Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Installation and Management
Safeguard Administrator’s Manual—523317-013
10-12
Monitoring the Safeguard Subsystem
For all these objects, list the users who should be able to read, write, or create
process names, devices, volumes, subvolumes, and disk files. For more
information on securing objects, see the Security Management Guide.
3. Create OBJECTTYPE protection records as appropriate to restrict the set of users
who can add protection records for various types of objects. It is especially
advisable to use the OBJECTTYPE PROCESS command to define a limited set of
users can who add protection records for process names. This approach prevents
general users from securing critical processes and thereby controlling those
processes. For more information regarding the OBJECTTYPE commands, see
Section 5, OBJECTTYPE Control.
4. Implement additional Safeguard controls for existing users with the SAFECOM
ALTER USER command. For example, this command requires AUDIT.BOB to
change his password every 15 days:
=ALTER USER audit.bob, PASSWORD-MUST-CHANGE EVERY 15 DAYS
The same controls can be implemented for new users with the ADD USER
command.
5. Define the SECURITY-ADMINISTRATOR and SYSTEM-OPERATOR security
groups to control the use of the audit service commands, TERMINAL commands,
ALTER SAFEGUARD command, and STOP SAFEGUARD command. For more
information about the security groups, see Section 6, Managing Security Groups.
6. Use ADD TERMINAL commands to add terminal definitions for those terminals to
be controlled by the Safeguard software. For more information about Safeguard
terminals, see Section 7, Securing Terminals.
7. If necessary, develop and install software tools to allow users who are restricted
from SAFECOM to get information that they need about their Safeguard status.
Monitoring the Safeguard Subsystem
Monitoring the Safeguard subsystem comprises checking the system console for
Safeguard status and internal error messages, and managing the Safeguard audit files
to prevent data loss.
Note. Do not secure the process name $ZSMP or the subprocess name $ZSMP.#ZSPI.
Also, you cannot secure the process name $0 with the Safeguard software.
You need not establish an access control list for Safeguard SPI commands. These
commands are subject to the same restrictions as their equivalent SAFECOM commands.
For example, if you have defined a SECURITY-ADMINISTRATOR security group, only
members of that group can execute the ALTER SAFEGUARD command and its equivalent
SPI command ALTER SUBSYSTEM.