Manualshelf

G06.32 Release Version Update Compendium

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Manageability Products
G06.32 Release Version Update Compendium546067-001
6-3
Safeguard Enhancements
Also introduced is the error token zSFG-err-privlgnnonobj, with the text “unable to set
PRIV-LOGON for non-object file.”
AUDITCLEARONPURGE Feature
A new attribute, AUDITCLEARONPURGE, is provided. This attribute enables you to
control the setting of the CLEARONPURGE flag when creating new audit files.
Previously, the CLEARONPURGE flag was set unconditionally to ON, which triggered
disk writes to zero out the contents whenever an audit file was purged. This write
activity had the potential to cause system performance to temporarily degrade. The
ability to set the CLEARONPURGE flag to OFF for new audit files will help avoid these
intermittent system delays.
In addition, a new command line argument is provided for the SAFECOM ALTER/INFO
AUDIT POOL commands, to set or clear and display the AUDITCLEARONPURGE
attribute for newly created audit files.
Audit Enhancements
Safeguard can now audit the TACL LOGOFF/EXIT events. Previously, only the
TACL LOGON events were audited. This feature makes it easier view the TACL
LOGOFF/EXIT audit events. The new feature can help you include intrusion-
detection as part of your security policies.
A variable-length TEXT-DESCRIPTION field in audit records is added. This field
helps reduce the disk space required for the Safeguard audit trail files.
Safeguard can now filter audit records based on the global configuration
parameters AUDIT-EXCLUDE-FIELD and AUDIT-EXCLUDE-VALUE. This
prevents the records from being logged into the audit trail files.
Migration in a Safeguard Environment
There are no special considerations for migrating to the new version of Safeguard.
However, you can use the following mitigation procedure to handle any unexpected
failures that occur during migration. This procedure preserves the user or password
database that is needed to restore the original user or alias database.
1. Use VPROC to determine the current versions of:
OSMP
OSMON
SAFEART
SAFECOM
2. Back up the current Safeguard files ($*.SAFE.*, $SYSTEM.SYSTEM.USERID, and
$SYSTEM.SYSTEM.USERAX)
3. Use SAFECOM to create an Obey file to save the current policy.
To create an Obey file, do the following in SAFECOM: