Safeguard Administrator's Manual (G06.24+, H06.03+)
Table Of Contents
- What’s New in This Manual
- About This Manual
- 1 Introduction
- 2 Controlling User Access
- Introduction
- Using SAFECOM to Establish a Local User Community
- Using SAFECOM to Manage User Access to Your System
- Changing the Owner of a User Authentication Record
- Granting a User Temporary Access to Your System
- Requiring Users to Change Their Passwords
- Granting a Grace Period for Changing an Expired Password
- Forcing Immediate Expiration of a User’s Password
- Freezing a User's Ability to Access the System
- Specifying Auditing for a User ID
- Deleting Users
- Deleting Administrative Groups
- Using SAFECOM to Establish a Network of Users
- Using Safeguard With Nodes With Standard Security
- Identifying Network Users
- Granting a Network User Access to Objects on Your System
- Establishing a Community of Network Users
- Changes to the PAID During a User’s Session
- Additional Considerations for Aliases and Groups
- Additional Considerations for ACCESS with Network Specific Subject IDs
- Establishing Default Protection for a User's Disk Files
- Specifying a Default Command Interpreter for a User
- Establishing Guardian Defaults
- Assigning an Alias to a User
- 3 Managing User Groups
- 4 Securing Volumes and Devices
- 5 OBJECTTYPE Control
- 6 Managing Security Groups
- 7 Securing Terminals
- 8 Warning Mode
- 9 Configuration
- Safeguard Attributes
- Configuring User Authentication
- Configuring Password Control
- Configuring Device Control
- Configuring Process Control
- Configuring Disk-File Control
- Configuring Safeguard Auditing
- Configuring a Default Command Interpreter
- Configuring Communication With $CMON
- Configuring Logon Dialog
- Configuring Exclusive Access at Safeguard Terminals
- Configuring Warning Mode
- Configuring Persistence
- Configuring Attributes for Node Specific Subjects in ACLs
- 10 Installation and Management
- Safeguard Components
- Process Considerations for the SMP and SAFECOM
- Safeguard Subsystem Management Commands
- General Installation Procedure
- Installing the Safeguard Software
- Starting the SMP
- Converting to the Safeguard Subsystem
- Updating the Safeguard Software
- Guidelines for Securing the Safeguard Subsystem
- Monitoring the Safeguard Subsystem
- A SAFECOM Command Syntax
- Index
Installation and Management
Safeguard Administrator’s Manual—523317-013
10-13
Safeguard Console Messages
Safeguard Console Messages
The Safeguard subsystem reports both status messages and internal error messages
on the system console.
Event messages report on events such as starting and stopping the Safeguard
software, changing the Safeguard configuration, and opening a new audit file.
For a description of the Safeguard console messages, see the Operator Messages
Manual.
Managing Safeguard Audit Files
Initially, the Safeguard software writes audit records to the audit files on
$SYSTEM.SAFE. You can add other audit pools on different volumes and subvolumes,
and you can choose which audit pool is to be used as the current audit pool—that is,
which audit pool is to receive audit records. You can also define the next audit pool to
be used when the current audit pool is filled. Because an audit pool can contain
several audit files, your system might have several different volumes and subvolumes
containing multiple audit files.
When the current audit file is filled, the Safeguard software automatically switches to
the next available file in that audit pool. Alternatively, you can monitor usage of audit
files and manually switch to the next file, or even switch to another audit pool, as
necessary.
As long as unused or released audit files remain available in the current audit pool,
there is no danger of audit data being lost. Even that danger is minimized if you have
specified the next audit pool to be used. Therefore, part of the task of monitoring the
audit service activity is to release (purge) audit files that are no longer needed so that
they can be reused.
You can use the INFO AUDIT SERVICE command to determine the current audit pool
and to verify that the next audit pool has been specified. For more information, see the
Safeguard Audit Service Manual.
The Safeguard subsystem writes a message to the system console each time it
switches from one audit file to another. Therefore, system console messages can also
help you to determine when to extract data from a used audit file.