HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide
88
17 Verifying and Troubleshooting SRP
This chapter contains procedures for verifying and troubleshooting SRP. This chapter addresses the
following topics:
• 17.1 Verification Procedures
• 17.2 Troubleshooting Procedures
• 17.3 Reporting Problems
NOTE: You can run system administration and performance tools (such as glance, gpm, kprof,
kgmon, ktrace, and caliper) in the INIT compartment.
17.1 Verification Procedures
This section includes the following procedures to verify the subsystem data configured by SRP:
• 17.1.1 Verifying SRP Subsystems
• 17.1.2 Verifying Security Containment Compartment Data
• 17.1.3 Verifying RBAC Data
• 17.1.4 Verifying PRM Data
• 17.1.5 Verifying Network Data
• 17.1.6 Verifying IPFilter Data
• 17.1.7 Verifying IPSec Data
17.1.1 Verifying SRP Subsystems
You can use the srp_setup utility to quickly verify the status of the subsystems with data managed
by SRP.
17.1.2 Verifying Security Containment Compartment Data
Use the following procedures to verify Security Containment Compartment configuration data:
• Verify that the compartment rules are loaded into the kernel.
Enter the following command:
getrules -m compartment_name
• Manually test the file access rules.
Login to the SRP compartment and attempt file access operations that should succeed or fail,
such as cd and touch commands for files not available from the SRP. From the INIT
compartment, you can create a temporary file in a directory for which the SRP compartment
does not have ulink (delete) access. Login to the SRP compartment and attempt to delete the
file.
• Verify that the processes configured for the SRP compartment are running in the compartment.
Use the ps -ef command to find the PID for applications in your SRP compartment. For
example:
# ps -ef | grep sshd
root 968 1 0 Oct 14 ? 0:00 /usr/sbin/sshd