Manualshelf

Open System Services Programmer's Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
241242243244245246247248249250
OSS file auditing mechanisms and policies are implemented through the Guardian environment
Safeguard product instead of such UNIX commands or utilities as:
/etc/reboot
/etc/shutdown
/etc/syslog
passwd
Prior to the J06.15 and H06.26 RVUs, OSS file auditing features are not available through
third-party Security Event-Exit Process (SEEP) programs.
Access to OSS auditing logs occurs through the Safeguard audit reduction tool (SAFEART)
program.
The OSS implementation of object security does not conform to POSIX.6 draft 12, IEEE Standard
1003-1e, or IEEE Standard 1003-2c. In particular, the OSS environment does not provide
access control list APIs except as described in “OSS ACLs” (page 63).
Figure 7 (page 251) illustrates the major components and interfaces of OSS security management
mentioned in this section.
Refer to the Security Management Guide for an overview of both Guardian and OSS security.
Refer to the Safeguard Audit Service Manual for a description of the SAFEART program and the
information logged for audited OSS files.
The commercial text Practical UNIX & Internet Security listed in Preface (page 15) contains many
suggestions for writing secure programs. Those suggestions include which functions to avoid in
best-practice program designs.
Beginning with the J06.15 and H06.26 RVUs, a partner or customer OSS SEEP is supported and
can participate in access-control decisions for OSS objects. For OSS SEEP details, see Accessing
OSS SEEP-Protected Files” (page 83).
Functions Available for Security Management
The OSS environment provides most of the basic XPG4 functions used by C or C++ programs for
process and file security.
Table 36 (page 251) lists and provides a short description of the C functions related to security.
Many of these functions have been described in other sections of this guide in the context of file
management or process management; some of these functions are not normally regarded as security
functions but have security implications when used.
NOTE: To determine which RVUs support an OSS function, see Appendix A (page 438).
250 Managing OSS Security