G06.32.01 ReadMe
Following are the enhancements in Safeguard:
* The USER_AUTHENTICATE_ procedure supports the PRIV
LOGON feature in systems
that do not have Safeguard or when Safeguard is down.
* The AUDIT-TACL-LOGOFF attribute is a new Safeguard
global configuration attribute that
controls audit generation for the TACL LOGOFF or TACL
EXIT operations based on the values of
AUDIT-AUTHENTICATE-PASS and AUDIT-AUTHENTICATE-FAIL
subject audit attributes.
Safeguard Manager Process Runs at High PIN:
The Safeguard Manager process $ZSMP now runs as a high
PIN process. Previously, $ZSMP ran as a low PIN process
by default. Running $ZSMP at high PIN helps to reduce
the total number of low PIN processes running on a system,
thereby allowing more processes that have not been converted
to use the D-series Guardian application program interfaces
(APIs) to run at low PIN.
Enhanced Safeguard Security Event Exit Process (SEEP)
Interface:
The Safeguard SEEP interface is enhanced to include an
object file name in the authorization
SEEP structure. This enhancement allows SEEP to
identify the physical location of the file name
of a process to be started or stopped by the
PROCESS_CREATE_ and PROCESS_STOP_ requests.
With this enhancement, the SEEP authorization can be
used to implement an effective
Denial of Service (DOS) prevention mechanism by
authorizing the program file name for processes
to start or stop. A SEEP application can implement the
desired security policy to grant
or deny the PROCESS_CREATE_ and PROCESS_STOP_ requests
to prevent any intrusions or
accesses from an untrusted source.
New NonStop Open System Services (OSS) Security
Management Commands:
OSS Security Management now supports the following
APIs:
* setgroups() - Sets the group access list of the
Page 3