Manualshelf

H06.18 Release Version Update Compendium

ManualsBrandsHP ManualsServerHP Integrity NonStop Release and Migration
11121314151617181920
6 Manageability Products
Safeguard Enhancements
Safeguard supports the following enhancements for the H06.18 RVU:
Safeguard Manager Process Runs at High Pin
The Safeguard Manager process $ZSMP now runs as a HIGH-PIN process. Previously, $ZSMP
ran as a LOW-PIN process by default. Running $ZSMP at HIGH-PIN helps to reduce the total
number of LOW-PIN processes running on a system, allowing more processes that have not
been converted to use the D-series Guardian APIs to run at LOW-PIN.
Enhanced Safeguard Security Event Exit Process (SEEP) Interface
The Safeguard SEEP interface is enhanced to include an object file name in the Authorization
SEEP structure. This enhancement allows SEEP to know the physical location of the file name
of a process to be started or stopped by PROCESS_CREATE_ and PROCESS_STOP_ requests.
With this enhancement, the authorization SEEP can be used to implement an effective Denial of
Service (DOS) prevention mechanism by authorizing the program file name for processes to be
started or stopped. A SEEP application can implement the desired security policy to grant or
deny the PROCESS_CREATE_ and PROCESS_STOP_ requests to prevent any intrusions or
accesses from an untrusted source.
Wild Card Characters Allowed in Group Management Commands
The wild card characters * and ? are now allowed in the ADD GROUP MEMBER and ALTER
GROUP MEMBER commands.
New OSS Security Management Commands
OSS Security Management now supports the following APIs:
sets the group access list of the current processsetgroups()
sets the effective user ID of the current processseteuid()
initializes the group access listinitgroups()
sets the effective group id of the current processsetegid()
Improved Coordination With SEEPs for Password Change Requests
Safeguard is enhanced to evaluate password change requests before exiting password events to
PASSWORD-QUALITY-SEEP. This enhancement will help to eliminate inconsistencies between
the Safeguard password history database and the SEEP password history database.
Group IDs Greater than 65535 Supported for Use by HP
Safeguard now supports creation of groups with IDs greater than 65535. Group IDs in the range
65535 to 65565 are now considered valid group IDs reserved for HP use.
Safeguard supports a new group named SECURITY-ENCRYPTION-ADMIN, identified by group
ID 65536. Only super group users are permitted to be members of this group. This group is
reserved for HP internal use. Any attempts to use this group name/ID for purposes not specified
by HP will result in an error indicating that the group is reserved.
Safeguard Enhancements 19