HPE Community
Operating System - HP-UX
1832587 Members
2918 Online
110043 Solutions
New Discussion

Equivalent of Hidden Linux v1.0 in HP-UX

 
prakasse
Advisor

‎11-23-2008 10:19 PM

‎11-23-2008 10:19 PM

Equivalent of Hidden Linux v1.0 in HP-UX

Hi Folks,

We need to hide a key/file (Redhat Linux, and AIX allows to be hidden in some portion of the OS) in HP-UX O/S where none of the users(inclduing root) can access or remove it. This is basically for license management.

In Linux there is Hidden Linux v1.0. I am wondering if a similar product is available on HP-UX which will fulfill our requirements? Quick reply is greatly appreciated.

Thanks in Advance,
Prakash



0 Kudos
Reply
7 REPLIES 7
Patrick Wallek
Honored Contributor

‎11-23-2008 10:22 PM

‎11-23-2008 10:22 PM

Re: Equivalent of Hidden Linux v1.0 in HP-UX

I know of nothing similar that available for HP-UX.

0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-23-2008 11:31 PM

‎11-23-2008 11:31 PM

Re: Equivalent of Hidden Linux v1.0 in HP-UX

Shalom Prakash,

root can see everything.

No exceptions, no bypass. You either trust the person with root access or you buy windows and trust everyone.

You can change the permissions on a file to 000, but that won't stop root from accessing it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Wim Rombauts
Honored Contributor

‎11-24-2008 02:42 AM

‎11-24-2008 02:42 AM

Re: Equivalent of Hidden Linux v1.0 in HP-UX

Yes, you can hide a file in HP-UX.

Look at "Security Containment Extensions". It allows you to create compartments in which you can specify what LAN access is allowed, what interprocess communication is allowed, and what file access is allowed.

You can prevent even root from reading any file, or just from writing to that file, or deleting it.

0 Kudos
Reply
prakasse
Advisor

‎11-24-2008 03:00 AM

‎11-24-2008 03:00 AM

Re: Equivalent of Hidden Linux v1.0 in HP-UX

Yes, you can hide a file in HP-UX.

Look at "Security Containment Extensions". It allows you to create compartments in which you can specify what LAN access is allowed, what interprocess communication is allowed, and what file access is allowed.

You can prevent even root from reading any file, or just from writing to that file, or deleting it.

>>>>>>>>>> Hi Wim, thanks for the reply. Can you point to any doc or link from HP that states this feature.

Thanks,
Senthil.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-24-2008 03:11 AM

‎11-24-2008 03:11 AM

Re: Equivalent of Hidden Linux v1.0 in HP-UX

Shalom,

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=ContainmentExt

That is the software, docs come with.

Once again, even using this, root builds the security container, root can take it apart and access it.

There is a read the root user in the original Unix was originally known as G-d

Good Luck,

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Wim Rombauts
Honored Contributor

‎11-24-2008 03:11 AM

‎11-24-2008 03:11 AM

Re: Equivalent of Hidden Linux v1.0 in HP-UX

The following links to the Administration Guide for HP-UX 11i v2 :

http://docs.hp.com/en/5991-8678/index.html
0 Kudos
Reply
Wim Rombauts
Honored Contributor

‎11-24-2008 03:21 AM

‎11-24-2008 03:21 AM

Re: Equivalent of Hidden Linux v1.0 in HP-UX

>>>> Once again, even using this, root builds the security container, root can take it apart and access it.

No, if the root process runs within the container and the container denies access to /etc/cmpt (the container configuration directory), root will not be able to even see what is configured, so don't even think about modifying any rules.

If root runs a process outside the container, it can access all files as you are used to. (Since someone has to be able to set this up.)

I have seenthat from HP-UX 11i v3 on, this functionality is in the core-OS. For HP-UX 11i v2, it is a free addition.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.