HP-UX 11i Protected Systems Web Server Version C Release Notes

Transcription

1 HP-UX 11i Protected Systems Web Server Version C Release Notes HP Part Number: Published: June 2007 Edition: 1.0

2 2

3 Table of Contents HP-UX 11i Protected Systems Web Server Version C PS-Webserver Overview...5 New and Changed Features in This Release...5 Features and Benefits...5 Known Problems and Limitations...5 Compatibility and Installation Requirements...6 Required Software...6 Operating System and Version Compatibility...6 Hardware Requirements...6 Related Information...6 Software Availability in Native Languages...6 Table of Contents 3

4 4

5 HP-UX 11i Protected Systems Web Server Version C This document provides information about the Version C release of the HP-UX 11i Protected Systems Web Server. PS-Webserver Overview The HP-UX 11i Protected Systems Web Server (PS-Webserver) is a secure Web services platform built on HP-UX. The secure architecture and run-time environment isolate the Internet from backend servers and isolate the Web server from the intranet. If the Web server is compromised, the PS-Webserver mitigates damage to system and intranet resources by minimizing the system access and resource privileges an attacker can obtain. The PS-Webserver product includes the following: A toolkit and documentation to configure a secure Web services environment. A predefined systems security architecture. A complete Apache Web server environment, including default configurations for Java Servlet/Tomcat JVM, CGI, and Web proxy services. New and Changed Features in This Release PS-Webserver Version C delivers the following new content: Support for HP-UX 11i v3 Use of non-chroot environments for all Web server instances Features and Benefits PS-Webserver offers the following features and benefits: Elimination of resources and applications that are not needed in a secure Web services environment Secure run-time environment, including compartmentalization of resources Isolated compartments separating Internet and intranet activity Controlled authorization and access to resources using role identification, controlling access to files and limiting the authority of the Apache application and others Fine-grained application privilege adjustments based on Web server-centric roles, limiting the application s ability to access inappropriate resources Integrated auditing, audit configuration, and audit data review tools Online intrusion detection, intrusion alerts, and intrusion review tools Execution of multiple instances of Apache in separate and isolated compartments Known Problems and Limitations This section provides a list of known problems and limitations as known to HP at time of publication. If workarounds are available, they are included. Updating to hpuxwsapache version B will result in the loss of configuration customization done in the apachectl files for all Apache instances. Severity: medium Corrective Action: To correct this situation, do the following: 1. Stop the HP-UX Webproxy subsystem: # /sbin/rc3.d/s823hpws_webproxy stop 2>/dev/null 2. Fix the apachectl file for each apache instance found under /opt/hpws/apache/webproxy/servers/: PS-Webserver Overview 5

6 # ls -1 /opt/hpws/apache/webproxy/servers/ wp-cgi wp-outcgi wp-outproxy wp-outtomcat wp-webproxy # /opt/psws/lbin/psws_apachectl cgi # /opt/psws/lbin/psws_apachectl outcgi # /opt/psws/lbin/psws_apachectl outproxy # /opt/psws/lbin/psws_apachectl outtomcat # /opt/psws/lbin/psws_apachectl webproxy 3. Start the HP-UX Webproxy subsystem: # /sbin/rc3.d/s823hpws_webproxy start The psws_create command allows you to create new Web server instances using port numbers that are already used by another Web server instance. The newly created Web server instance can not be started as the ports are already in use. Severity: medium Corrective Action: Run the psws_remove command to remove the invalid Web server instance. Compatibility and Installation Requirements This section describes the compatibility information and installation requirements for this release. For specific installation instructions, refer to HP-UX 11i Protected Systems Web Server Version C Administrator's Guide. Required Software You can download software from the Software Depot Web site: Enter Protected-WS into the Search box at the top of the page. Operating System and Version Compatibility This release is specific for HP-UX 11i v3 and HP-UX 11i Version 2 (B.11.23) September 2006 or later. Hardware Requirements This version of PS-Webserver runs on HP 9000 and HP Integrity servers with HP-UX 11i v3 or HP-UX 11i v2 September 2006 or later operating system. Related Information The latest documentation for PS-Webserver is available at Available documents include: HP-UX 11i Protected Systems Web Server Version C Administrator's Guide HP-UX 11i Protected Systems Web Server Version C Release Notes Software Availability in Native Languages The PS-Webserver product is available only in the English language. 6 HP-UX 11i Protected Systems Web Server Version C.01.01