Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP 9000 Computer Systems : Administering Your HP-UX Trusted System > Chapter 1 Description of the HP-UX Trusted System

HP-UX C-Level Security Trusted Facility Documentation
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

One of the requirements specified in the Department of Defense's Trusted Computer System Evaluation Criteria (TCSEC) is for documentation that must include specific information about the C2-level System being evaluated.

The following manuals are required:

  • Security Features User's Guide describes the protection mechanisms provided by the TCB for system users.

  • Trusted Facility Manual presents administrative considerations including which functions and privileges should be controlled on a trusted system, procedures for examining and maintaining audit trails, and other system administration tasks.

Security Features User's Guide

The information required for the Security Features User's Guide is aimed at end users. Information must describe system protection mechanisms such as those for file and account protection and provide general security guidelines. The following documents provide the information required for the Security Features User's Guide.

For Series 700 systems:

Using Your HP-UX Workstation

For Series 800 systems:

Using HP-UX

NOTE: Additional security information is available via HP-UX release 10.10 security patches. This information is in the SFUG Supplement. You must print this supplementary security documentation and provide a copy to each of your users to meet C-2 level government requirements.

Printing the SFUG Supplement

There are two ways you can obtain the SFUG Supplement to provide copies to your users:

  1. Appendix C of this manual contains the SFUG Supplement. Simply make copies for your users.

  2. You, or your users, can obtain a copy from HP SupportLine on the World Wide Web by following these steps:

    1. Open the URL - http://us.external.hp.com

    2. Click on "Search Problem Solving DBS".

    3. Type "SFUG30" into the Document ID window.

    4. Click "Get Document".

Trusted Facility Manual

This manual, Administering Your HP-UX Trusted System, is part of a set of HP-UX manuals that provide the information required in the

Trusted Facility Manual.

This manual is a pointer to other documents that make up the TFM. The information is all of these documents should be consistent, however, if differences exist this manual contains the most current information.

Hewlett-Packard provides seven documents (including this one) that contain the information needed for the Trusted Facility Manual:

  • Administering Your HP-UX Trusted System

  • Practical UNIX Security by S. Garfinkel and G. Spafford, Second Edition, O'Reilly & Associates

  • Configuring HP-UX for Peripherals B2355-90053

  • HP-UX System Administration Tasks B2355-90079

  • HP-UX Reference (4 volumes) B2355-90052 (These man pages are available online using the man command)

  • Managing HP-UX Software with SD-UX B2355-90089

  • Read Me Before Installing or Upgrading to HP-UX 10.10 B3782-90074

Table 1-2 “Trusted Facility Manual Information Mapping” specifies the security-relevant topics covered in the documents and indicates their locations in each book.

Table 1-2 Trusted Facility Manual Information Mapping

ManualContent Relevant to the Trusted Facility Manual
Administering Your Trusted System

  • Configuring and installing secure systems (Chapters 1, 2)

  • Operating a system in a secure manner (Chapters 3, 4)

  • Effective use of system privileges and protection mechanisms (Chapters 1, 3, 4)

  • Warnings about possible misuse of authority (Chapters 3, 4)

  • Use of security-related information and additional references (Chapter 1)

  • Limitations of security scope (Chapter 1)

  • Threats to system security (Chapter 4)

  • Security policy and accountability countermeasures (Chapter 2)

  • Security assumptions (Chapter 1)

  • Administrative and routine system vulnerabilities (Chapters 3, 4)

  • Discretionary access control (Chapter 3)

  • Security-relevant operations (Chapter 3, 4)

  • Security-irrelevant procedures (Chapters 2, 3)

  • TCB generation (Chapter 2)

  • TCB vulnerabilities (Chapters 3, 4)

  • Configuration management (Chapters 1, 2)

  • Ratings maintenance plan (Chapter 1)

  • TCB hardware installation (Chapters 1, 2), s

  • Security vulnerabilities of TCB generation, installation, maintenance, and distribution (Chapters 2, 3, 4)

  • TCSEC requirements (Chapter 1)

Practical UNIX Security, Second Edition

  • Configuring and installing secure systems (Chapters 1, 5, 19)

  • Operating a system in a secure manner (Chapters 1, 5, 6, 8, 15, 16, 18, 19)

  • Effective use of system privileges and protection mechanisms (Chapters 2, 3, 4, 7, 18)

  • Warnings about possible misuse of authority (Chapters 2, 3, 4, 7, 18)

  • Threats to system security (Chapters 1, 5, 6, 8, 15, 16, 19)

  • Security policy and accountability countermeasures (Chapters 5, 6, 8, 15, 16)

  • Security assumptions (Chapter 19)

  • Administrative and routine system vulnerabilities (Chapters 1, 5, 6, 8, 15, 16, 19)

  • Discretionary access control (Chapters 2, 3, 4)

  • Group membership and object ownership (Chapter 3)

  • User account management (Chapter 3)

  • Identification and authentication (Chapters 2, 3)

  • Security-relevant operations (Chapter 1)

  • TCB file protection (Chapter 4)

Configuring HP-UX for Peripherals

  • Installing, configuring, testing, and managing devices on secure systems (Whole book)

HP-UX System Administration Tasks

  • Configuring and installing secure systems (Chapters 1, 12)

  • Operating a system in a secure manner (Chapter 4)

  • Effective use of system privileges and protection mechanisms (Chapters 2, 4, 9, 12)

  • Warnings about possible misuse of authority (Chapters 12)

  • Threats to system security (Chapter 12)

  • Discretionary access control (Chapter 1, 12)

  • Group membership and object ownership (Chapter 12)

  • User account management (Chapter 12)

  • Identification and authentication (Chapters 1, 12)

  • System login parameters (Chapter 12)

  • Auditing and other security-relevant operations (Chapter 12)

  • System diagnostics, boot, and shutdown (Chapter 2)

  • Setting system clock and configuration parameters (Chapter 1)

  • Damaged data (Chapters 3, 4)

  • TCB file backup (Chapter 9)

  • Mounting/unmounting volumes (Chapters 3, 4)

  • Printers and printer output (Chapter 10)

  • Security-irrelevant procedures (Chapters 1, 5, 9, 10)

  • TCB file protection (Chapter 12)

  • Crash recovery (Chapter 2)

HP-UX Reference

Contains details on all security-relevant commands used for

  • Installing, configuring, and setting up an HP-UX trusted system

  • Auditing

  • Setting ACLs and DAC privileges

  • Encrypting files

  • Setting up and managing user accounts

  • Backing up data

  • Starting and stopping the system

  • Performing routine system maintenance in a secure manner

  • Describes all HP-UX system calls and function definitions including parameters, default settings, effects, and exceptions

  • Many examples of commands, system calls, and functions included

Managing HP-UX Software with SD-UX

  • Configuring and installing secure systems (Chapters 1, 2, 3)

  • System diagnostics (Chapters 3, 5)

  • List of TCB software and approved tools (Chapters 1, 5),

  • TCB generation and loading (Chapters 2, 3)

  • Damaged TCB data structures (Chapters 2, 3, 5)

  • Consistency checking (Chapters 3, 5)

  • Trusted distribution of the TCB (Chapter 2)

  • Correspondence of master and installed copy (Chapters 3, 5)

Read Me Before Installing or Upgrading to HP-UX 10.10

  • Late-breaking information on installing or upgrading to HP-UX Release 10.10

  • Describes specific configuration details

 



Planning System Security
  		 


E3/FC2 ITSEC Security Certification  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.