Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Installation and Management
Safeguard Administrator’s Manual—523317-013
10-11
Guidelines for Securing the Safeguard Subsystem
Guidelines for Securing the Safeguard
Subsystem
After you install the Safeguard subsystem, take steps to ensure the security of its
components. To do so:
1. Secure the SAFECOM program object file as necessary. If you create an access
control list for SAFECOM, you can restrict the use of the command interpreter to
certain users. Protecting the SAFECOM object file has no effect on users of the
Safeguard Subsystem Programmatic Interface (SPI).
To restrict the use of SAFECOM, you must add a disk file authorization record for
the SAFECOM file and specify an access control list that names the qualified
users. Give EXECUTE authority to each user who needs to use the command
interpreter.
Depending on your security policy, the use of SAFECOM might be unrestricted, or
it might be limited to only a few qualified personnel.
For example, if all users are expected to use Safeguard to secure their files, they
must be able to execute SAFECOM. This command allows such access:
=ADD DISKFILE $SYSTEM.SYSnn.SAFECOM, ACCESS *.* e
If your security policy is restrictive so that the Safeguard software is to be used by
only a few individuals, specify only individuals on the access control list. For
example, this command provides EXECUTE authority to only users who are
members of the group SECURE:
=ADD DISKFILE $SYSTEM.SYSnn.SAFECOM, ACCESS secure.* e
Also make sure no other copies of SAFECOM (other SYSnn) are secured less
restrictively.
2. For each object type, determine which individual objects on the system are
sensitive and should be protected. Some of these objects are:
•
Sensitive disk files, such as the Safeguard audit files, the USERID file, and
certain files used by your applications.
•
Sensitive disk volumes and subvolumes such as the system disk ($SYSTEM)
and system subvolume ($SYSTEM.SYSnn), as well as all important production
and application disks.
•
Sensitive devices, including certain terminals, printers, or communication lines.
•
Sensitive process names, including those used by the operating system, by the
Safeguard software, or by your applications. For example, you might want to
secure $CMON and process names associated with the spooler and Pathway
monitor. You might also want to create the special NAMED and UNNAMED
protection records for processes. (For more information, see the Safeguard
Reference Manual.)