 |
» |
|
|
|
HP-UX has many tools for securing your servers
and data. Threats to your servers and data can be either malicious
or accidental, as well as physical (fires, earthquakes, failing hardware,
and so on). Or, they can be logical (misbehaving software, hacking,
and so on). For information about the tools available to protect
your servers and data against loss from the threats mentioned previous,
see “Data Protection Tools”. Controlling Access to Data Using Legacy Unix File Ownership
and Privileges | |
HP-UX has the ability to control access to directories
and files using a combination of: User and Group ownership of files and directories
Using these, a file or directory is assigned an
owner, a group, and an access mask called a mode, which collectively determine: - Files
Who can read, write, or
attempt to execute the file. - Directories
Who can search the contents
of the directory, add files to, remove files from, or rename files
in the directory, and who can cd to the directory.
There is a lot more to the
topic of legacy Unix file ownership and privileges and there are other,
more powerful, mechanisms that allow you to carefully control and
monitor who is accessing the files and directories on your system.
An entire volume of the HP-UX System Administrator’s
Guide is devoted to the topic of security. For extensive
coverage of the topic of controlling access to the files and directories
of your system and other security related topics, see HP-UX
System Administrator’s Guide: Security Management. Controlling Access to Data Using Security Containment Technologies | |
Traditional UNIX file access mechanisms are adequate
for many basic installations, but today’s security and privacy
conscious world requires a lot more control over who has access to
which data. With traditional security methods, a typical weak
link in the mechanism is the superuser (or root user). The term superuser refers
to any account with a User ID (or any program or process with an effective
User ID) of “0” (zero). These
special accounts allow anyone who has access to them complete access
to every local file on the entire server. Should the password for
a superuser account fall into the wrong hands, the security
of the entire server becomes compromised. In many installations, it is not desirable to
give any one person access to every file on a server. In particular,
the role of system administrator might be sub-divided into more specific
roles that are assigned to different people. Others may need to administer
specific applications, or a database or other entity. Perhaps, for
security reasons, it is desirable to give a person access to certain
files or capabilities only during certain hours of the day. Technologies for Greater Access ControlHP-UX 11i version 3 has security technologies
that, when used together, provide significantly greater access control
of the data files and user privileges on your servers when HP-UX is
running in Standard Mode:[6] - Compartments
Compartments isolate unrelated
resources on a server to help prevent catastrophic damage to the server
if one compartment is penetrated. When configured
in a compartment, an application has restricted access to resources
(processes, binaries, data files, and communication channels used)
outside its compartment. This restriction is enforced by the HP-UX
kernel and cannot be overridden unless specifically configured to
do so. If the application is compromised, it will not be able to damage
other parts of the system because it is isolated by the compartment
configuration. - Fine-Grained Privileges
Traditional UNIX privileges
grant “all or nothing” administrative privileges based
on the effective UID of the process that is running. If the process
is running with the effective UID=0, it is granted all privileges. With fine-grained
privileges, processes are granted only the privileges
needed for the task and, optionally, only for the time
needed to complete the task. Applications that are privilege-aware
can elevate their privilege to the required level for the operation
and lower it after the operation completes. - Role-Based Access
Control
Typically, UNIX system
administration commands must be run by a superuser (root user). Similar
to kernel level system call access, access is usually “all
or nothing” based on the user's effective UID. HP-UX
Role-Based Access Control (HP-UX RBAC) enables you to
group common or related tasks into a role. For example, a common role
might be User and Group Administration. Once the role is created,
you assign to specific users a role or set of roles that enables them
to run the commands defined by those roles. When you implement HP-UX RBAC, you enable non-root
users to perform tasks previously requiring superuser privileges without
granting those users complete superuser privileges. - Auditing
The HP-UX auditing system
records security-related events for later analysis. Administrators
use auditing to detect and analyze security breaches. Auditing is
available on both Standard Mode and Trusted Mode HP-UX systems. - User Database
Previously, all Standard
Mode HP-UX security attributes and password policy restrictions were
set on a system-wide basis. The introduction of the user database
enables you to set security attributes on a per-user basis that overrides
system defaults.
For more information on the enhanced security
containment features introduced above, see the following resources: HP-UX System
Administrator’s Guide: Security Management HP-UX 11i Security
Containment Administrator's Guide
|
Printable version
