 Configuring HP-UX RBAC with Compartments.........................................162
8.6 Using HP-UX RBAC....................................................................................163
8.6.1 Using the privrun Command to Run Applications with Privileges................163
8.6.1.1 HP-UX RBAC in Serviceguard Clusters.............................................165
8.6.2 Using the privedit Command to Edit Files Under Access Control................165
8.6.3 Customizing privrun and privedit Using the ACPS...................................166
8.6.4 Generating Keystroke and Command Logs............................................167
8.6.4.1 Keystroke Logging.......................................................................167
8.6.4.2 Alternate Logging.......................................................................168
8.7 Troubleshooting HP-UX RBAC.......................................................................168
8.7.1 The rbacdbchk Database Syntax Tool....................................................168
8.7.2 privrun -v Information..........................................................................169
9 Audit Administration.......................................................................................................171
9.1 Auditing Components..................................................................................172
9.1.1 Commands.........................................................................................172
9.1.2 Audit Configuration Files......................................................................172
9.1.3 Audit Manpages.................................................................................173
9.2 Auditing Your System..................................................................................173
9.2.1 Planning the Auditing Implementation....................................................173
9.2.2 Enabling Auditing...............................................................................174
9.2.3 Disabling Auditing..............................................................................175
9.2.4 Monitoring Audit Files.........................................................................175
9.2.5 Performance Considerations.................................................................176
9.2.6 Guidelines for Administering the Auditing System...................................176
9.3 Auditing Users...........................................................................................176
9.4 Auditing Events..........................................................................................177
9.5 Audit Trails................................................................................................179
9.5.1 Configuring Audit Trails.......................................................................180
9.5.2 Monitoring and Managing Audit Trails..................................................181
8 Table of Contents