SlideShare uma empresa Scribd logo

HP-UX RBAC Audsys Setup by Dusan Baljevic

Transferir como DOC, PDF
Circling Cycle
Circling Cycle

HP-UX RBAC Audsys Setup

Tecnologia
1 de 16
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 HP-UX 11i Preliminary RBAC and Auditing Setup Page 1
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 Document Information Document Name: HP-UX 11i Preliminary RBAC Auditing Assessment and Setup October 2012 Document Version No: Dusan Baljevic Prepared By: 1.1 Preparation Date: 8 October 2012 Distribution List From Date Phone/Fax Dusan Baljevic 8 October 2012 0412 041 715 To Action* Due Date Phone/Fax Inform Action Types: Approve, Review, Inform, File, Action Required, Attend Meeting, Other (please specify) Modification History Version Owner Date Description 1.0 Dusan Baljevic 8 October 2012 New document 1.1 Dusan Baljevic 22 October 2012 Updates 1. Introduction.....................................................................................................................................4 2. SSH with RBAC and Keystroke Logging............................................................................................5 Page 2
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 3. RBAC Setup with Privileged Shell.....................................................................................................6 4. Basic Security Recommendations....................................................................................................7 5. HP-UX Auditing Setup......................................................................................................................8 6. Disable HP-UX Auditing..................................................................................................................10 7. View Audit Logs.............................................................................................................................11 8. Web-Based Audit Reporting..........................................................................................................13 9. General Guidelines for HP-UX Auditing.........................................................................................15 Page 3
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 1. 2012 Introduction This document serves as a template for setting up basic Role Based Access Control (RBAC), keystroke logging, and auditing, as per brief requirements provided by XYZ. The scope of the project can be extended in the future. Page 4
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2. 2012 SSH with RBAC and Keystroke Logging Starting with the HP-UX RBAC B.11.31.05.01 and HP-UX SSH A.05.90 releases, keystroke logging when enabled now will successfully create a keystroke log file for a SSH login session. The HP-UX RBAC Keystroke logging feature is only supported on HP-UX 11iv3. Installation of RBAC release B.11.31.05.01 installs RBACExt and RBAC patch: # swlist -l product |grep -i rbac PHCO_41859 1.0 rbac cumulative patch RBAC B.11.31 HP-UX Role-based Access Control RBACExt B.11.31.05.01 HP-UX Role-based Access Control Extensions The steps to configure RBAC keystroke logging for SSH sessions: • Add libpam_keystroke.so.1 library to 'sshd' service. Note: it can be added to other services as needed: # vi /etc/pam.conf ... # Session management # sshd session required sshd session required sshd session optional • libpam_hpsec.so.1 libpam_unix.so.1 libpam_keystroke.so.1 Modify RBAC configuration file rbac.conf to support keystroke logging and define logging location: # vi /etc/rbac/rbac.conf ... # Keystroke Logging enabled: If this flag is set to 1, then keystroke # logging is enabled on the system, otherwise it is disabled. KEY_STROKE_LOGGING = 1 # Location of keystroke log file: An administrator may specify the # directory location in where the keystroke logs should reside. # If this location is not specified, the default is "/var/adm/rbac". KEY_STROKE_LOCATION = /var/adm/rbac # Banner page logging: The banner page will be logged if the below # flag set to 1; otherwise, it will not be captured in the log file. # The default is to omit the banner. KEY_STROKE_BANNERPAGE_LOG_ENABLE = 1 • Set key filter. An example: # vi /etc/rbac/key_filter newadm:*:dflt:dflt:ks_all • Ssh into the server as user newadm and run some commands. • Check log file. For example, for user newadm: # more /var/adm/rbac/klog-newadm-ssh-Mon_Oct_22_2012_12:41:16-8933 Page 5
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 3. • 2012 RBAC Setup with Privileged Shell Create a new system administrator account and set the Shell as /usr/bin/privsh or /usr/bin/privksh (depending on the company’s policy of default Shells): # groupadd wheel # useradd -g wheel -s /usr/bin/privksh -m newadm # passwd newadm # roleadm assign newadm Administrator # cat /etc/rbac/user_role root: Administrator newadm: Administrator • Set up commands that newadm will be allowed through RBAC in command file /etc/rbac/cmd_priv: # vi /etc/rbac/cmd_priv For example, enable these lines to add new users: /usr/sbin/useradd :0/0// :dflt :dflt :dflt : • :dflt :(hpux.user.add,*) The permissions of the RBAC command file must not be restrictive to allow read access: # ls -als /etc/rbac/cmd_priv 48 -r--r--r-- • 1 root sys 18546 Feb 10 2011 /etc/rbac/cmd_priv To test it, log in as user newadm and try to add a new user: newadm$ useradd myfriend privksh: useradd: not found newadm$ /usr/sbin/useradd myfriend The last command is successful because full path to command is used. Page 6
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 4. 2012 Basic Security Recommendations Some very simple recommendations follow. More comprehensive report can be provided as part of a separate engagement. • To disable direct root access unless logged via console. Set up file /etc/securetty with one line in it: console • Disable direct root access via ssh. Edit /etc/opt/ssh/sshd_config: PermitRootLogin no • Disable all insecure protocols in /etc/inetd.conf. The security can further be increased by editing /var/adm/inetd.sec. • To restrict who can su(1M) to root: edit /etc/default/security: SU_ROOT_GROUP=wheel Then, simply add all admin accounts to Unix group wheel. The name of Unix group is arbitrary (historically set to wheel). • Root’s home directory should be /root, not / (which should be restricted through permissions 700). • Daemon flags for inetd to set up correctly in /etc/rc.config.d/netdaemons (flag "-p" to limit number of processes). • Daemon flags for inetd to set up correctly in /etc/rc.config.d/netdaemons (flag "-a" to enable user-level auditing of processes). • Daemon flags for inetd to set up correctly in /etc/rc.config.d/netdaemons (flag "-l" to enable logging). • Account root is set up with password expiration. • And many other possible improvements. Page 7
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 5. 2012 HP-UX Auditing Setup To enable auditing on the HP-UX 11i system, follow these steps: 1. To audit all users, set the following in /etc/default/security: AUDIT_FLAG=1 Or, to enable auditing per user, the userdbset(1M) command can be used: # userdbset -u newadm AUDIT_FLAG=1 (enable auditing for newadm) # userdbset –d -u newadm AUDIT_FLAG (disable auditing for newadm) 2. Create customized auditing configuration file /etc/audit/audit_site.conf (it is one single line). The list of events can be more comprehensive – it depends on business requirements: PROFILE XYZ = EVENT login, EVENT moddac, EVENT create, EVENT delete, EVENT modaccess, EVENT open, EVENT close, EVENT admin PROFILE Supplement = EVENT readdac, EVENT process, EVENT removable 3. To audit according to policy XYZ, enter the following command: # audevent -P -F -r XYZ 4. Use the audevent(1M) command with no options to display a list of events and system calls that are currently configured for auditing. 5. Set the audevent(1M) /etc/rc.config.d/auditing file: AUDITING=1 PRI_AUDFILE=/var/.audit/audtrail PRI_SWITCH=1000 SEC_AUDFILE=* SEC_SWITCH=0 NTHREADS=1 AUDEVENT_ARGS1="-P -F -r XYZ" AUDEVENT_ARGS2="" AUDEVENT_ARGS3="" AUDEVENT_ARGS4="" AUDOMON_ARGS="-p 20 -t 1 -w 90 -o /var/adm/syslog/syslog.log -X '/usr/bin/scp -R /var/.audit/audtrail* remsrv:/var/.audit/auditbackup'" The last line above creates a specific syslog entry and then copies audit logs to remsrv into /var/.audit/audit-backup directory whenever a new audit trail file is created. The maximum size of the primary audit trail (log file) is based on observed monitoring of the activity on the server: PRI_SWITCH=1000 (the size is in Kbytes) 6. Start the auditing system, or reboot the server: # /sbin/init.d/auditing start Page 8
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 7. The entries in /var/adm/syslog/syslog.log look like: audit system approaching AuditFileSwitch point. current audit trail size = 905 kilobytes. Use -X option to schedule a task at each switch point to archive and backup current audit trail, and make sure file system not to become full. audomon: auto-switch to /var/.audit/audtrail.20121022_1220 was successful. audomon: auto-switch to /var/.audit/audtrail.20121022_1221 was successful. 8. To check the current auditing status, after some activity on the server, it might look like: # audsys auditing system is currently on current trail: /var/.audit/audtrail.20121022_1221 next trail: none statisticsafs Kb used Kb avail % fs Kb used Kb avail % current trail: 1000 703 30 12288000 5643048 54 next trail: none auditing system is actively writing to 1 file(s) # ps -ef | grep audomon root 3151 1 0 12:04:08 ? 0:00 /usr/sbin/audomon -p 20 -t 1 -w 90 -o /var/adm/syslog/syslog.log # ll /var/.audit total 0 drwx-----drwx-----drwx------ 2 root 2 root 2 root sys sys sys 96 Oct 22 12:04 audtrail 96 Oct 22 12:20 audtrail.20121022_1220 96 Oct 22 12:21 audtrail.20121022_1221 The audit trails (binary log files) are automatically created once the maximum size/threshold is reached. There is no need to run a script or cron job for it. Page 9
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 6. 2012 Disable HP-UX Auditing To disable auditing on the system, follow these steps: 1. Stop system auditing using the following command: # audsys -f 2. Set the AUDITING flag to 0 in the /etc/rc.config.d/auditing file to prevent the auditing system from starting when the system is rebooted. 3. (Optional) Stop the audomon daemon. One method: # kill `ps -e | awk '$NFS~ /audomon/ {print $1}'` Page 10
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 7. 2012 View Audit Logs The audisp(1M) command will be obsolete in a future release. Invoking /usr/sbin/auditdp -r audit_trail produces the same output as /usr/sbin/audisp audit_trail. The following options are available with the audisp command: -f -p -c system_call -t -s -u user-name -l terminal-name -e event-name > file-name Displays failed events only Displays successful events only. Displays the selected system call Display events that occurred after the given time Displays events that occurred before the given time Displays information for a specific user Displays information for a specific terminal Displays information for the given event Writes output to specified file It can take a few minutes to prepare the record for viewing when working with large audit logs. When viewing the audit data, be aware of the following anomalies: • Audit data can appear inaccurate when programs that collect data for auditable system calls supply incorrect parameters. The audit data shows what the user program passed to the kernel. For example, calling the kill system call with no parameters produces unpredictable values in the parameter section of the audit record. • System calls that take file name arguments may not have device and inode information properly recorded. The values will be -1 if the call does not complete successfully. • Auditing the superuser while changing the event or system call audit parameters will result in a long audit record. For example, when you add an event type to be audited, a record will be produced for each event type and system call that has been enabled for audit, not just for the new event type being added. Some examples of commands: • Display the log output on the screen: # /usr/sbin/audisp /var/.audit/audtrail/spu0.log • Direct the log output to /tmp/mylogoutput: # /usr/sbin/audisp /var/.audit/audtrail/spu0.log > /tmp/mylogoutput • View successful events only: # /usr/sbin/audisp -p /var/.audit/audtrail/spu0.log • View activities owned by user newadm: # /usr/sbin/audisp -u newadm /var/.audit/audtrail.20121022_1237 • View login events only: Page 11
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 # /usr/sbin/audisp -e login /var/.audit/audtrail.20121022_1220 The better command is auditdp(1M) in the newer versions of auditing. An example for login auditing: # auditdp -r /var/.audit/audtrail.20121022_1220 -s "+event=login" Example of exporting auditing trail to standard output and appending the same data into syslog: # auditdp -r /var/.audit/audtrail.20121022_1220 -P -o follow -O sync | /opt/audit/AudReport/bin/audit_p2l | tee -a /var/adm/syslog/syslog.log Example of exporting auditing trail to file /tmp/myfile: # auditdp -r /var/.audit/audtrail.20121022_1220 -P -o follow -O sync | /opt/audit/AudReport/bin/audit_p2l >/tmp/myfile Page 12
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 8. 2012 Web-Based Audit Reporting Note that these scripts in /opt/audit/AudReport directory, depending on the version of the software installed on HP-UX servers, might need minor modifications! Modify the Shell script /opt/audit/AudReport/bin/audreport_setup_web # vi /opt/audit/AudReport/bin/audreport_setup_web The following four lines had to be changed on my test server: HTPASSWD_EXE=/opt/hpws22/apache/bin/htpasswd APACHE_CTL=/opt/hpws22/apache/bin/apachectl HTTPD_CONF=/opt/hpws22/apache/conf/httpd.conf /sbin/init.d/hpws22_apache start The original ones were: HTPASSWD_EXE=/opt/hpws/apache/bin/htpasswd APACHE_CTL=/opt/hpws/apache/bin/apachectl HTTPD_CONF=/opt/hpws/apache/conf/httpd.conf /sbin/init.d/hpws_apache start Secondly, ensure that Apache web server is started: # vi /etc/rc.config.d/hpws22_apacheconf HPWS22_APACHE_START=1 Then, simply run: # /opt/audit/AudReport/bin/audreport_setup_web By default, the username to access the web reports is: # cat /var/opt/audit/AudReport/.htpasswd audreport_admin:Rd4heCHXvEWh2 # /opt/audit/AudReport/bin/audreport_generator NOTE: HTTP_ALIAS is not specified. Assuming /audreport_web. NOTE: REPORTS_FILENAME is not specified. Assuming index.html. NOTE: REPORTS_LOCATION is not specified. Assuming /var/opt/audit/AudReport. NOTE: STYLESHEETS_LOCATION is not specified. Assuming /opt/audit/AudReport/xslts. NOTE: REPORT_STYLE is not specified for the report "passwd_change_history". Assuming audreport_generic.xsl. NOTE: REPORT_STYLE is not specified for the report "user_account_history". Assuming audreport_generic.xsl. NOTE: REPORT_STYLE is not specified for the report "file_ownership_change_history". Assuming audreport_generic.xsl. Generating reports ...... Generated reports are now available at: http://<hostname>/audreport_web/index.html Here is a screenshot of a web-based report: Page 13
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 Page 14
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 9. 2012 General Guidelines for HP-UX Auditing • Check the audit logs according to the security policy. For example, a security policy might state that an online audit file should be retained for at least 24 hours and all audit records stored offline should be retained for a minimum of 30 days. • Review the audit log for unusual activities, such as: late hours login, login failures, failed access to system files, and failed attempts to perform security-relevant tasks. • Prevent the overflow of the audit file by archiving on a regular basis. • Ensure that when the required data retention period has ended, the logs are retired by destroying them according to the organization's data destruction policies. • Revise current selectable events periodically, especially after installing new releases of HP-UX, since new system calls are often introduced in new releases. • Revise audited users periodically. • Do not follow any pattern or schedule for event or user selection. • Audit trails (binary log files) must never be part of root file system (/). Typically, they should be saved under /var. • Set site guidelines. Involve users and management in determining these guidelines. • If the audit data volume is expected to be high, configure audit trails on a logical volume consisting of multiple physical disks and multiple physical I/O cards. Use the -N option with audsys command to split the audit trail into multiple files. • Frequently accessed data, such as production data, must be available online. Data not requiring as frequent or ready access such as back-up data can be stored off-line. Use the auditdp command to filter on-line data to remove unnecessary information. This enables you to keep the audit file at a manageable size and keep the less interesting information in off-line, backup storage. For example, use auditdp to filter only login and logout events from one month’s audit trail. If you need to access other records, you can recover them from off-line backup tapes. • Ensuring the confidentiality, integrity, and availability of logs is very important: 1 2 3 4 5 Logging mechanisms must neither be deactivated nor compromised to provide business continuity of logging services in the event of an incident. Ensure that log files cannot be edited or deleted. Generally only administrators and auditors must have access to log files for review and management only. All privileged user (the administrator and auditor) access must be logged and reviewed thoroughly and frequently by others outside that user domain. 6 Page 15
HP-UX 11iv3 Preliminary RBAC and Auditing Setup 7 8 9 0 1 10 0 1 2012 Communications must be protected with mechanisms such as encryption (for example, HP-UX IPSec and SSL). Protect the confidentiality and integrity of log files using either message digests or encryption or digital signatures. Provide adequate physical protection for logging mechanisms and stored logs by preventing unauthorized physical access. Page 16

Recomendados

Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Active directory domain and trust
Active directory domain and trustActive directory domain and trust
Active directory domain and trustChinmoy Jena
 
CLOUD COMPUTING_proposal
CLOUD COMPUTING_proposalCLOUD COMPUTING_proposal
CLOUD COMPUTING_proposalLaud Randy Amofah
 
client server protocol
client server protocolclient server protocol
client server protocolbmuhire
 
Cloud adoption and rudiments
Cloud adoption and rudimentsCloud adoption and rudiments
Cloud adoption and rudimentsgaurav jain
 
Cloud computing 8 cloud service models
Cloud computing 8 cloud service modelsCloud computing 8 cloud service models
Cloud computing 8 cloud service modelsVaibhav Khanna
 
Kerberos
KerberosKerberos
KerberosSudeep Shouche
 

Recomendados

Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
AAA & RADIUS Protocols
AAA & RADIUS ProtocolsAAA & RADIUS Protocols
AAA & RADIUS ProtocolsPeter R. Egli
 
Active directory domain and trust
Active directory domain and trustActive directory domain and trust
Active directory domain and trustChinmoy Jena
 
CLOUD COMPUTING_proposal
CLOUD COMPUTING_proposalCLOUD COMPUTING_proposal
CLOUD COMPUTING_proposalLaud Randy Amofah
 
client server protocol
client server protocolclient server protocol
client server protocolbmuhire
 
Cloud adoption and rudiments
Cloud adoption and rudimentsCloud adoption and rudiments
Cloud adoption and rudimentsgaurav jain
 
Cloud computing 8 cloud service models
Cloud computing 8 cloud service modelsCloud computing 8 cloud service models
Cloud computing 8 cloud service modelsVaibhav Khanna
 
Kerberos
KerberosKerberos
KerberosSudeep Shouche
 
IBM Notes Traveler administration and Log troubleshooting tips
IBM Notes Traveler administration and Log troubleshooting tipsIBM Notes Traveler administration and Log troubleshooting tips
IBM Notes Traveler administration and Log troubleshooting tipsjayeshpar2006
 
Protocolos FTP y SFTP
Protocolos FTP y SFTPProtocolos FTP y SFTP
Protocolos FTP y SFTPJose Felix Moran Agusto
 
Virtualization for Cloud Environment
Virtualization for Cloud EnvironmentVirtualization for Cloud Environment
Virtualization for Cloud EnvironmentDr. Sunil Kr. Pandey
 
Cloud interoperability
Cloud interoperabilityCloud interoperability
Cloud interoperabilitygaurav jain
 
Cloud interoperability
Cloud interoperabilityCloud interoperability
Cloud interoperabilitygaurav jain
 
Introduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesIntroduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesRadovan Semancik
 
[Noel] Azure AD Connect Technical Deep Dive
[Noel] Azure AD Connect Technical Deep Dive[Noel] Azure AD Connect Technical Deep Dive
[Noel] Azure AD Connect Technical Deep DiveEuropean Collaboration Summit
 
Seguridad wifi
Seguridad wifiSeguridad wifi
Seguridad wifiunrealjuanka_
 
Distributed file system
Distributed file systemDistributed file system
Distributed file systemNaza hamed Jan
 
Types of Servers - Basic Differences
Types of Servers - Basic DifferencesTypes of Servers - Basic Differences
Types of Servers - Basic DifferencesVR Talsaniya
 
Big Data & The Cloud
Big Data & The CloudBig Data & The Cloud
Big Data & The CloudAmazon Web Services
 
cloud computing: Vm migration
cloud computing: Vm migrationcloud computing: Vm migration
cloud computing: Vm migrationDr.Neeraj Kumar Pandey
 
Azure WebApp Deployment Slots
Azure WebApp Deployment Slots Azure WebApp Deployment Slots
Azure WebApp Deployment Slots Ebru Cucen Çüçen
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Testing under cloud
Testing under cloudTesting under cloud
Testing under cloudgaurav jain
 
Virtualization- Cloud Computing
Virtualization- Cloud ComputingVirtualization- Cloud Computing
Virtualization- Cloud ComputingNIKHILKUMAR SHARDOOR
 
CLOUD STORAGE.pptx
CLOUD STORAGE.pptxCLOUD STORAGE.pptx
CLOUD STORAGE.pptxRuturajJadhav25
 
Assignment on windows firewall
Assignment on windows firewallAssignment on windows firewall
Assignment on windows firewallMd Shihab
 
HP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan Baljevic
HP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan BaljevicHP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan Baljevic
HP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan BaljevicCircling Cycle
 
Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014
Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014
Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014Circling Cycle
 
Hp Integrity Servers
Hp Integrity ServersHp Integrity Servers
Hp Integrity ServersEddy Jennekens
 
Superdome
SuperdomeSuperdome
Superdomesantossskm2006
 

Mais conteúdo relacionado

Mais procurados

IBM Notes Traveler administration and Log troubleshooting tips
IBM Notes Traveler administration and Log troubleshooting tipsIBM Notes Traveler administration and Log troubleshooting tips
IBM Notes Traveler administration and Log troubleshooting tipsjayeshpar2006
 
Virtualization for Cloud Environment
Virtualization for Cloud EnvironmentVirtualization for Cloud Environment
Virtualization for Cloud EnvironmentDr. Sunil Kr. Pandey
 
Cloud interoperability
Cloud interoperabilityCloud interoperability
Cloud interoperabilitygaurav jain
 
Cloud interoperability
Cloud interoperabilityCloud interoperability
Cloud interoperabilitygaurav jain
 
Introduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesIntroduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesRadovan Semancik
 
Distributed file system
Distributed file systemDistributed file system
Distributed file systemNaza hamed Jan
 
Types of Servers - Basic Differences
Types of Servers - Basic DifferencesTypes of Servers - Basic Differences
Types of Servers - Basic DifferencesVR Talsaniya
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Chad Lawler
 
Testing under cloud
Testing under cloudTesting under cloud
Testing under cloudgaurav jain
 
Assignment on windows firewall
Assignment on windows firewallAssignment on windows firewall
Assignment on windows firewallMd Shihab
 

Mais procurados (18)

IBM Notes Traveler administration and Log troubleshooting tips
IBM Notes Traveler administration and Log troubleshooting tipsIBM Notes Traveler administration and Log troubleshooting tips
IBM Notes Traveler administration and Log troubleshooting tips
 
Protocolos FTP y SFTP
Protocolos FTP y SFTPProtocolos FTP y SFTP
Protocolos FTP y SFTP
 
Virtualization for Cloud Environment
Virtualization for Cloud EnvironmentVirtualization for Cloud Environment
Virtualization for Cloud Environment
 
Cloud interoperability
Cloud interoperabilityCloud interoperability
Cloud interoperability
 
Cloud interoperability
Cloud interoperabilityCloud interoperability
Cloud interoperability
 
Introduction to LDAP and Directory Services
Introduction to LDAP and Directory ServicesIntroduction to LDAP and Directory Services
Introduction to LDAP and Directory Services
 
[Noel] Azure AD Connect Technical Deep Dive
[Noel] Azure AD Connect Technical Deep Dive[Noel] Azure AD Connect Technical Deep Dive
[Noel] Azure AD Connect Technical Deep Dive
 
Seguridad wifi
Seguridad wifiSeguridad wifi
Seguridad wifi
 
Distributed file system
Distributed file systemDistributed file system
Distributed file system
 
Types of Servers - Basic Differences
Types of Servers - Basic DifferencesTypes of Servers - Basic Differences
Types of Servers - Basic Differences
 
Big Data & The Cloud
Big Data & The CloudBig Data & The Cloud
Big Data & The Cloud
 
cloud computing: Vm migration
cloud computing: Vm migrationcloud computing: Vm migration
cloud computing: Vm migration
 
Azure WebApp Deployment Slots
Azure WebApp Deployment Slots Azure WebApp Deployment Slots
Azure WebApp Deployment Slots
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
 
Testing under cloud
Testing under cloudTesting under cloud
Testing under cloud
 
Virtualization- Cloud Computing
Virtualization- Cloud ComputingVirtualization- Cloud Computing
Virtualization- Cloud Computing
 
CLOUD STORAGE.pptx
CLOUD STORAGE.pptxCLOUD STORAGE.pptx
CLOUD STORAGE.pptx
 
Assignment on windows firewall
Assignment on windows firewallAssignment on windows firewall
Assignment on windows firewall
 

Destaque

HP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan Baljevic
HP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan BaljevicHP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan Baljevic
HP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan BaljevicCircling Cycle
 
Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014
Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014
Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014Circling Cycle
 
Three CLI Methods to Find Console IP details on HP-UX by Dusan Baljevic
Three CLI Methods to Find Console IP details on HP-UX by Dusan BaljevicThree CLI Methods to Find Console IP details on HP-UX by Dusan Baljevic
Three CLI Methods to Find Console IP details on HP-UX by Dusan BaljevicCircling Cycle
 
Better Settings for /tmp Filesystem on HP-UX by Dusan Baljevic
Better Settings for /tmp Filesystem on HP-UX by Dusan BaljevicBetter Settings for /tmp Filesystem on HP-UX by Dusan Baljevic
Better Settings for /tmp Filesystem on HP-UX by Dusan BaljevicCircling Cycle
 
HP-UX 11i Log File Management with Logrotate by Dusan Baljevic
HP-UX 11i Log File Management with Logrotate by Dusan BaljevicHP-UX 11i Log File Management with Logrotate by Dusan Baljevic
HP-UX 11i Log File Management with Logrotate by Dusan BaljevicCircling Cycle
 
HP-UX 11i LVM Mirroring Features and Multi-threads by Dusan Baljevic
HP-UX 11i LVM Mirroring Features and Multi-threads by Dusan BaljevicHP-UX 11i LVM Mirroring Features and Multi-threads by Dusan Baljevic
HP-UX 11i LVM Mirroring Features and Multi-threads by Dusan BaljevicCircling Cycle
 
HP-UX with Rsync by Dusan Baljevic
HP-UX with Rsync by Dusan BaljevicHP-UX with Rsync by Dusan Baljevic
HP-UX with Rsync by Dusan BaljevicCircling Cycle
 
HPUX Update Seminar Session 1 Dan Taipala
HPUX Update Seminar Session 1 Dan TaipalaHPUX Update Seminar Session 1 Dan Taipala
HPUX Update Seminar Session 1 Dan Taipaladtaipala
 
How to Remove Primary Swap on HP-UX 11iv3 Online by Dusan Baljevic
How to Remove Primary Swap on HP-UX 11iv3 Online by Dusan BaljevicHow to Remove Primary Swap on HP-UX 11iv3 Online by Dusan Baljevic
How to Remove Primary Swap on HP-UX 11iv3 Online by Dusan BaljevicCircling Cycle
 
HP-UX Swap and Dump Unleashed by Dusan Baljevic
HP-UX Swap and Dump Unleashed by Dusan BaljevicHP-UX Swap and Dump Unleashed by Dusan Baljevic
HP-UX Swap and Dump Unleashed by Dusan BaljevicCircling Cycle
 
HP-UX 11iv3 Ignite-UX with NFSv4 and SSH Tunnel by Dusan Baljevic
HP-UX 11iv3 Ignite-UX with NFSv4 and SSH Tunnel by Dusan BaljevicHP-UX 11iv3 Ignite-UX with NFSv4 and SSH Tunnel by Dusan Baljevic
HP-UX 11iv3 Ignite-UX with NFSv4 and SSH Tunnel by Dusan BaljevicCircling Cycle
 
HP-UX - Patch Installation
HP-UX - Patch InstallationHP-UX - Patch Installation
HP-UX - Patch InstallationHemnath R.
 
HP-UX Dynamic Root Disk Boot Disk Cloning Benefits and Use Cases by Dusan Bal...
HP-UX Dynamic Root Disk Boot Disk Cloning Benefits and Use Cases by Dusan Bal...HP-UX Dynamic Root Disk Boot Disk Cloning Benefits and Use Cases by Dusan Bal...
HP-UX Dynamic Root Disk Boot Disk Cloning Benefits and Use Cases by Dusan Bal...Circling Cycle
 
HP Unix administration
HP Unix administrationHP Unix administration
HP Unix administrationHemnath R.
 
HP Superdome 2 Partitioning Administrator Guide HP-UX 11iv3(August 2010).PDF
HP Superdome 2 Partitioning Administrator Guide HP-UX 11iv3(August 2010).PDFHP Superdome 2 Partitioning Administrator Guide HP-UX 11iv3(August 2010).PDF
HP Superdome 2 Partitioning Administrator Guide HP-UX 11iv3(August 2010).PDFE. Balauca
 

Destaque (20)

HP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan Baljevic
HP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan BaljevicHP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan Baljevic
HP-UX 11iv3 How to Change Root Volume Group Name vg00 by Dusan Baljevic
 
Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014
Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014
Hp ux-11iv3-multiple-clones-with-dynamic-root-disks-dusan-baljevic-mar2014
 
Hp Integrity Servers
Hp Integrity ServersHp Integrity Servers
Hp Integrity Servers
 
Superdome
SuperdomeSuperdome
Superdome
 
Three CLI Methods to Find Console IP details on HP-UX by Dusan Baljevic
Three CLI Methods to Find Console IP details on HP-UX by Dusan BaljevicThree CLI Methods to Find Console IP details on HP-UX by Dusan Baljevic
Three CLI Methods to Find Console IP details on HP-UX by Dusan Baljevic
 
Better Settings for /tmp Filesystem on HP-UX by Dusan Baljevic
Better Settings for /tmp Filesystem on HP-UX by Dusan BaljevicBetter Settings for /tmp Filesystem on HP-UX by Dusan Baljevic
Better Settings for /tmp Filesystem on HP-UX by Dusan Baljevic
 
HP-UX 11i Log File Management with Logrotate by Dusan Baljevic
HP-UX 11i Log File Management with Logrotate by Dusan BaljevicHP-UX 11i Log File Management with Logrotate by Dusan Baljevic
HP-UX 11i Log File Management with Logrotate by Dusan Baljevic
 
HP-UX 11i LVM Mirroring Features and Multi-threads by Dusan Baljevic
HP-UX 11i LVM Mirroring Features and Multi-threads by Dusan BaljevicHP-UX 11i LVM Mirroring Features and Multi-threads by Dusan Baljevic
HP-UX 11i LVM Mirroring Features and Multi-threads by Dusan Baljevic
 
HP-UX with Rsync by Dusan Baljevic
HP-UX with Rsync by Dusan BaljevicHP-UX with Rsync by Dusan Baljevic
HP-UX with Rsync by Dusan Baljevic
 
HPUX Update Seminar Session 1 Dan Taipala
HPUX Update Seminar Session 1 Dan TaipalaHPUX Update Seminar Session 1 Dan Taipala
HPUX Update Seminar Session 1 Dan Taipala
 
How to Remove Primary Swap on HP-UX 11iv3 Online by Dusan Baljevic
How to Remove Primary Swap on HP-UX 11iv3 Online by Dusan BaljevicHow to Remove Primary Swap on HP-UX 11iv3 Online by Dusan Baljevic
How to Remove Primary Swap on HP-UX 11iv3 Online by Dusan Baljevic
 
HP-UX Swap and Dump Unleashed by Dusan Baljevic
HP-UX Swap and Dump Unleashed by Dusan BaljevicHP-UX Swap and Dump Unleashed by Dusan Baljevic
HP-UX Swap and Dump Unleashed by Dusan Baljevic
 
UX at HP Enterprise
UX at HP Enterprise UX at HP Enterprise
UX at HP Enterprise
 
HP-UX 11iv3 Ignite-UX with NFSv4 and SSH Tunnel by Dusan Baljevic
HP-UX 11iv3 Ignite-UX with NFSv4 and SSH Tunnel by Dusan BaljevicHP-UX 11iv3 Ignite-UX with NFSv4 and SSH Tunnel by Dusan Baljevic
HP-UX 11iv3 Ignite-UX with NFSv4 and SSH Tunnel by Dusan Baljevic
 
Provissioning storage
Provissioning storageProvissioning storage
Provissioning storage
 
HP-UX - Patch Installation
HP-UX - Patch InstallationHP-UX - Patch Installation
HP-UX - Patch Installation
 
HP-UX Dynamic Root Disk Boot Disk Cloning Benefits and Use Cases by Dusan Bal...
HP-UX Dynamic Root Disk Boot Disk Cloning Benefits and Use Cases by Dusan Bal...HP-UX Dynamic Root Disk Boot Disk Cloning Benefits and Use Cases by Dusan Bal...
HP-UX Dynamic Root Disk Boot Disk Cloning Benefits and Use Cases by Dusan Bal...
 
Unix Administration 1
Unix Administration 1Unix Administration 1
Unix Administration 1
 
HP Unix administration
HP Unix administrationHP Unix administration
HP Unix administration
 
HP Superdome 2 Partitioning Administrator Guide HP-UX 11iv3(August 2010).PDF
HP Superdome 2 Partitioning Administrator Guide HP-UX 11iv3(August 2010).PDFHP Superdome 2 Partitioning Administrator Guide HP-UX 11iv3(August 2010).PDF
HP Superdome 2 Partitioning Administrator Guide HP-UX 11iv3(August 2010).PDF
 

Semelhante a HP-UX RBAC Audsys Setup by Dusan Baljevic

CUBRID Developer's Course
CUBRID Developer's CourseCUBRID Developer's Course
CUBRID Developer's CourseCUBRID
 
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpPaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpNathan Handler
 
BeeGFS Training.pdf
BeeGFS Training.pdfBeeGFS Training.pdf
BeeGFS Training.pdfssusercbaa33
 
Dev-Jam 2019 - Container & OpenNMS
Dev-Jam 2019 - Container & OpenNMSDev-Jam 2019 - Container & OpenNMS
Dev-Jam 2019 - Container & OpenNMSRonny Trommer
 
Prometheus and Docker (Docker Galway, November 2015)
Prometheus and Docker (Docker Galway, November 2015)Prometheus and Docker (Docker Galway, November 2015)
Prometheus and Docker (Docker Galway, November 2015)Brian Brazil
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologySagi Brody
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetesWilliam Stewart
 
KACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting OverviewKACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting OverviewDell World
 
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 20161049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016panagenda
 
Melbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMelbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMatt Ray
 
quickguide-einnovator-10-redis-admin
quickguide-einnovator-10-redis-adminquickguide-einnovator-10-redis-admin
quickguide-einnovator-10-redis-adminjorgesimao71
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linuxVicent Selfa
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Serverswebhostingguy
 
TIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containersTIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containersThe Incredible Automation Day
 
Lab Document on HP ProLiant value add tools on Linux
Lab Document on HP ProLiant value add tools on LinuxLab Document on HP ProLiant value add tools on Linux
Lab Document on HP ProLiant value add tools on LinuxBruno Cornec
 
Asian Spirit 3 Day Dba On Ubl
Asian Spirit 3 Day Dba On UblAsian Spirit 3 Day Dba On Ubl
Asian Spirit 3 Day Dba On Ublnewrforce
 

Semelhante a HP-UX RBAC Audsys Setup by Dusan Baljevic (20)

CUBRID Developer's Course
CUBRID Developer's CourseCUBRID Developer's Course
CUBRID Developer's Course
 
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpPaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at Yelp
 
BeeGFS Training.pdf
BeeGFS Training.pdfBeeGFS Training.pdf
BeeGFS Training.pdf
 
Dev-Jam 2019 - Container & OpenNMS
Dev-Jam 2019 - Container & OpenNMSDev-Jam 2019 - Container & OpenNMS
Dev-Jam 2019 - Container & OpenNMS
 
The Domino 10 RHEL 7 Primer
The Domino 10 RHEL 7 PrimerThe Domino 10 RHEL 7 Primer
The Domino 10 RHEL 7 Primer
 
Prometheus and Docker (Docker Galway, November 2015)
Prometheus and Docker (Docker Galway, November 2015)Prometheus and Docker (Docker Galway, November 2015)
Prometheus and Docker (Docker Galway, November 2015)
 
Why Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container TechnologyWhy Managed Service Providers Should Embrace Container Technology
Why Managed Service Providers Should Embrace Container Technology
 
Kubernetes laravel and kubernetes
Kubernetes laravel and kubernetesKubernetes laravel and kubernetes
Kubernetes laravel and kubernetes
 
KACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting OverviewKACE Agent Architecture and Troubleshooting Overview
KACE Agent Architecture and Troubleshooting Overview
 
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 20161049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016
 
Melbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpecMelbourne Infracoders: Compliance as Code with InSpec
Melbourne Infracoders: Compliance as Code with InSpec
 
quickguide-einnovator-10-redis-admin
quickguide-einnovator-10-redis-adminquickguide-einnovator-10-redis-admin
quickguide-einnovator-10-redis-admin
 
Install and configure linux
Install and configure linuxInstall and configure linux
Install and configure linux
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Servers
 
Securing Apache Web Servers
Securing Apache Web ServersSecuring Apache Web Servers
Securing Apache Web Servers
 
TIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containersTIAD 2016 : Migrating 100% of your production services to containers
TIAD 2016 : Migrating 100% of your production services to containers
 
Lab Document on HP ProLiant value add tools on Linux
Lab Document on HP ProLiant value add tools on LinuxLab Document on HP ProLiant value add tools on Linux
Lab Document on HP ProLiant value add tools on Linux
 
Freeradius edir
Freeradius edirFreeradius edir
Freeradius edir
 
Asian Spirit 3 Day Dba On Ubl
Asian Spirit 3 Day Dba On UblAsian Spirit 3 Day Dba On Ubl
Asian Spirit 3 Day Dba On Ubl
 
Web server
Web serverWeb server
Web server
 

Mais de Circling Cycle

Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Circling Cycle
 
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-BaljevicHow to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-BaljevicCircling Cycle
 
Ovclusterinfo command by Dusan Baljevic
Ovclusterinfo command by Dusan BaljevicOvclusterinfo command by Dusan Baljevic
Ovclusterinfo command by Dusan BaljevicCircling Cycle
 
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan BaljevicUnix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan BaljevicCircling Cycle
 
HP-UX 11iv3 Private Kernel Parameter nfile by Dusan Baljevic
HP-UX 11iv3 Private Kernel Parameter nfile by Dusan BaljevicHP-UX 11iv3 Private Kernel Parameter nfile by Dusan Baljevic
HP-UX 11iv3 Private Kernel Parameter nfile by Dusan BaljevicCircling Cycle
 
HP-UX Dynamic Root Disk vs Solaris Live Upgrade vs AIX Multibos by Dusan Balj...
HP-UX Dynamic Root Disk vs Solaris Live Upgrade vs AIX Multibos by Dusan Balj...HP-UX Dynamic Root Disk vs Solaris Live Upgrade vs AIX Multibos by Dusan Balj...
HP-UX Dynamic Root Disk vs Solaris Live Upgrade vs AIX Multibos by Dusan Balj...Circling Cycle
 
Comparison of Unix and Linux Log File Management Tools by Dusan Baljevic
Comparison of Unix and Linux Log File Management Tools by Dusan BaljevicComparison of Unix and Linux Log File Management Tools by Dusan Baljevic
Comparison of Unix and Linux Log File Management Tools by Dusan BaljevicCircling Cycle
 

Mais de Circling Cycle (7)

Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
Brief summary-standard-password-hashes-Aix-FreeBSD-Linux-Solaris-HP-UX-May-20...
 
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-BaljevicHow to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
How to-mount-3 par-san-virtual-copy-onto-rhel-servers-by-Dusan-Baljevic
 
Ovclusterinfo command by Dusan Baljevic
Ovclusterinfo command by Dusan BaljevicOvclusterinfo command by Dusan Baljevic
Ovclusterinfo command by Dusan Baljevic
 
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan BaljevicUnix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
Unix and Linux Common Boot Disk Disaster Recovery Tools by Dusan Baljevic
 
HP-UX 11iv3 Private Kernel Parameter nfile by Dusan Baljevic
HP-UX 11iv3 Private Kernel Parameter nfile by Dusan BaljevicHP-UX 11iv3 Private Kernel Parameter nfile by Dusan Baljevic
HP-UX 11iv3 Private Kernel Parameter nfile by Dusan Baljevic
 
HP-UX Dynamic Root Disk vs Solaris Live Upgrade vs AIX Multibos by Dusan Balj...
HP-UX Dynamic Root Disk vs Solaris Live Upgrade vs AIX Multibos by Dusan Balj...HP-UX Dynamic Root Disk vs Solaris Live Upgrade vs AIX Multibos by Dusan Balj...
HP-UX Dynamic Root Disk vs Solaris Live Upgrade vs AIX Multibos by Dusan Balj...
 
Comparison of Unix and Linux Log File Management Tools by Dusan Baljevic
Comparison of Unix and Linux Log File Management Tools by Dusan BaljevicComparison of Unix and Linux Log File Management Tools by Dusan Baljevic
Comparison of Unix and Linux Log File Management Tools by Dusan Baljevic
 

Último

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Último (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

HP-UX RBAC Audsys Setup by Dusan Baljevic

  • 1. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 HP-UX 11i Preliminary RBAC and Auditing Setup Page 1
  • 2. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 Document Information Document Name: HP-UX 11i Preliminary RBAC Auditing Assessment and Setup October 2012 Document Version No: Dusan Baljevic Prepared By: 1.1 Preparation Date: 8 October 2012 Distribution List From Date Phone/Fax Dusan Baljevic 8 October 2012 0412 041 715 To Action* Due Date Phone/Fax Inform Action Types: Approve, Review, Inform, File, Action Required, Attend Meeting, Other (please specify) Modification History Version Owner Date Description 1.0 Dusan Baljevic 8 October 2012 New document 1.1 Dusan Baljevic 22 October 2012 Updates 1. Introduction.....................................................................................................................................4 2. SSH with RBAC and Keystroke Logging............................................................................................5 Page 2
  • 3. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 3. RBAC Setup with Privileged Shell.....................................................................................................6 4. Basic Security Recommendations....................................................................................................7 5. HP-UX Auditing Setup......................................................................................................................8 6. Disable HP-UX Auditing..................................................................................................................10 7. View Audit Logs.............................................................................................................................11 8. Web-Based Audit Reporting..........................................................................................................13 9. General Guidelines for HP-UX Auditing.........................................................................................15 Page 3
  • 4. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 1. 2012 Introduction This document serves as a template for setting up basic Role Based Access Control (RBAC), keystroke logging, and auditing, as per brief requirements provided by XYZ. The scope of the project can be extended in the future. Page 4
  • 5. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2. 2012 SSH with RBAC and Keystroke Logging Starting with the HP-UX RBAC B.11.31.05.01 and HP-UX SSH A.05.90 releases, keystroke logging when enabled now will successfully create a keystroke log file for a SSH login session. The HP-UX RBAC Keystroke logging feature is only supported on HP-UX 11iv3. Installation of RBAC release B.11.31.05.01 installs RBACExt and RBAC patch: # swlist -l product |grep -i rbac PHCO_41859 1.0 rbac cumulative patch RBAC B.11.31 HP-UX Role-based Access Control RBACExt B.11.31.05.01 HP-UX Role-based Access Control Extensions The steps to configure RBAC keystroke logging for SSH sessions: • Add libpam_keystroke.so.1 library to 'sshd' service. Note: it can be added to other services as needed: # vi /etc/pam.conf ... # Session management # sshd session required sshd session required sshd session optional • libpam_hpsec.so.1 libpam_unix.so.1 libpam_keystroke.so.1 Modify RBAC configuration file rbac.conf to support keystroke logging and define logging location: # vi /etc/rbac/rbac.conf ... # Keystroke Logging enabled: If this flag is set to 1, then keystroke # logging is enabled on the system, otherwise it is disabled. KEY_STROKE_LOGGING = 1 # Location of keystroke log file: An administrator may specify the # directory location in where the keystroke logs should reside. # If this location is not specified, the default is "/var/adm/rbac". KEY_STROKE_LOCATION = /var/adm/rbac # Banner page logging: The banner page will be logged if the below # flag set to 1; otherwise, it will not be captured in the log file. # The default is to omit the banner. KEY_STROKE_BANNERPAGE_LOG_ENABLE = 1 • Set key filter. An example: # vi /etc/rbac/key_filter newadm:*:dflt:dflt:ks_all • Ssh into the server as user newadm and run some commands. • Check log file. For example, for user newadm: # more /var/adm/rbac/klog-newadm-ssh-Mon_Oct_22_2012_12:41:16-8933 Page 5
  • 6. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 3. • 2012 RBAC Setup with Privileged Shell Create a new system administrator account and set the Shell as /usr/bin/privsh or /usr/bin/privksh (depending on the company’s policy of default Shells): # groupadd wheel # useradd -g wheel -s /usr/bin/privksh -m newadm # passwd newadm # roleadm assign newadm Administrator # cat /etc/rbac/user_role root: Administrator newadm: Administrator • Set up commands that newadm will be allowed through RBAC in command file /etc/rbac/cmd_priv: # vi /etc/rbac/cmd_priv For example, enable these lines to add new users: /usr/sbin/useradd :0/0// :dflt :dflt :dflt : • :dflt :(hpux.user.add,*) The permissions of the RBAC command file must not be restrictive to allow read access: # ls -als /etc/rbac/cmd_priv 48 -r--r--r-- • 1 root sys 18546 Feb 10 2011 /etc/rbac/cmd_priv To test it, log in as user newadm and try to add a new user: newadm$ useradd myfriend privksh: useradd: not found newadm$ /usr/sbin/useradd myfriend The last command is successful because full path to command is used. Page 6
  • 7. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 4. 2012 Basic Security Recommendations Some very simple recommendations follow. More comprehensive report can be provided as part of a separate engagement. • To disable direct root access unless logged via console. Set up file /etc/securetty with one line in it: console • Disable direct root access via ssh. Edit /etc/opt/ssh/sshd_config: PermitRootLogin no • Disable all insecure protocols in /etc/inetd.conf. The security can further be increased by editing /var/adm/inetd.sec. • To restrict who can su(1M) to root: edit /etc/default/security: SU_ROOT_GROUP=wheel Then, simply add all admin accounts to Unix group wheel. The name of Unix group is arbitrary (historically set to wheel). • Root’s home directory should be /root, not / (which should be restricted through permissions 700). • Daemon flags for inetd to set up correctly in /etc/rc.config.d/netdaemons (flag "-p" to limit number of processes). • Daemon flags for inetd to set up correctly in /etc/rc.config.d/netdaemons (flag "-a" to enable user-level auditing of processes). • Daemon flags for inetd to set up correctly in /etc/rc.config.d/netdaemons (flag "-l" to enable logging). • Account root is set up with password expiration. • And many other possible improvements. Page 7
  • 8. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 5. 2012 HP-UX Auditing Setup To enable auditing on the HP-UX 11i system, follow these steps: 1. To audit all users, set the following in /etc/default/security: AUDIT_FLAG=1 Or, to enable auditing per user, the userdbset(1M) command can be used: # userdbset -u newadm AUDIT_FLAG=1 (enable auditing for newadm) # userdbset –d -u newadm AUDIT_FLAG (disable auditing for newadm) 2. Create customized auditing configuration file /etc/audit/audit_site.conf (it is one single line). The list of events can be more comprehensive – it depends on business requirements: PROFILE XYZ = EVENT login, EVENT moddac, EVENT create, EVENT delete, EVENT modaccess, EVENT open, EVENT close, EVENT admin PROFILE Supplement = EVENT readdac, EVENT process, EVENT removable 3. To audit according to policy XYZ, enter the following command: # audevent -P -F -r XYZ 4. Use the audevent(1M) command with no options to display a list of events and system calls that are currently configured for auditing. 5. Set the audevent(1M) /etc/rc.config.d/auditing file: AUDITING=1 PRI_AUDFILE=/var/.audit/audtrail PRI_SWITCH=1000 SEC_AUDFILE=* SEC_SWITCH=0 NTHREADS=1 AUDEVENT_ARGS1="-P -F -r XYZ" AUDEVENT_ARGS2="" AUDEVENT_ARGS3="" AUDEVENT_ARGS4="" AUDOMON_ARGS="-p 20 -t 1 -w 90 -o /var/adm/syslog/syslog.log -X '/usr/bin/scp -R /var/.audit/audtrail* remsrv:/var/.audit/auditbackup'" The last line above creates a specific syslog entry and then copies audit logs to remsrv into /var/.audit/audit-backup directory whenever a new audit trail file is created. The maximum size of the primary audit trail (log file) is based on observed monitoring of the activity on the server: PRI_SWITCH=1000 (the size is in Kbytes) 6. Start the auditing system, or reboot the server: # /sbin/init.d/auditing start Page 8
  • 9. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 7. The entries in /var/adm/syslog/syslog.log look like: audit system approaching AuditFileSwitch point. current audit trail size = 905 kilobytes. Use -X option to schedule a task at each switch point to archive and backup current audit trail, and make sure file system not to become full. audomon: auto-switch to /var/.audit/audtrail.20121022_1220 was successful. audomon: auto-switch to /var/.audit/audtrail.20121022_1221 was successful. 8. To check the current auditing status, after some activity on the server, it might look like: # audsys auditing system is currently on current trail: /var/.audit/audtrail.20121022_1221 next trail: none statisticsafs Kb used Kb avail % fs Kb used Kb avail % current trail: 1000 703 30 12288000 5643048 54 next trail: none auditing system is actively writing to 1 file(s) # ps -ef | grep audomon root 3151 1 0 12:04:08 ? 0:00 /usr/sbin/audomon -p 20 -t 1 -w 90 -o /var/adm/syslog/syslog.log # ll /var/.audit total 0 drwx-----drwx-----drwx------ 2 root 2 root 2 root sys sys sys 96 Oct 22 12:04 audtrail 96 Oct 22 12:20 audtrail.20121022_1220 96 Oct 22 12:21 audtrail.20121022_1221 The audit trails (binary log files) are automatically created once the maximum size/threshold is reached. There is no need to run a script or cron job for it. Page 9
  • 10. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 6. 2012 Disable HP-UX Auditing To disable auditing on the system, follow these steps: 1. Stop system auditing using the following command: # audsys -f 2. Set the AUDITING flag to 0 in the /etc/rc.config.d/auditing file to prevent the auditing system from starting when the system is rebooted. 3. (Optional) Stop the audomon daemon. One method: # kill `ps -e | awk '$NFS~ /audomon/ {print $1}'` Page 10
  • 11. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 7. 2012 View Audit Logs The audisp(1M) command will be obsolete in a future release. Invoking /usr/sbin/auditdp -r audit_trail produces the same output as /usr/sbin/audisp audit_trail. The following options are available with the audisp command: -f -p -c system_call -t -s -u user-name -l terminal-name -e event-name > file-name Displays failed events only Displays successful events only. Displays the selected system call Display events that occurred after the given time Displays events that occurred before the given time Displays information for a specific user Displays information for a specific terminal Displays information for the given event Writes output to specified file It can take a few minutes to prepare the record for viewing when working with large audit logs. When viewing the audit data, be aware of the following anomalies: • Audit data can appear inaccurate when programs that collect data for auditable system calls supply incorrect parameters. The audit data shows what the user program passed to the kernel. For example, calling the kill system call with no parameters produces unpredictable values in the parameter section of the audit record. • System calls that take file name arguments may not have device and inode information properly recorded. The values will be -1 if the call does not complete successfully. • Auditing the superuser while changing the event or system call audit parameters will result in a long audit record. For example, when you add an event type to be audited, a record will be produced for each event type and system call that has been enabled for audit, not just for the new event type being added. Some examples of commands: • Display the log output on the screen: # /usr/sbin/audisp /var/.audit/audtrail/spu0.log • Direct the log output to /tmp/mylogoutput: # /usr/sbin/audisp /var/.audit/audtrail/spu0.log > /tmp/mylogoutput • View successful events only: # /usr/sbin/audisp -p /var/.audit/audtrail/spu0.log • View activities owned by user newadm: # /usr/sbin/audisp -u newadm /var/.audit/audtrail.20121022_1237 • View login events only: Page 11
  • 12. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 # /usr/sbin/audisp -e login /var/.audit/audtrail.20121022_1220 The better command is auditdp(1M) in the newer versions of auditing. An example for login auditing: # auditdp -r /var/.audit/audtrail.20121022_1220 -s "+event=login" Example of exporting auditing trail to standard output and appending the same data into syslog: # auditdp -r /var/.audit/audtrail.20121022_1220 -P -o follow -O sync | /opt/audit/AudReport/bin/audit_p2l | tee -a /var/adm/syslog/syslog.log Example of exporting auditing trail to file /tmp/myfile: # auditdp -r /var/.audit/audtrail.20121022_1220 -P -o follow -O sync | /opt/audit/AudReport/bin/audit_p2l >/tmp/myfile Page 12
  • 13. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 8. 2012 Web-Based Audit Reporting Note that these scripts in /opt/audit/AudReport directory, depending on the version of the software installed on HP-UX servers, might need minor modifications! Modify the Shell script /opt/audit/AudReport/bin/audreport_setup_web # vi /opt/audit/AudReport/bin/audreport_setup_web The following four lines had to be changed on my test server: HTPASSWD_EXE=/opt/hpws22/apache/bin/htpasswd APACHE_CTL=/opt/hpws22/apache/bin/apachectl HTTPD_CONF=/opt/hpws22/apache/conf/httpd.conf /sbin/init.d/hpws22_apache start The original ones were: HTPASSWD_EXE=/opt/hpws/apache/bin/htpasswd APACHE_CTL=/opt/hpws/apache/bin/apachectl HTTPD_CONF=/opt/hpws/apache/conf/httpd.conf /sbin/init.d/hpws_apache start Secondly, ensure that Apache web server is started: # vi /etc/rc.config.d/hpws22_apacheconf HPWS22_APACHE_START=1 Then, simply run: # /opt/audit/AudReport/bin/audreport_setup_web By default, the username to access the web reports is: # cat /var/opt/audit/AudReport/.htpasswd audreport_admin:Rd4heCHXvEWh2 # /opt/audit/AudReport/bin/audreport_generator NOTE: HTTP_ALIAS is not specified. Assuming /audreport_web. NOTE: REPORTS_FILENAME is not specified. Assuming index.html. NOTE: REPORTS_LOCATION is not specified. Assuming /var/opt/audit/AudReport. NOTE: STYLESHEETS_LOCATION is not specified. Assuming /opt/audit/AudReport/xslts. NOTE: REPORT_STYLE is not specified for the report "passwd_change_history". Assuming audreport_generic.xsl. NOTE: REPORT_STYLE is not specified for the report "user_account_history". Assuming audreport_generic.xsl. NOTE: REPORT_STYLE is not specified for the report "file_ownership_change_history". Assuming audreport_generic.xsl. Generating reports ...... Generated reports are now available at: http://<hostname>/audreport_web/index.html Here is a screenshot of a web-based report: Page 13
  • 14. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 2012 Page 14
  • 15. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 9. 2012 General Guidelines for HP-UX Auditing • Check the audit logs according to the security policy. For example, a security policy might state that an online audit file should be retained for at least 24 hours and all audit records stored offline should be retained for a minimum of 30 days. • Review the audit log for unusual activities, such as: late hours login, login failures, failed access to system files, and failed attempts to perform security-relevant tasks. • Prevent the overflow of the audit file by archiving on a regular basis. • Ensure that when the required data retention period has ended, the logs are retired by destroying them according to the organization's data destruction policies. • Revise current selectable events periodically, especially after installing new releases of HP-UX, since new system calls are often introduced in new releases. • Revise audited users periodically. • Do not follow any pattern or schedule for event or user selection. • Audit trails (binary log files) must never be part of root file system (/). Typically, they should be saved under /var. • Set site guidelines. Involve users and management in determining these guidelines. • If the audit data volume is expected to be high, configure audit trails on a logical volume consisting of multiple physical disks and multiple physical I/O cards. Use the -N option with audsys command to split the audit trail into multiple files. • Frequently accessed data, such as production data, must be available online. Data not requiring as frequent or ready access such as back-up data can be stored off-line. Use the auditdp command to filter on-line data to remove unnecessary information. This enables you to keep the audit file at a manageable size and keep the less interesting information in off-line, backup storage. For example, use auditdp to filter only login and logout events from one month’s audit trail. If you need to access other records, you can recover them from off-line backup tapes. • Ensuring the confidentiality, integrity, and availability of logs is very important: 1 2 3 4 5 Logging mechanisms must neither be deactivated nor compromised to provide business continuity of logging services in the event of an incident. Ensure that log files cannot be edited or deleted. Generally only administrators and auditors must have access to log files for review and management only. All privileged user (the administrator and auditor) access must be logged and reviewed thoroughly and frequently by others outside that user domain. 6 Page 15
  • 16. HP-UX 11iv3 Preliminary RBAC and Auditing Setup 7 8 9 0 1 10 0 1 2012 Communications must be protected with mechanisms such as encryption (for example, HP-UX IPSec and SSL). Protect the confidentiality and integrity of log files using either message digests or encryption or digital signatures. Provide adequate physical protection for logging mechanisms and stored logs by preventing unauthorized physical access. Page 16