HP HP-UX Auditing System Extensions Administrator's Guide
HP-UX System Administrator's Guide: Security Management
HP-UX 11i Version 3
HP Part Number: B3921-90059
Published: September 2011
Edition: 7
© Copyright 2011 Hewlett-Packard Development Company L.P
Legal Notices
The information in this document is subject to change without notice.
Hewlett-Packard makes no warranty of any kind with regard to this document, including, but not limited to, the implied warranties
of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct,
indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material.
Warranty A copy of the specific warranty terms applicable to your Hewlett-Packard product and replacement parts can be obtained
from your local Sales and Service Office.
U.S. Government License Proprietary computer software. Valid license from HP required for possession, use or copying. Consistent
with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for
Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
Trademark Notices UNIX® is a registered trademark in the United States and other countries, licensed exclusively through The
Open Group. VERITAS® is a registered trademark of Symantec Corporation.
Acknowledgments This product includes software developed by the Apache Software Foundation. This documentation is based
on information from the Apache Software Foundation (http://www.apache.org).
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org).
Table of Contents
About this Document.................................................................................................................15
I Protecting Systems...................................................................................................................21
1 Installing the HP-UX Operating Environment Securely.............................................................23
1.1 Installation Security Considerations..................................................................23
1.2 Preventing Security Breaches During the Boot Process........................................23
1.3 Enable Login Security for root........................................................................24
1.4 Using Boot Authentication to Prevent Unauthorized Access.................................25
1.5 Setting Install-Time Security Options................................................................25
1.6 Installing Security Patches..............................................................................26
1.7 Postinstallation Security Tips for Backup and Recovery.......................................26
2 Administering User and System Security..............................................................................29
2.1 Managing User Access.................................................................................29
2.1.1 Monitoring User Accounts.......................................................................29
2.1.2 Monitoring Guest Accounts.....................................................................30
2.1.3 Creating Application User Accounts.........................................................30
2.1.4 Managing Group Accounts....................................................................31
2.2 Authenticating Users During Login..................................................................31
2.2.1 Explanation of the Login Process.............................................................32
2.2.2 Checking the login Tracking Files (btmp and wtmp)...................................33
2.2.2.1 Last Command Examples................................................................33
2.2.3 Checking Who Is Logged In...................................................................34
2.3 Authenticating Users with PAM.......................................................................34
2.3.1 Overview.............................................................................................34
2.3.2 PAM Libraries.......................................................................................36
2.3.3 Systemwide Configuration Using /etc/pam.conf.......................................37
2.3.4 Sample /etc/pam.conf File....................................................................38
2.3.5 The /etc/pam_user.conf User Configuration File.......................................39
2.3.6 Examples: How PAM Works for Login.....................................................39
2.4 Managing Passwords...................................................................................41
2.4.1 System Administrator Responsibilities.......................................................41
2.4.2 User Responsibilities.............................................................................41
2.4.3 Criteria of a Good Password..................................................................42
2.4.4 Changing the /etc/passwd Password File................................................42
2.4.4.1 Examples of passwd Commands.....................................................42
2.4.4.2 The /etc/passwd File Format..........................................................43
2.4.5 The /etc/shadow Shadow Password File.................................................43
Table of Contents 3
2.4.6 Eliminating Pseudo-Accounts and Protecting Key Subsystems in
/etc/passwd................................................................................................45
2.4.7 Secure Login with HP-UX Secure Shell.....................................................46
2.4.8 Securing Passwords Stored in NIS...........................................................46
2.4.9 Securing Passwords Stored in LDAP Directory Server.................................46
2.5 Defining System Security Attributes.................................................................46
2.5.1 Configuring Systemwide Attributes...........................................................48
2.5.2 Configuring Per-User Attributes...............................................................48
2.5.2.1 Examples of Defining User-Specific Attributes with userdbset................49
2.5.2.2 INACTIVITY_MAXDAYS and the Shadow Password File......................49
2.5.3 Troubleshooting the User Database.........................................................49
2.6 Handling setuid and setgid Programs.............................................................50
2.6.1 Why setuid and setgid Programs Can Be Risky.........................................51
2.6.2 How IDs Are Set..................................................................................51
2.6.3 Guidelines for Limiting Setuid Power.......................................................51
2.7 Preventing Stack Buffer Overflow Attacks.........................................................52
2.8 Protecting Unattended Terminals and Workstations...........................................53
2.8.1 Controlling Access Using /etc/inittab and Run Levels................................53
2.8.2 Protecting Terminal Device Files..............................................................54
2.8.3 Configuring the Screen Lock...................................................................54
2.8.3.1 Configuring the TMOUT Variable....................................................54
2.8.3.2 Configuring the CDE Lock Manager................................................55
2.9 Protecting Against System Access by Remote Devices........................................55
2.9.1 Controlling Access Using /etc/dialups and /etc/d_passwd........................56
2.10 Securing Login Banners...............................................................................57
2.11 Protecting the root Account...........................................................................58
2.11.1 Monitoring root Account Access.............................................................58
2.11.2 Using the Restricted SMH Builder for Limited Superuser Access...................58
2.11.3 Reviewing Superuser Access..................................................................59
3 HP-UX Standard Mode Security Extensions...........................................................................61
3.1 Overview....................................................................................................61
3.2 Security Attributes and the User Database.......................................................62
3.2.1 System Security Attributes.......................................................................62
3.2.2 Configuring Systemwide Attributes..........................................................62
3.2.3 User Database Components...................................................................63
3.2.3.1 Configuration Files.........................................................................63
3.2.3.2 Commands..................................................................................63
3.2.3.3 Attributes.....................................................................................63
3.2.3.4 Manpages...................................................................................64
3.2.4 Configuring Attributes in the User Database.............................................65
3.2.5 Troubleshooting the User Database.........................................................65
4 Table of Contents
4 Remote Access Security Administration................................................................................67
4.1 Overview of Internet Services and Remote Access Services.................................67
4.1.1 Securing ftp..........................................................................................68
4.1.2 Securing Anonymous ftp.........................................................................69
4.1.3 Denying Access Using /etc/ftpd/ftpusers.................................................69
4.1.4 Other Security Solutions for Spoofing.......................................................70
4.2 The inetd Daemon.......................................................................................70
4.2.1 Securing inetd......................................................................................71
4.2.1.1 Denying or Allowing Access Using /var/adm/inetd.sec......................72
4.3 Protection Against Spoofing with TCP Wrappers..............................................72
4.3.1 Additional Features of TCP Wrappers......................................................73
4.3.2 TCP Wrappers Do Not Work with RPC Services.......................................73
4.4 Secure Internet Services................................................................................73
4.5 Controlling an Administrative Domain.............................................................74
4.5.1 Verifying Permission Settings on Network Control Files...............................75
4.6 Securing Remote Sessions Using HP-UX Secure Shell (SSH)................................76
4.6.1 Key Security Features of HP-UX Secure Shell.............................................76
4.6.2 Software Components of HP-UX Secure Shell...........................................77
4.6.3 Running HP-UX Secure Shell...................................................................78
4.6.3.1 Running the ssh Client....................................................................78
4.6.3.2 Running the sftp Client...................................................................79
4.6.3.3 Running the scp Client...................................................................79
4.6.4 HP-UX Secure Shell Privilege Separation..................................................79
4.6.5 HP-UX Secure Shell Authentication..........................................................80
4.6.5.1 GSS-API.......................................................................................80
4.6.5.2 Public Key Authentication...............................................................81
4.6.5.3 Host-Based and Public Key Authentication........................................81
4.6.5.4 Password Authentication................................................................81
4.6.6 Communication Protocols......................................................................82
4.6.7 HP-UX Secure Shell and the HP-UX System...............................................82
4.6.8 Associated Technologies.......................................................................83
4.6.9 Strong Random Number Generator Requirement......................................83
4.6.10 TCP Wrappers Support........................................................................83
4.6.11 chroot Directory Jail.............................................................................84
II Protecting Data......................................................................................................................85
5 File System Security..........................................................................................................87
5.1 Controlling File Access..................................................................................87
5.1.1 Setting File Access Permissions.................................................................88
5.1.2 Setting File Ownership...........................................................................89
5.1.3 Protecting Directories.............................................................................89
5.1.4 Protecting Files Related to User Accounts..................................................90
Table of Contents 5
5.1.5 Locating and Correcting File Corruption Using fsck....................................90
5.2 Setting Access Control Lists............................................................................91
5.3 Using HFS ACLs...........................................................................................91
5.3.1 HFS ACLs and HP-UX Commands and Calls.............................................93
5.4 Using JFS ACLs............................................................................................95
5.4.1 Definition of a JFS ACL..........................................................................95
5.4.2 How the System Generates a JFS ACL.....................................................95
5.4.3 Minimal JFS ACL..................................................................................96
5.4.4 Additional JFS ACL user and group Entries...............................................96
5.4.5 JFS ACL group and class Entries.............................................................96
5.4.6 Using the setacl and getacl Commands...................................................97
5.4.7 Effect of chmod on class Entries..............................................................97
5.4.8 Example of Changing a Minimal JFS ACL................................................98
5.4.9 Default JFS ACLs..................................................................................99
5.4.10 Changing JFS ACL with the setacl Command........................................100
5.4.10.1 Using the Modify and Delete Options...........................................100
5.4.10.2 Using the -f Option....................................................................100
5.4.10.3 Effective Permissions and setacl -n................................................101
5.5 Comparison of JFS and HFS ACLs................................................................102
5.5.1 JFS and HFS Command and Function Mapping.......................................102
5.6 ACLs and NFS...........................................................................................103
5.7 Security Considerations for /dev Device Special Files.....................................103
5.8 Protecting Disk Partitions and Logical Volumes...............................................104
5.9 Security Guidelines for Mounting and Unmounting File Systems........................104
5.10 Controlling File Security on a Network.........................................................106
5.10.1 Check Permission Settings on Network Control Files................................106
5.10.2 Files Mounted in an NFS Environment..................................................106
5.10.2.1 Server Vulnerability....................................................................107
5.10.2.2 Client Vulnerability.....................................................................107
5.10.2.3 How to Safeguard NFS-Mounted Files..........................................107
6 Compartments...............................................................................................................109
6.1 Overview..................................................................................................109
6.1.1 Compartment Architecture.....................................................................109
6.1.2 Default Compartment Configuration.......................................................111
6.2 Planning the Compartment Structure.............................................................111
6.3 Compartment Components..........................................................................112
6.3.1 Compartment Configuration Files..........................................................112
6.3.2 Compartment Commands....................................................................112
6.3.3 Compartment Manpages.....................................................................113
6.4 Compartment Rules and Syntax...................................................................114
6.4.1 Compartment Definition.......................................................................114
6.4.2 File System Rules................................................................................116
6 Table of Contents
6.4.3 IPC Rules...........................................................................................117
6.4.4 Network Rules...................................................................................119
6.4.5 Miscellaneous Rules............................................................................122
6.4.6 Example Rules File..............................................................................123
6.5 Configuring Compartments.........................................................................124
6.5.1 Activating Compartments.....................................................................124
6.5.2 Defining a Compartment Configuration.................................................124
6.5.2.1 Changing Compartment Rules.......................................................125
6.5.2.2 Changing Compartment Names...................................................125
6.5.3 Running an Application in a Compartment............................................125
6.5.4 Login Directly to a Compartment..........................................................126
6.6 Troubleshooting Compartments....................................................................126
6.7 Using Discover Mode to Generate Initial Compartment Configuration...............127
6.8 Compartments in HP Serviceguard Clusters...................................................128
7 Fine-Grained Privileges...................................................................................................131
7.1 Overview...................................................................................................131
7.2 Fine-Grained Privileges Components.............................................................131
7.2.1 Commands.........................................................................................131
7.2.2 Manpages.........................................................................................132
7.3 Available Privileges....................................................................................132
7.3.1 Compatibility Information for Divided Privileges.......................................135
7.4 Configuring Applications with Fine-Grained Privileges.....................................136
7.4.1 Privilege Model...................................................................................138
7.4.2 Compound Privileges..........................................................................138
7.5 Security Implications of Fine-Grained Privileges..............................................139
7.5.1 Privilege Escalation..............................................................................139
7.6 Fine-Grained Privileges in HP Serviceguard Clusters........................................139
7.7 Troubleshooting Fine-Grained Privileges........................................................140
III Protecting Identity................................................................................................................141
8 HP-UX Role-Based Access Control.....................................................................................143
8.1 Overview..................................................................................................143
8.2 Access Control Basics.................................................................................144
8.2.1 Simplifying Access Control with Roles....................................................145
8.3 HP-UX RBAC Components...........................................................................146
8.3.1 HP-UX RBAC Access Control Policy Switch..............................................147
8.3.2 HP-UX RBAC Configuration Files...........................................................147
8.3.3 HP-UX RBAC Commands.....................................................................148
8.3.4 HP-UX RBAC Manpages......................................................................148
8.3.5 HP-UX RBAC Architecture.....................................................................149
8.3.6 HP-UX RBAC Example Usage and Operation.........................................150
Table of Contents 7
8.4 Planning the HP-UX RBAC Deployment..........................................................151
8.4.1 Planning the Roles..............................................................................152
8.4.2 Planning Authorizations for the Roles....................................................152
8.4.3 Planning Command Mappings.............................................................153
8.4.4 HP-UX RBAC Limitations and Restrictions................................................153
8.5 Configuring HP-UX RBAC............................................................................154
8.5.1 Configuring Roles...............................................................................155
8.5.1.1 Creating Roles.............................................................................155
8.5.1.2 Assigning Roles to Users...............................................................156
8.5.1.3 Assigning Roles to Groups............................................................157
8.5.2 Configuring Authorizations..................................................................157
8.5.3 Configuring Additional Command Authorizations and Privileges...............158
8.5.4 Configuring HP-UX RBAC with Fine-Grained Privileges.............................160
8.5.5 Configuring HP-UX RBAC with Compartments.........................................162
8.6 Using HP-UX RBAC....................................................................................163
8.6.1 Using the privrun Command to Run Applications with Privileges................163
8.6.1.1 HP-UX RBAC in Serviceguard Clusters.............................................165
8.6.2 Using the privedit Command to Edit Files Under Access Control................165
8.6.3 Customizing privrun and privedit Using the ACPS...................................166
8.6.4 Generating Keystroke and Command Logs............................................167
8.6.4.1 Keystroke Logging.......................................................................167
8.6.4.2 Alternate Logging.......................................................................168
8.7 Troubleshooting HP-UX RBAC.......................................................................168
8.7.1 The rbacdbchk Database Syntax Tool....................................................168
8.7.2 privrun -v Information..........................................................................169
9 Audit Administration.......................................................................................................171
9.1 Auditing Components..................................................................................172
9.1.1 Commands.........................................................................................172
9.1.2 Audit Configuration Files......................................................................172
9.1.3 Audit Manpages.................................................................................173
9.2 Auditing Your System..................................................................................173
9.2.1 Planning the Auditing Implementation....................................................173
9.2.2 Enabling Auditing...............................................................................174
9.2.3 Disabling Auditing..............................................................................175
9.2.4 Monitoring Audit Files.........................................................................175
9.2.5 Performance Considerations.................................................................176
9.2.6 Guidelines for Administering the Auditing System...................................176
9.3 Auditing Users...........................................................................................176
9.4 Auditing Events..........................................................................................177
9.5 Audit Trails................................................................................................179
9.5.1 Configuring Audit Trails.......................................................................180
9.5.2 Monitoring and Managing Audit Trails..................................................181
8 Table of Contents
9.6 Using the Audit Filtering Tools......................................................................182
9.7 Using filter.conf .........................................................................................183
9.8 Using the Audit Reporting Tools...................................................................183
9.8.1 Examples of Using the auditdp Command..............................................185
9.9 Viewing Audit Logs.....................................................................................186
9.9.1 Examples of Using the audisp Command................................................187
9.10 Self-Auditing.............................................................................................187
9.11 HP-UX RBAC Auditing................................................................................188
9.11.1 Auditing Based on HP-UX RBAC Criteria and the /etc/rbac/aud_filter
File...........................................................................................................188
9.11.2 Procedure for Auditing HP-UX RBAC Criteria..........................................189
A Trusted Systems...................................................................................................................191
A.1 Setting Up a Trusted System.............................................................................191
A.2 Auditing a Trusted System................................................................................192
A.3 Managing Trusted Passwords and System Access................................................192
A.3.1 Password Files.........................................................................................193
A.3.1.1 The /etc/passwd File........................................................................193
A.3.1.2 The /tcb/files/auth/ Database..........................................................194
A.3.2 Password Selection and Generation..........................................................195
A.3.3 Password Aging......................................................................................195
A.3.4 Password History and Password Reuse.......................................................196
A.3.5 Time-Based Access Control......................................................................196
A.3.6 Device-Based Access Control....................................................................196
A.3.7 Manipulating the Trusted System Databases...............................................197
A.4 Guidelines for Trusted Backup and Recovery......................................................197
B Other Security Products........................................................................................................199
B.1 Protecting Systems...........................................................................................199
B.1.1 HP-UX Bastille...........................................................................................199
B.1.2 HP-UX HIDS.............................................................................................199
B.1.3 HP-UX IPFilter...........................................................................................200
B.1.4 Security Patches.......................................................................................200
B.2 Protecting Data...............................................................................................200
B.2.1 HP-UX Containers (SRP)............................................................................200
B.2.2 HP-UX Encrypted Volume and File System (EVFS).........................................201
B.2.3 HP-UX IPSec............................................................................................201
B.2.4 HP-UX OpenSSL .....................................................................................201
B.2.5 HP-UX Secure Shell .................................................................................202
B.2.6 HP-UX Trusted Computing Services.............................................................202
B.2.7 HP-UX Whitelisting .................................................................................203
B.3 Protecting Identity...........................................................................................203
B.3.1 HP-UX AAA Server (RADIUS).....................................................................203
Table of Contents 9
B.3.2 HP-UX Directory Server............................................................................204
B.3.3 HP-UX LDAP-UX Integration.......................................................................204
Glossary...............................................................................................................................205
Index....................................................................................................................................213
10 Table of Contents
List of Figures
2-1 HP-UX Authentication Modules Under PAM..........................................................35
5-1 File and Directory Permission Fields....................................................................88
6-1 Compartment Architecture...............................................................................110
8-1 HP-UX RBAC Architecture................................................................................150
8-2 Example Operation After Invoking privrun.........................................................151
11
List of Tables
3-1 User Database Configuration Files.....................................................................63
3-2 User Database Commands................................................................................63
3-3 User Attributes.................................................................................................64
3-4 User Database Manpages................................................................................64
4-1 Internet Services Components and Access Verification, Authorization, and
Authentication.................................................................................................67
4-2 Software Components of HP-UX Secure Shell.......................................................77
5-1 Differences Between File and Directory Privileges.................................................88
5-2 HFS ACL Commands........................................................................................94
5-3 HFS ACL System Calls......................................................................................94
5-4 Commands and Calls Affecting ACL Entries.........................................................94
5-5 HFS and JFS ACL Equivalents...........................................................................102
6-1 Compartment Configuration Files.....................................................................112
6-2 Compartment Commands...............................................................................113
6-3 Compartment Manpages................................................................................113
7-1 Fine-Grained Privileges Commands..................................................................132
7-2 Fine-Grained Privileges Manpages...................................................................132
7-3 Available Privileges........................................................................................132
8-1 Example of Authorizations Per User..................................................................144
8-2 Example of Authorizations Per Role...................................................................145
8-3 HP-UX RBAC Configuration Files.......................................................................147
8-4 HP-UX RBAC Commands.................................................................................148
8-5 HP-UX RBAC Manpages.................................................................................148
8-6 Example Planning Results................................................................................155
9-1 Audit Commands...........................................................................................172
9-2 Audit Configuration Files.................................................................................172
9-3 Audit Manpages............................................................................................173
9-4 audevent Command Options...........................................................................178
12 List of Tables
List of Examples
2-1 Pseudo- and Special System Accounts.................................................................45
5-1 Creating an HFS ACL.......................................................................................93
5-2 Multiple HFS ACL Matches................................................................................93
13
14
About this Document
Publication History
The document publication date and part number indicate its current edition. The
publication date will change when a new edition is released.
To ensure that you receive the new editions, you should subscribe to the appropriate
product support service. Contact your HP sales representative for details.
You can find the various versions of this document at:
http://www.hp.com/go/hpux-core-docs
Click HP-UX 11i v3.
September 2011 Part Number B3921–90059
• Updated the Compartment chapter (see Chapter 6).
• Updated the Fine-Grained Privileges chapter (see Chapter 7.
• Reorganized Appendix B in three parts: Protecting Systems,
September 2010 Part Number B3921-90020
• Removed the Bastille chapter since the Bastille product now
• Added the HP-UX Directory Server product in Appendix B
• Added the HP-UX LDAP product in Appendix B (page 199).
• Updated all links to docs.hp.com to the Business Support
Protecting Data, and Protecting Identity and added the HP-UX
OpenSSL and HP-UX Whitelisting security products (see
Appendix B).
has its own user guide. Added the Bastille product in
Appendix B (page 199).
(page 199).
Center. The HP-UX documentation is now located at the
Business Support Center. For the HP-UX security collection,
see http://www.hp.com/go/hpux-security-docs.
September 2009 Part Number 5992–6416
• Added the HP-UX PAM RADIUS module to the PAM Libraries
section (see Section 2.3.2).
• Added a new section in the Bastille chapter, Selecting
Install-Time Security.
This section used to be documented in the HP-UX 11i v3
Installation and Update Guide.
• Updated the Compartment chapter (see Chapter 6).
15
• Updated the HP-UX Role-Based Access Control chapter (see
Chapter 8 ).
• Updated the Audit Administration chapter (see Chapter 9).
• Added security products to Appendix B (see Appendix B).
March 2008 Part Number 5992–3387
• Divided the document into three parts: Protecting Systems,
Protecting Data, and Protecting Identity.
• Added a chapter to document HP-UX Standard Mode
Security Extensions (see Chapter 3).
• Replaced Security Patch Check with Software Assistant.
• Added a figure to show the HP-UX Bastille user interface.
• Added the HP-UX Bastille configuration log file
assessment-log.config.
• Made various edits.
October 2007 Part Number 5992-2395
• Added a chapter to describe HP-UX Bastille.
August 2007 Part Number 5992-1933
• Removed Process Resource Manager (PRM) from the product
list that does not support shadow passwords (see
Section 2.4.5).
• Corrected search to nsearch in permission_list (see
Section 6.4.2).
16
February 2007 Part Number 5991-6482
First Edition
NOTE: The volumes in the HP-UX System Administrator’s Guide can be updated
independently. Therefore, the latest versions of the volumes in the set can vary with time
and with respect to each other. The latest versions of each volume are available at:
http://www.hp.com/go/hpux-core-docs
Click HP-UX 11i v3.
Intended Audience
The HP-UX System Administrator’s Guide is written for administrators of HP-UX systems
of all skill levels needing to administer HP-UX systems beginning with Release HP-UX 11i
version 3.
While many topics in this set apply to previous releases, much has changed in HP-UX
11i version 3; therefore, for information about prior releases, see Managing Systems
and Workgroups, a Guide for System Administrators.
About This Document Set
The HP-UX System Administrator’s Guide documents the core set of tasks (and associated
concepts) necessary to administer systems running HP-UX 11i Version 3. It is comprised
of the following volumes:
Overview Provides a high-level view of HP-UX 11i, its
components, and how they relate to each other.
Configuration Management Describes many of the tasks that you must perform
to configure and customize system settings and
the behavior of subsystems.
Logical Volume Management Documents how to configure physical volumes,
volume groups, and logical volumes using the HP
Logical Volume Manager (LVM).
Security Management Documents the data and system security features
of HP-UX 11i.
Routine Management Tasks Documents many of the ongoing tasks you must
perform to keep your system running smoothly.
HP-UX System Administrator's Guide: Security Management is divided into three parts:
Protecting Systems, Protecting Data, and Protecting Identity. These parts include the
following topics:
Chapter 1 Describes security considerations related to the boot and installation
process.
Chapter 2 Describes how to administer user and system security after the operating
system is installed.
Chapter 3 Describes the features and components of HP-UX Standard Mode
Security Extentions.
Chapter 4 Describes how to secure remote access to your system.
Chapter 5 Describes how to control and protect file systems.
Chapter 6 Describes compartments and how to isolate components of a system
from one another.
Chapter 7 Describes fine-grained privileges and how to divide the powers of
superusers into a set of privileges.
Chapter 8 Describes the features and components of HP-UX Role-Based Access
Control.
Chapter 9 Describes the administration of the audit system.
Appendix A Describes trusted systems.
Appendix B Describes other security products.
17
HP-UX 11i Release Names and Release Identifiers
With HP-UX 11i, HP delivers a highly available, secure, and manageable operating
system. HP-UX 11i supports enterprise, mission-critical, and technical computing
environments and is available on both HP 9000 systems and HP Integrity servers.
Each HP-UX 11i release has an associated release name and release identifier. The
uname command with the -r option returns the release identifier. See the following table
for a list of releases available for HP-UX 11i:
Supported Processor ArchitectureRelease NameRelease Identifier
HP 9000HP-UX 11i version 1B.11.11
B.11.23
HP-UX 11i version 2B.11.23
HP-UX 11i version 2, September
2004
HP-UX 11i version 3B.11.31
Intel™ Itanium™
HP 9000
Itanium
HP 9000
Itanium
For information on supported systems and processor architecture for various versions of
HP-UX 11i, see the HP-UX 11i system release notes specific to the version of HP-UX you
are running (for example, the HP-UX 11i Version 3 Release Notes).
18
Finding HP-UX Information
The following table outlines where to find general system administration information for
HP-UX. However, it does not include information for specific products.
Located atRefer ToIf you need to
Find out:
• What has changed in HP-UX
releases
• The contents of the Operating
Environments
• Firmware requirements and
supported systems for a
specific release
Install or update HP-UX
Administer an HP-UX system
The HP-UX 11i Release Notes
specific to your version of HP-UX.
For example, you may want to see
the HP-UX 11i Version 3 Release
Notes.
• Read Before Installing or
Updating to HP-UX
• HP-UX 11i Installation and
Update Guide
NOTE: See the documents for
your specific version of HP-UX.
Releases beginning with HP-UX
11i Version 3:
• HP-UX System Administrator’s
Guide (a multivolume set)
Other sources of system
administration information:
• nPartition Admnistrator's Guide
• Planning Superdome
Configurations (white paper)
• HP Instant Information media
• http://www.hp.com/go/
hpux-core-docs
Click HP-UX 11i v3.
• /usr/share/doc/ directory
The /usr/share/doc
directory contains only the
original release note for your
version of HP-UX. For revised
release notes, see your latest HP
Instant Information media or the
Business Support Center:
http://www.hp.com/go/
hpux-core-docs
Click HP-UX 11i v3.
• Media Kit (supplied with the
Operating Environment)
• HP Instant Information media
• http://www.hp.com/go/
hpux-core-docs
Click HP-UX 11i v3.
• HP Instant Information CD-ROM
• http://www.hp.com/go/
hpux-core-docs
Click HP-UX 11i v3.
• Planning Superdome
Configurations (white paper)
Related Information
Additional information about Security and HP-UX can be found at www.hp.com/go/
hpux-security-docs.
In particular, the following documents are available:
19
• HP-UX AAA Server Administrator's Guide
• HP-UX Host Intrusion Detection System Administrator's Guide
• HP-UX IPFilter Administrator's Guide
• HP-UX IPSec Administrator's Guide
• HP-UX Secure Shell Release Notes
Conventions
This document uses the following typographical conventions.
reboot(1M) An HP-UX manpage. reboot is the name and 1M is the section in the
HP-UX Reference. On the Web and on the Instant Information media,
it may be a hot link to the manpage itself. From the HP-UX command
line, you can enter “man reboot” or “man 1M reboot” to view the
manpage. See man(1) for more information.
Book Title The title of a book. On the web and on the Instant Information media,
it may be a hot link to the book itself.
KeyCap The name of a keyboard key. Return and Enter both refer to the same
key.
Emphasis Text that is emphasized.
Emphasis Text that is strongly emphasized.
Term The introduction of an important word or phrase.
ComputerOut Text displayed by the computer.
20
UserInput Commands and other text that you type.
Command A command name or qualified command phrase.
Variable The name of a variable that you may replace in a command or function
or information in a display that represents several possible values.
[ ] The contents are optional in formats and command descriptions.
{ } The contents are required in formats and command descriptions. If the
contents are a list separated by |, you must choose one of the items
. . . The preceding element may be repeated an arbitrary number of times.
| Separates items in a list of choices.
Part I Protecting Systems
One critical factor in enterprise security is system minimization and hardening. HP-UX 11i offers
a set of security features designed to address known and unknown vulnerabilities by running
only the services that are needed, thus minimizing a potential point of attack.
This section discusses the following HP-UX tools that protect a system against an attack, and
detect and react to threats:
• Installing the HP-UX operating environment securely (Chapter 1)
• Administering user and system security (Chapter 2)
• Standard Mode Security Extensions (Chapter 3)
• Remote access security administration (Chapter 4)
21
22
1 Installing the HP-UX Operating Environment Securely
This chapter describes security considerations related to the boot and installation
processes, including the following topics:
• Installation security considerations (Section 1.1)
• Preventing security breaches during the boot process (Section 1.2)
• Enable login security for root (Section 1.3)
• Using boot authentication to prevent unauthorized access (Section 1.4)
• Setting Install-Time Security options (Section 1.5)
• Installing security patches (Section 1.6)
• Postinstallation security tips for backup and recovery (Section 1.7)
1.1 Installation Security Considerations
Before you install or update to a new operating system or new software, make a practice
of addressing security considerations. Make the following security measures part of your
preparation for installation:
• Review the contents of your media kit. Read the Release Notes and other related
information at the Business Support Center:
http://www.hp.com/go/hpux-core-docs
Click HP-UX 11i v3.
• Decide which software you need and which you do not need. Do not install
unnecessary software. Consult other chapters of this document for help deciding on
security software products.
• Disconnect or disengage your system from the network, especially from a public
network, until your security modifications are complete. Consider what, if any,
security level you would like to deploy with. See Section 1.5 for more information.
• Make sure the system console is physically protected and your LAN console is either
disconnected, or used only through a network where clear-text-protocols like telnet
are allowed/protected. This is an important security consideration. Restricting access
to the system console helps prevent unauthorized persons from changing the security
settings of your system.
• Install the latest patches, especially security patches. See Section 1.6 for more
information.
• Maintain a backup and recovery system. See Section 1.7 for more information.
1.2 Preventing Security Breaches During the Boot Process
Security breaches can occur during the boot sequence. The boot process can be
interrupted, allowing an unauthorized person to access the system. If certain system files
1.1 Installation Security Considerations 23
are altered incorrectly or maliciously before the reboot, the system can have problems
during and after the reboot. Therefore, perform these preventative tasks:
• Make sure the system and system console are physically secure and that only
authorized users have access.
• Enable the boot authentication feature to allow only specified users to boot the
system to single user mode. See Section 1.4.
• Make sure system files are write protected; some might need to be read protected.
Following is a summary of the boot sequence that occurs when you turn on or reset the
computer. See HP-UX System Administrator's Guide: Routine Management Tasks for more
information on the boot sequence.
1. During booting, there is about a 10-second wait that allows you to override the
automatic boot sequence. At this point, an intruder can interrupt the boot sequence
and enter the system.
You can gain root access when you interrupt the boot sequence by pressing any
key. The ISL prompts you for a command. Entering the following command causes
the system to be in single-user mode:
ISL> hpux -is
If you are not using boot authentication, a user can then log in as root with no
password.
Boot authentication allows only specified users to log in as root.
2. If the boot sequence is not interrupted, the initialization process continues.
3. HP-UX goes through its initialization process and begins normal operation, ready
for login. At this point another security breach can occur if an intruder has already
gained root access.
If an intruder interrupts the boot process, they have gained root access to the system and
theoretically own the system. This ownership allows them to make changes to the system
through a great number of mechanisms.
1.3 Enable Login Security for root
Many network protocols such as rlogind and telnetd do not encrypt network
communication, making it easy for an intruder to sniff the administrative passwords from
the network. Try to minimize the usage of these nonsecure protocols.
To prevent an administrative login through such a protocol, you can use the /etc/
securetty file to limit logging in to the root account only through the system console.
For instance, to restrict root logins to only the console, create the/etc/security file
with a single line consisting of console. For more information, see login(1).
24 Installing the HP-UX Operating Environment Securely
1.4 Using Boot Authentication to Prevent Unauthorized Access
The boot authentication feature protects single-user mode boot with password
authentication. It makes it possible to configure a system so that only authorized users
are allowed to boot the machine into single-user mode. The boot authentication feature
must be enabled before you reboot the system.
Boot authentication is configured by two attributes in the /etc/default/security
file:
• BOOT_AUTH enables or disables boot authentication. Specify BOOT_AUTH=1 to
enable boot authentication. By default, authentication is disabled (BOOT_AUTH=0).
• BOOT_USERS defines who can log in as root when the boot authentication feature
is enabled. The names listed in BOOT_USERS are separated by commas. For
example:
BOOT_USERS=root,mary,jack,amy,jane
BOOT_USERS=root is the default value.
The /etc/default/security configuration file is explained in Chapter 2 and in
security(4).
1.5 Setting Install-Time Security Options
The Install-Time Security (ITS) options allow you to configure an HP-UX Bastille security
lockdown engine, which can include an HP-UX IPFilter firewall. After system installation
is complete, it will have one of the preconfigured levels of security.
During installation, you can choose from four preconfigured levels of security:
Sec00Tools Install the security infrastructure but without enabling optional security
features. This is the default.
Sec10Host Install a host-based lockdown system, without HP-UX IPFilter firewall
configuration. With this level of security, most network services are
disabled. These services can be reinstated by running the bastille(1M)
command.
Sec20MngDMZ Install a managed lockdown system that blocks most incoming traffic
with an HP-UX IPFilter firewall.
Sec30DMZ Install a DMZ Full lockdown system, which is a host-based and IPFilter
network lockdown. HP-UX IPFilter blocks almost all incoming
connections.
For information on ITS and HP-UX Bastille, see the HP-UX Bastille User Guide:
www.hp.com/go/hpux-security-docs
Click HP-UX Bastille Software.
For information on HP-UX IPFilter, see the HP-UX IPFilter Administrator's Guide:
1.4 Using Boot Authentication to Prevent Unauthorized Access 25
www.hp.com/go/hpux-security-docs
Click HP-UX IPFilter Software.
1.6 Installing Security Patches
Immediately after installation, apply the required and recommended patches using HP-UX
Software Assistant (SWA).
SWA is a command-line-based tool that consolidates and simplifies patch management
and security bulletin management on HP-UX systems. The SWA tool replaces Security
Patch Check (SPC), and is the HP-recommended utility to use to maintain currency with
HP-published security bulletins for HP-UX software.
NOTE: Use of the Software Assistant software tool can help improve system security,
but it does not guarantee system security.
For more information on SWA, see the HP-UX Software Assistant System Administration
Guide:
www.hp.com/go/hpux-security-docs
Click HP-UX Software Assistant (SWA) Software.
1.7 Postinstallation Security Tips for Backup and Recovery
After the system is running, you must still maintain its security. Be diligent in maintaining
system backup and recovery files. Following are some guidelines:
• Use only the fbackup and frecover commands to back up and recover files
selectively. Only fbackup and frecover retain access control lists (ACLs). Use
the -A option of these commands when backing up and recovering files for use on
systems that do not implement ACLs. See fbackup(1M) and frecover(1M).
• If you plan to recover the files to another system, be sure that the user's user name
and group name on both systems are consistent.
• Remember that the backup media is sensitive material. Allow access to the media
only on the basis of proven need.
• Label backup tapes and store them securely. Offsite storage provides maximum
security. Keep archives for a minimum of 6 months, and then recycle the media.
• Perform daily incremental and full weekly backups.
Synchronize the backup schedule with the information flow in your organization.
For example, if a major database is updated every Friday, you might want to
schedule the weekly backup on Friday evenings.
• If you must back up all files on schedule, request that all users log off before
performing the backup. The fbackup command warns you if a file is changing
while the backup is being performed.
26 Installing the HP-UX Operating Environment Securely
• Examine the log file of latest backups to identify problems occurring during backup.
Set restrictive permissions on the backup log file.
• Be aware that the frecover command allows you to overwrite a file. However,
the file retains the permissions and ACLs set when the file was backed up.
• Test the recovery process beforehand to make sure you can fully recover data in the
event of an emergency.
• When recovering files from another machine, you might have to execute the chown
command to set the user ID and group ID for the system on which they now reside,
if the user and group do not exist on the new system. If files are recovered to a new
system that does not have the specified group, the files will take on the group
ownership of the person running the frecover command. If the owner and group
names have different meanings on different systems, recovery results might be
unexpected and not what you wanted.
• Although a power failure should not cause file loss, if someone reports a lost file
after a power failure, look for it in the /lost+found directory before restoring it
from a backup tape.
• To verify contents of the tape being recovered, use the -I option of the frecover
command to preview the index of files on the tape. Existing permissions of a file
system are kept intact by the backup. The frecover command prevents you from
reading the file if the permissions on the file forbid it.
• Never recover in place any critical files, such as /etc/passwd or those in /tcb/
files. Instead, restore the file to a temporary directory (do not use /tmp), and
give this directory permissions drwx------, preventing anyone else from using it.
Compare the restored files with those to be replaced. Make any necessary changes.
• Be sure to turn auditing on. Auditing is not enabled automatically when you have
recovered the system.
1.7 Postinstallation Security Tips for Backup and Recovery 27
28
2 Administering User and System Security
This chapter addresses basic user security after the operating system is installed. It focuses
on logins, passwords, and other user interactions with the system. The following topics
are discussed:
• Managing user access (Section 2.1)
• Authenticating users during login (Section 2.2)
• Authenticating users with PAM (Section 2.3)
• Managing passwords (Section 2.4)
• Defining system security attributes (Section 2.5)
• Handling setuid and setgid programs (Section 2.6)
• Preventing stack buffer overflow attacks (Section 2.7)
• Protecting unattended terminals and workstations (Section 2.8)
• Protecting against system access by remote devices (Section 2.9)
• Securing login banners (Section 2.10)
• Protecting the root account (Section 2.11)
2.1 Managing User Access
Authorized users gain access to the system by supplying a valid user name (login name)
and password. Each user is defined by an entry in the /etc/passwd file. Use the HP
System Management Homepage (HP SMH) to add, remove, deactivate, reactivate, or
modify a user account.
For more information about passwords, refer to passwd(4), passwd(1), and see
Section 2.4 in this document.
2.1.1 Monitoring User Accounts
Following are guidelines for monitoring user accounts:
• Regularly examine the output from the last, lastb, and who commands for unusual
logins.
• Verify that all users with accounts have a legitimate business need to access the
system.
• Be alert for multiple users sharing the same user account. Do not allow two users to
share the same user account.
• Verify that no user accounts share the same user ID (UID).
• Ensure that all accounts have secure passwords that change regularly.
• Verify that all user home directories have the appropriate permissions. Most home
directories have read access but no write access to other users. For better protection,
set the read, write, and execute permissions for the directory owner only.
2.1 Managing User Access 29
• Ensure that all users understand the security policies. Place a company security
policies file in each home directory.
• Examine the /etc/passwd file or other appropriate user database for unused
accounts, and especially for users who have left the company.
• Examine root accounts to see who has root access.
• Consider implementing HP-UX Role-based Access Control to minimize the risks
associated with multiple users having access to the root account. For more
information, see Chapter 8.
• Examine guest accounts to see how often they are used.
2.1.2 Monitoring Guest Accounts
For the highest level of security, do not allow guest or open accounts. If you do have
guest accounts, then do the following:
• Change the guest password frequently. You can specify the password.
• Use a restricted shell (rsh) to limit system access. For information about the rsh
command, refer to sh(1) and sh-posix(1).
• Guest accounts are often forgotten. Use one of the following methods to disable the
guest account when not in use:
— Use per-user security attributes to automatically disable the account after a certain
number of inactive days. For more information, refer to security(4) and see
Section 2.5.2.2.
— Use the following command to lock the guest account:
# passwd -l guest
— Use the following command to delete the guest account:
# userdel guest
• Schedule an at job to automatically lock temporary accounts:
# at now +14 days passwd -l tempacct
• Regularly scan the /var/adm/wtmp and /var/adm/sulog files to check for
unused accounts.
Refer to sh(1) and su(1) for more information.
2.1.3 Creating Application User Accounts
If users only use HP-UX to launch an application, they do not require access to a shell.
These users should only be using the application, such as a database management
system, and not need access to any HP-UX functionality.
To restrict access to HP-UX, modify the /etc/passwd file so that only a specific command
is executed after the user logs in. The /etc/passwd file contains essential information
required during login:
30 Administering User and System Security
Loading...