Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX System Administration Tasks: HP 9000 > Chapter 12 Managing System Security

Setting Up Your Trusted System
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

HP-UX offers the security mechanisms available in the standard UNIX environment. In addition, HP-UX provides an optional, trusted (secure) system with these extra security features:

  • a more stringent password and authentication system

  • auditing

  • terminal access control

  • time-based access control

It is highly recommended that you convert to the trusted system if security is of importance to your HP-UX system. Note that Network Information Service (NIS) is not supported on a trusted system.

To set up and maintain a trusted system, follow these steps:

  1. Establish an overall security policy appropriate to your worksite. See previous section, "Planning System Security."

  2. Inspect all existing files on your system for security risks, and remedy them. This is mandatory the first time you convert to a trusted system. Thereafter, examine your files regularly, or when you suspect a security breach.

  3. Back up your file system for later recovery of user files.

    You can use any of the backup and recovery programs provided by HP-UX for your initial backup and recovery. Once security features are implemented, however, use only fbackup(1M) and frecover(1M).

  4. Convert to a trusted (secure) system.

    To convert to a trusted system, you run SAM, highlight "Auditing and Security" and activate Open to get to the Convert to Trusted System prompt. You may receive a confirmation prompt. Press Y to begin the conversion process.

    You may also enable audit without running SAM, by manually editing the script in /etc/rc.config.d/auditing.

    When you convert to a trusted system, the conversion program:

    • Creates a new, protected password database in /tcb/files/auth/.

    • Moves encrypted passwords from the /etc/passwd file to the protected password database and replaces the password field in /etc/passwd with an asterisk (*). You should back up the /etc/passwd file to tape before the conversion.

    • Forces all users to use passwords.

    • Creates an audit ID number for each user.

    • Sets the audit flag on for all existing users.

    • Converts the at, batch and crontab files to use the submitter's audit ID.

  5. Verify that the audit files are on your system:

    1. Use swlist -l to list the installed filesets. Look for the fileset called SecurityMon which contains the auditing program files.

    2. In addition, verify that the following files not in SecurityMon also exist:

      • /etc/rc.config.d/auditing which contains parameters to control auditing; this file may be modified by SAM or manually, and

      • /sbin/rc2.d/S760auditing which is the script that starts auditing and should not be modified.

  6. After conversion to a trusted system, you are ready to use your audit subsystem and run your HP-UX system as a trusted system. To enable auditing, run SAM and use the "Auditing and Security" window.

If you need to convert from a trusted system back to a standard system, run SAM and use the "Auditing and Security" window. The "Audited Events", "Audited System Calls", and "Audited Users" selections all provide an unconvert option.

A simple way for users to tell if their system has been converted to a trusted system is to look for the last successful/unsuccessful login message that is displayed by a trusted system at user login.

The remaining sections in this chapter provide detailed information on HP-UX security features and basic security tasks.



Planning System Security
  		 


Auditing  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.