Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP 9000 Computer Systems : Administering Your HP-UX Trusted System > Chapter 2 Installation and Configuration of an HP-UX Trusted System

Conversion Prerequisites
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Before you can convert your system into a C2-level trusted system, the following prerequisites must be met:

  • You have set SECURE to ON in the ISL when first booting your workstation. The steps are described in the following section.

  • Your system must be running HP-UX Release 10.10. Refer to the section "Information about Installing or Upgrading HP-UX" earlier in this chapter for cross references to more information.

  • Back up your entire HP-UX file system. Refer to Chapter 9 in HP-UX System Administration Tasks. You can use any of the backup and recovery programs provided by HP-UX for your initial backup and recovery. Once security features are implemented, however, you can use only fbackup(1M) and frecover(1M).

  • You must install all required security patches. Refer to "Obtaining Security Patches" in the next section for more information.

    NOTE: You cannot convert your system to a trusted system without installing the security patches first. Even if you use SAM to convert your system, it will not be a C2-level trusted system without the patches.

  • You must purchase and install anti-tamper devices on all workstations that will be included in the trusted system configuration. This will ensure that no one can open or tamper with your workstation. For servers, you must provide physical security for the system console.

Setting Secure Mode on Workstations

Before allowing users on a workstation, you must set SECURE to ON at the ISL prompt. This is the prompt you can receive when the system is booting. This prevents users from having access to the ISL prompt.

This action is needed to insure the security and integrity of the hardware.

In order to enable secure mode:

  1. Interrupt the boot sequence (by pressing Escape) and at the BOOT ADMIN> prompt.

  2. Type 

       SECURE ON

For additional information on ISL, see the HP-UX System Administration Tasks manual, Chapter 2.

Preventing Access to ISL and the System Console on Servers

The physical security of the system console is critical in order to prevent unauthorized access to the ISL prompt. You must prevent someone other than the system administrator from changing the security settings of your system. This is accomplished by restricting access to the system console.

For additional information on ISL, see the HP-UX System Administration Tasks manual, Chapter 2.

Obtaining Security Patches

To subscribe to automatically receive future new HP Security Bulletins from the HP SupportLine mail service via electronic mail, send an email message to 

   support@us.external .hp.com   No subject is required

You can include one or more of the following additional instructions in the text portion of the message.

  • To add your name to the subscription list for new security bulletins, send the following in the text portion of an email message: 

       subscribe security_info

  • To retrieve the index of all HP Security Bulletins issued to date, send the following in the text portion of an email message: 

       send security_info_list

  • To get a patch matrix of current HP-UX and security patches referenced by either Security Bulletin or Platform/OS, put the following in the text of the email message: 

       send hp-ux_patch_matrix

  • You can view additional information on the World Wide Web at the URL: 

       http://us.external.hp.com

    Choose "Support news" then "Security Bulletins."

  • To report new security vulnerabilities, send email to 

       security -alert@hp.com

    You need to encrypt exploit information using the security-alert PGP key, available from your local key server, or by sending a message with a -subject- of "get key" (without the quotes) to security-alert@hp.com.

Obtaining Non-Security Patches

Non-security patches to HP-UX 10.10 are also available on SupportLine through the World Wide Web on URL - http://us.external.hp.com

Click on "Patch Browsing and Downloading" to select and obtain the relevant patches.



Information about Installing or Upgrading HP-UX
  		 


Verifying and Replicating Your System Configuration  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.