HPE Community
Operating System - HP-UX
1826501 Members
1957 Online
109692 Solutions
New Discussion

vPar security

 
SOLVED
Go to solution
rocke robertson
Frequent Advisor

‎08-28-2008 07:00 AM

‎08-28-2008 07:00 AM

vPar security

What's stopping me from being a nasty beligerent boy with a root shell and doing a:

# vparreset -p whomever -t

RBAC certainly won't, at least I can't see how. THere's some monitor level stuff that restrics which vPars can do administrative work. But I still seem to be able as root to reset other vPars from the same nPar.

Have I missed something?
0 Kudos
Reply
5 REPLIES 5
Torsten.
Acclaimed Contributor

‎08-28-2008 07:05 AM

‎08-28-2008 07:05 AM

Solution

Re: vPar security

Yes, you missed something.

See the manual on how to configure this security.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Reply
Steven E. Protter
Exalted Contributor

‎08-28-2008 07:06 AM

‎08-28-2008 07:06 AM

Re: vPar security

Shalom,

Two things to do. Insure vpar security itself is as strong as a standalone system.

Make sure the console that controls the vpar is secure. Use ssh not telnet for access. Limit who has the password.

If you have root access there is no such thing as a safe system.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Torsten.
Acclaimed Contributor

‎08-28-2008 07:08 AM

‎08-28-2008 07:08 AM

Re: vPar security

http://docs.hp.com/en/T1335-90083/ch11s02.html?btnPrev=%AB%A0prev

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎08-28-2008 07:09 AM

‎08-28-2008 07:09 AM

Re: vPar security

Chapter 11 vPars Flexible Administrative Capability (vPars A.03.03, A.03.04, vPars A.04.02, A.04.03, A.05.01)

...
This chapter discusses the concepts and tasks on using the vPars Flexible Administrative Capability feature (formerly called Primary-Admin vPars Security). With this feature, you can specify vPars administration capabilities for zero, one, or more designated virtual partitions. Only superusers within the designated virtual partitions can perform the vPars administration commands that affect other virtual partitions; a superuser within a non-designated virtual partition can perform only operations that affect itself.
...

http://docs.hp.com/en/T1335-90083/ch11.html

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Reply
rocke robertson
Frequent Advisor

‎08-28-2008 07:39 AM

‎08-28-2008 07:39 AM

Re: vPar security

Gentlemen, I have enabled the flexible administrative section and as you have stated, it prevents administrators from administrating other vPars.

Thank you very much for your quick responses.

If I could give you 11 points I would. A little plug for "Spinal Tap".
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.