IUX - Security
Contents
Initiate LAN Boot[edit]
Itanium-Based Clients[edit]
The client sends a boot request to the server over port 67. The request is handled by the bootpd daemon on the server. If the client is registered, the /etc/bootptab file is referenced for the boot IP address; if the client is anonymous, DHCP services are used to assign the boot IP address. The server then sends the networking information to the client on port 68.
PA-RISC Systems[edit]
The client sends a boot request to the server over port 1067. The request is handled by the instl_bootd daemon on the server. The /etc/opt/ignite/instl_boottab file is referenced whether the client is registered or anonymous. The server then sends the networking information to the client on port 1068.
Client Cold Boot and Installation[edit]
If the installation is from an image, it is downloaded. Ports used by NFS to makeRPC calls are not discussed here.
If the installation configuration requires software to be installed from depots on the server, a swinstall request is sent to the server's Software Distributor (SD)daemon, swagentd, on port 2121. An SD agent, swagent, is then spawned onthe server that acquires a dynamically allocated communication port for the download. That communication port is then reported to the client on port 2121.
The client then spawns a new swagent processes that communicates with the server on the acquired communication port P, where the depot download takes place.
Live System Reinstall[edit]
The server pings the client with an ICMP type 8 echo request. The client answers the ping with an ICMP type 0 echo reply. Files required for bootsys are transferred from the server to the client. These files are transferred with remsh by default, or by ssh if the bootsys -S option is used.
The kernel, file system, and required files are downloaded from the server to the client, then the client is booted. These files are transferred with rcp by default, or by scp if the bootsys -S option is used.
make_net_recovery[edit]
The server pings the client with an ICMP type 8 echo request. The client answers the ping with an ICMP type 0 echo reply. If tftp is enabled, the version check is done with the file /opt/ignite/Version.
If tftp is not enabled, the version check is done with swlist using the swinstall depot sequence.
If the client has a lower version of Ignite than the server, a depot of recovery commands is transferred to the client using the swinstall depot sequence.
The server remotely executes make_net_recovery from the client. The command is run via remsh by default, or by ssh if the client was added for recovery on the server with the ssh option.
make_sys_image[edit]
The golden archive is written to the destination server via remsh or NFS. Note that make_sys_image does not need networking if the archive is written locally to the client.
References[edit]
Bootp[edit]
- man bootp http://docs.hp.com/en/B2355-60103/bootpd.1M.html
- bootp and DHCP at http://docs.hp.com/en/5992-2852/ch07s14.html
DHCP[edit]
- man dhcptools http://docs.hp.com/en/B2355-60103/dhcptools.1M.html
- man dhcpclient http://docs.hp.com/en/B3921-90010/dhcpclient.1M.html
- DHCP Overview: http://docs.hp.com/en/5991-6548/ch01s03.html
remsh[edit]
- man remsh (1) http://docs.hp.com/en/B3921-90010/remsh.1.html
- remsh client functionality:http://docs.hp.com/en/30216-90269/ch10s07.html
tftp[edit]
- bootp and tftp overview :http://docs.hp.com/en/5991-6548/ch01s02.html
- Overview of tftpd: http://docs.hp.com/en/32650-90906/ch05s01.html
NFS[edit]
- Configuring and administering administering an NSF client: http://docs.hp.com/en/B1031-90043/ch02s03.html
- Network file system: http://docs.hp.com/en/5992-2852/ch06s10.html
- New features in NFS for 11i v3: http://docs.hp.com/en/B1031-90064/ch01s03.html
swinstall[edit]
- man swinstall http://docs.hp.com/en/B2355-60127/swinstall.1M.html
ping[edit]
- icmp and ipfilter: http://docs.hp.com/en/B9901-90042/B9901-90042.pdf chapter 10
rcp[edit]
- Copying files remotely with rcp: http://docs.hp.com/en/B2355-90164/ch06s04.html
- using rcp (11i v2):http://docs.hp.com/en/B2355-90827/ch04s02.html
- using rcp (11i v3):http://docs.hp.com/en/B2355-91061/ch04s02.html
scp[edit]
- man scp
ssh[edit]
- man ssh
- ssh new features for 11i v1,2,3 :http://docs.hp.com/en/T1471-90033/ch01s03.html
- hp nonstop ssh reference manual:http://docs.hp.com/en/544701-002/544701-002.pdf (chapters 3 and 6)
- Overview of ssh: http://docs.hp.com/en/5992-4213/ch01s01.html
General descriptions[edit]
- Ignite-UX Administration Guide for HP-UX 11i (5992-3336)-Chapter 6 Security
- The internet services http://docs.hp.com/en/B2355-90147/ch01s01.html
- Controlling security on a network:http://docs.hp.com/en/B2355-90950/ch08s06.html
- Networking services (electronic mail, remote login/emulation, file transfers, web access, remotely mounted file systems): http://docs.hp.com/en/5992-3384/ch03s10.html
Return to Ignite-UX_Handbook