Setting Up Your C2-Level Trusted System

HP-UX offers the security mechanisms available in the standard UNIX environment. By converting your system to a trusted system, HP-UX provides the following additional security features:

A more stringent password and authentication system
Auditing
Terminal access control
Time-based access control

The ability to convert your system to a trusted system is a feature of HP- UX. You should seriously consider the ramifications of converting your system to a trusted system before doing so. One ramification is reduced system performance due to the requirements of auditing.




	NOTE: Be sure that your system meets the specifications in "Conversion Prerequisites" before attempting to set up your trusted system.

Follow these steps to set up a C2-level trusted system:

Establish an overall security policy appropriate to your worksite. See the section "Planning System Security" in Chapter 1.
Install anti-tamper devices on all workstations that will be included in the trusted system configuration.
Inspect all existing files on your system for security risks and remedy them. This is mandatory the first time you convert to a trusted system. Thereafter, examine your files regularly, or when you suspect a security breach.
Change your workstation to character mode by typing:
unset display

Convert to a trusted (secure) system:

Type SAM (in character mode):
sam
The SAM main menu is displayed.
Highlight Auditing and Security.

Highlight Audited Events. The following message is displayed as soon as you click on any of the auditing options for the first time:

   You need to convert to a Trusted System before proceeding.  

   Converting to a Trusted System does the following:



   1. Creates a protected database on the system for storing 

      security information.



   2. Moves user passwords in "/etc/password" to this database.



   3. Replaces all password fields in "/etc/passwd" with "*".

For more details, refer to the "System Security" chapter of the "System Administration Tasks" manual.
Do you want to convert to a Trusted System now?
Click Yes.




	NOTE: The system displays a warning message about ACLs not being supported on a VxFS system. This is because JFS systems (VxFS) do not support ACLs, an integral part of discretionary access control. JFS is not part of the TCB and you cannot configure JFS systems as trusted systems.

The system displays the following message:

   Converting to a trusted system....

   Successfully converted to a trusted system. 



   Press OK to continue.





   The conversion program does the following:

Creates a new, protected password database in /tcb/files/auth/. The users' login information is organized under /tcb/files/auth/
by the first initial of the login name.
Moves encrypted passwords from the /etc/passwd file to the protected password database and replaces the password files in /etc/passwd with an asterisk (
). Be sure to back up the /etc/passwd file on tape before the conversion.
Forces all users to use passwords.
Creates an audit ID number for each user.
Sets the audit flag on for all existing users.
Converts the at, batch, and crontab files to use the submitter's audit ID.

Verify that the audit files are on your system:
1. Use swlist - fileset to list the installed filesets. Look for the fileset called SecurityMon which contains the auditing program files.
2. Verify that the following files not in SecurityMon also exist:
  - /etc/rc.config.d/auditing which contains parameters to control auditing; this file may be modified by SAM or manually.
  - /sbin/rc2.d/S760auditing which is the script that starts auditing and should not be modified.
The Audited Events screen is displayed. It includes a table of events that can be audited, specifications on how the events are to be audited (on success, failure), and lists system calls associated with each event. On the screen you should see the message:
Auditing Turned Off
If Auditing is Turned On, your system is already converted to a trusted system. Do not proceed with the rest of these steps.
Click on any of the events to be audited. (Press Tab to move back and forth from the menus at the top of the screen to the auditing options.)

After conversion, you must enable the audit subsystem to run your HP-UX system as a trusted system. To enable auditing, run SAM and use the Auditing and Security screen. See "Turning On Auditing" later in this chapter.




	NOTE: Once your system is converted to a trusted system, you can only run SAM in character mode. Do not use the graphical user interface because it compromises the security of your trusted system.

Next, you must also establish password control by setting the many password options available. See "Setting Up Password Controls" later in this chapter.

Your system is now converted to a trusted system.

Completing the Setup

You must instruct system users to read the Security Features User's Guide Supplement for additional information they need to know about using a trusted system.

Verifying Setup

There are several log files you can check to verify the configuration of your system. Check the SAM log, installation log, and SD-UX log for this information. It is important that you also maintain information on the system configuration in the System Support Log which is supplied with your system.

You should keep a record of all pertinent information including: root disk selection, file system layout, swap size, and filename length. This information can be recorded in the System Support Log.

swverify(1M) can be used to check the files which have been installed on your system. See the swverify(1M) man page for more information.

Setting Up Your C2-Level Trusted System

Technical documentation

» Table of Contents

» Index

Completing the Setup

Verifying Setup