Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX 11i Version 2 May 2005 Release Notes: HP 9000 Servers, HP Integrity Servers, and HP Workstations > Chapter 8 Security

HP-UX Auditing System
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

spacerspacerspacer
spacer
spacer
  		 
 

The purpose of the HP-UX Auditing System is to record security relevant events for analysis. This information helps you detect repeated attempts to breach security. Thus, the HP-UX Auditing System acts as a deterrent against system abuses and exposes potential security weaknesses.

Summary of Change

Previously, the HP-UX Auditing System was only supported on systems converted to trusted mode. By installing the Standard Mode Security Extensions bundle[39] (available on Software Pack), you can perform system audits in standard mode. The following enhancements are included:

  • A more flexible form of audit IDs (called “audit tags”), uniquely identifies each login session and responsible user.

  • Two new libsec routines, getauduser() and setauduser(), are similar to the getaudid() and setaudid() system calls. The new libsec routines manage the audit tags. Refer to the getauduser(3), setauduser(3), and audit(5) manpages.

  • For applications that use PAM for authentication, the pam_hpsec PAM module transparently handles the per-session audit information. Refer to the pam_hpsec(5) manpage.

  • The audit commands audsys, audisp, and audevent now support auditing in standard mode. Refer to the audsys(1M), audisp(1M), and audevent(1M) manpages.

  • Commands like login, cron, and ftpd can now do self-auditing in standard mode.

  • Standard mode audit user selection information is stored in a per-user configuration user database (which is similar to /tcb in trusted mode). Refer to the userdb(4) manpage.

  • The userdbset command specifies which users are to be audited in standard mode. This functionality is equivalent to the audusr command in trusted mode. Refer to the userdbset(1M) manpage.

Impact

Customers who desire to have the auditing feature in standard mode can install the StdModSecExt bundle, which is available via Web release and on the HP-UX 11i v2 May 2005 Software Pack.[40] The StdModSecExt bundle contains the Standard Mode Security Extensions.

Compatibility

There are no behavior changes visible to a customer who is using auditing in trusted mode.

Performance

There are no known performance issues.

Documentation

For further information, refer to the following manpages:

See the following elsewhere in this document:

Also refer to the HP-UX Standard Mode Security Extensions Release Notes at http://docs.hp.com.

Obsolescence

Not applicable.


[39] See “HP-UX Standard Mode Security Extensions”.

[40] See “Software Pack (Optional HP-UX 11i v2 Core Enhancements)” and “HP-UX Standard Mode Security Extensions”.



HP-UX 11i Security Containment
  		 


HP-UX Host Intrusion Detection System  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2005 Hewlett-Packard Development Company, L.P.