IUX - Security

From Wiki-UX.info
Jump to: navigation, search

Initiate LAN Boot[edit]

Itanium-Based Clients[edit]

Initiate LAN Boot Integrity.png

The client sends a boot request to the server over port 67. The request is handled by the bootpd daemon on the server. If the client is registered, the /etc/bootptab file is referenced for the boot IP address; if the client is anonymous, DHCP services are used to assign the boot IP address. The server then sends the networking information to the client on port 68.

PA-RISC Systems[edit]

Initiate LAN Boot PA-RISC.png

The client sends a boot request to the server over port 1067. The request is handled by the instl_bootd daemon on the server. The /etc/opt/ignite/instl_boottab file is referenced whether the client is registered or anonymous. The server then sends the networking information to the client on port 1068.

Client Cold Boot and Installation[edit]

Cold Boot Installation.png

If the installation is from an image, it is downloaded. Ports used by NFS to makeRPC calls are not discussed here.

If the installation configuration requires software to be installed from depots on the server, a swinstall request is sent to the server's Software Distributor (SD)daemon, swagentd, on port 2121. An SD agent, swagent, is then spawned onthe server that acquires a dynamically allocated communication port for the download. That communication port is then reported to the client on port 2121.

The client then spawns a new swagent processes that communicates with the server on the acquired communication port P, where the depot download takes place.

Live System Reinstall[edit]

Live System reinstall via bootsys.png

The server pings the client with an ICMP type 8 echo request. The client answers the ping with an ICMP type 0 echo reply. Files required for bootsys are transferred from the server to the client. These files are transferred with remsh by default, or by ssh if the bootsys -S option is used.

The kernel, file system, and required files are downloaded from the server to the client, then the client is booted. These files are transferred with rcp by default, or by scp if the bootsys -S option is used.

make_net_recovery[edit]

Make net recovery initiated from client.png

The server pings the client with an ICMP type 8 echo request. The client answers the ping with an ICMP type 0 echo reply. If tftp is enabled, the version check is done with the file /opt/ignite/Version.

If tftp is not enabled, the version check is done with swlist using the swinstall depot sequence.

If the client has a lower version of Ignite than the server, a depot of recovery commands is transferred to the client using the swinstall depot sequence.

The server remotely executes make_net_recovery from the client. The command is run via remsh by default, or by ssh if the client was added for recovery on the server with the ssh option.

make_sys_image[edit]

Make sys image initiated from client.png

The golden archive is written to the destination server via remsh or NFS. Note that make_sys_image does not need networking if the archive is written locally to the client.

References[edit]

Bootp[edit]

DHCP[edit]

remsh[edit]

tftp[edit]

NFS[edit]

swinstall[edit]

ping[edit]

rcp[edit]

scp[edit]

  • man scp

ssh[edit]

  • man ssh

General descriptions[edit]

  • Ignite-UX Administration Guide for HP-UX 11i (5992-3336)-Chapter 6 Security

Return to Ignite-UX_Handbook