Virtual I/O Server

Edit online

The Virtual I/O Server (VIOS) resides in a separate LPAR partition and provides basic discretionary access control between VIOS SCSI device drivers acting on behalf of LPAR partitions and SCSI-based logical volumes and physical volumes through mappings.

An LPAR partition (through a VIOS SCSI device driver) may be mapped to 0 or more logical and physical volumes, but a volume can only be mapped to one LPAR partition. This mapping limits an LPAR partition to only the volumes assigned to it. VIOS also controls the mapping of VIOS Ethernet adapter device drivers to VIOS Ethernet device drivers acting on behalf of groups of LPAR partitions sharing a virtual network. In the evaluated configuration, only a one-to-one mapping of an Ethernet adapter device driver to an Ethernet device driver acting on behalf of a group of LPAR partitions is allowed. The one-to-one mapping is configured by the administrator and enforced by the device drivers. Also, the Ethernet packets must not be tagged with a VLAN tag in the evaluated configuration. This mechanism can be used to limit which LPAR partitions see certain Ethernet packets.

The VIOS interface should be protected from access by unprivileged users. The VIOS user options must be set to satisfy the requirements of the evaluation. The actual requirement is that the TSF shall provide a mechanism to verify that secrets meet the following quality metric: the probability that a secret can be obtained by an attacker during the lifetime of the secret is less than 2^-20. The following parameters should be changed for the user in the /etc/security/user directory:
maxage
8
maxexpired
1
minother
2
minlen
8
maxrepeats
2
loginretries
3
histexpire
52
histsize
20
To change the defaults, use the following commands:
type oem_setup_env

chsec -f /etc/security/user -s default  -a maxage=8 -a maxexpired=1 -a minother=2
  -a minlen=8 -a maxrepeats=2 -a loginretries=3 -a histexpire=52 -a histsize=20
When the prime administrator (padmin) creates a new user, the user attributes must be specified explicitly for that user. For example, to create a user with name davis, the padmin would use the following command:
mkuser  maxage=8 maxexpired=1 minother=2 minlen=8 maxrepeats=2 loginretries=3
  histexpire=52 histsize=20 davis
The padmin should also stop the following daemons and then reboot:
  • To remove writesrv and ctrmc from the /etc/inittab file:
    sshd:   stopsrc -s sshd
  • To prevent the daemon from starting at boot time, remove the /etc/rc.d/rc2.d/Ksshd and /etc/rc.d/rc2.d/Ssshd files. After reboot stop the RSCT daemons:
    stopsrc -g rsct_rm stopsrc -g rsct

All users, regardless of their roles, are to be considered as administrative users.

The system administrator can run all of the commands except those in the following list that are limited to prime admin (padmin):
  • chdate
  • chuser
  • cleargcl
  • de_access
  • diagmenu
  • invscout
  • loginmsg
  • lsfailedlogin
  • lsgcl
  • mirrorios
  • mkuser
  • motd
  • oem_platform_level
  • oem_setup_env
  • redefvg
  • rmuser
  • shutdown
  • unmirrorios