Safeguard Administrator’s Manual Abstract This manual describes Safeguard commands and features reserved for security administrators and privileged users. Product Version Safeguard G06.06, H05 Supported Release Version Updates (RVUs) This publication supports J06.03 and all subsequent J-series RVUs, H06.08 and all subsequent H-series RVUs, and G06.29 and all subsequent G-series RVUs, until otherwise indicated by its replacement publications.
Document History Part Number Product Version Published 523317-023 Safeguard G06.06, H05 February 2011 523317-026 Safeguard G06.06, H05 February 2012 523317-027 Safeguard G06.06, H05 August 2012 523317-028 Safeguard G06.06, H05 February 2013 523317-029 Safeguard G06.
Legal Notices © Copyright 2013 Hewlett-Packard Development Company L.P. Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice.
Safeguard Administrator’s Manual Index Figures Tables Legal Notices What’s New in This Manual vii Manual Information vii New and Changed Information About This Manual xi Notation Conventions vii xii 1.
3.
6. Managing Security Groups Contents 6. Managing Security Groups Adding Security Groups 6-3 Transferring Security Group Ownership 6-6 Freezing and Thawing Security Groups 6-8 Deleting Security Groups and Group Members 6-10 7. Securing Terminals Control of the Logon Dialog 7-2 Starting a Command Interpreter 7-2 Adding a Terminal Definition 7-3 Altering a Terminal Definition 7-4 Freezing and Thawing a Terminal 7-5 Deleting a Terminal Definition 7-5 8.
10. Installation and Management Contents Configuring Persistence 9-37 Configuring Attributes for Node Specific Subjects in ACLs Configuring Dynamic Process Updates 9-37 9-37 10.
Contents Table 3-1. Table 4-1. Table 4-2. Table 5-1. Table 6-1. Table 6-2. Table 7-1. Table 7-2. Table 8-1. Table 8-2. Table 8-3. Table 9-1. Table 9-2. Table 10-1.
Contents Safeguard Administrator’s Manual—523317-029 vi
What’s New in This Manual Manual Information Safeguard Administrator’s Manual Abstract This manual describes Safeguard commands and features reserved for security administrators and privileged users. Product Version Safeguard G06.06, H05 Supported Release Version Updates (RVUs) This publication supports J06.03 and all subsequent J-series RVUs, H06.08 and all subsequent H-series RVUs, and G06.29 and all subsequent G-series RVUs, until otherwise indicated by its replacement publications.
Changes to 523317-028 manual What’s New in This Manual • Updated the table Safeguard Attribute Default Values on page 9-2. Changes to 523317-028 manual • • • • • Updated the chapter Managing Security Groups on page 6-1. Added the security group SECURITY-MEDIA-ADMIN in the section Adding Security Groups on page 6-4. Added an example for security group SECURITY-MEDIA-ADMIN in the following sections: ° ° ° Transferring Security Group Ownership on page 6-7.
Changes to the H06.22/J06.11 manual What’s New in This Manual • Added a new example on page 10-12. Changes to the H06.22/J06.11 manual • • • • • Updated the Safeguard product version on page -1. Added the following password attributes and their descriptions: ° ° ° ° ° ° PASSWORD-MIN-UPPERCASE-REQ on pages 2-3 and 9-10. PASSWORD-MIN-LOWERCASE-REQ on pages 2-3 and 9-11. PASSWORD-MIN-NUMERIC-REQ on pages 2-4 and 9-12. PASSWORD-MIN-SPECIALCHAR-REQ on pages 2-3 and 9-12.
Changes to the H06.20/J06.09 Manual What’s New in This Manual • • • • • • • Updated the description of PASSWORD-UPPERCASE-REQUIRED {ON / OFF} on page 9-7. Updated the description of PASSWORD-LOWERCASE-REQUIRED {ON / OFF} on page 9-8. Updated the description of PASSWORD-NUMERIC-REQUIRED {ON / OFF} on page 9-8. Updated the description of PASSWORD-SPECIALCHAR-REQUIRED {ON / OFF} on page 9-9. Added the Configuring Dynamic Process Updates section on page 9-37.
Changes to the H06.19/J06.08 Manual What’s New in This Manual • • • • • • • • • • • • Added the following tokens to the display of INFO USER command: ° CREATION-TIME on pages 2-14, 2-15, 2-19, 2-20, 2-21, 2-22, 2-23, 2-24, 2-39, 2-40, 2-42, 3-2, 3-3, 3-3, and 3-4. ° CREATOR-USER-NAME on pages 2-14, 2-15, 2-19, 2-42, 3-2, 3-3, 3-3, and 3-4. ° CREATOR-USER-TYPE on pages 2-14, 2-15, 2-19, 2-42, 3-2, 3-3, 3-3, and 3-4. ° CREATOR-NODENUMBER on pages 2-14, 2-15, 2-19, 2-42, 3-2, 3-3, 3-3, and 3-4.
What’s New in This Manual Changes to the H06.19/J06.
About This Manual This manual describes features of the Safeguard software that are reserved for security administrators and privileged users. The first section of this manual introduces the Safeguard software and presents general guidelines and recommendations for establishing system security.
Notation Conventions About This Manual Notation Conventions Hypertext Links Blue underline is used to indicate a hypertext link within text. By clicking a passage of text with a blue underline, you are taken to the location described. For example: This requirement is described under Backup DAM Volumes and Physical Disk Drives on page 3-2. General Syntax Notation The following list summarizes the notation conventions for syntax presentation in this manual. UPPERCASE LETTERS.
General Syntax Notation About This Manual each side of the list, or horizontally, enclosed in a pair of brackets and separated by vertical lines. For example: FC [ num ] [ -num ] [ text ] K [ X | D ] address { } Braces. A group of items enclosed in braces is a list from which you are required to choose one item. The items in the list can be arranged either vertically, with aligned braces on each side of the list, or horizontally, enclosed in a pair of braces and separated by vertical lines.
Notation for Messages About This Manual Line Spacing. If the syntax of a command is too long to fit on a single line, each continuation line is indented three spaces and is separated from the preceding line by a blank line. This spacing distinguishes items in a continuation line from items in a vertical list of selections. For example: ALTER [ / OUT file-spec / ] LINE [ , attribute-spec ]… !i and !o.
Notation for Messages About This Manual Nonitalic text. Nonitalic letters, numbers, and punctuation indicate text that is displayed or returned exactly as shown. For example: Backup Up. lowercase italic letters. Lowercase italic letters indicate variable items whose values are displayed or returned. For example: p-register process-name [ ] Brackets. Brackets enclose items that are sometimes, but not always, displayed.
Notation for Management Programming Interfaces About This Manual Notation for Management Programming Interfaces The following list summarizes the notation conventions used in the boxed descriptions of programmatic commands, event messages, and error lists in this manual. UPPERCASE LETTERS. Uppercase letters indicate names from definition files; enter these names exactly as shown. For example: ZCOM-TKN-SUBJ-SERV lowercase letters.
1 Introduction As a security administrator or privileged user, you have access to Safeguard features that are not usually available to general users. This manual describes those features and the additional responsibilities you have as a member of the system security team.
Introduction • • The Importance of a Security Policy By default, the local super ID (user ID 255,255) can execute any SAFECOM command for any user or object. By default, only local super-group members (user ID 255,n) can initially add users to file-sharing groups and special security groups, execute audit service commands, add terminal definition records, and control the Safeguard configuration. You can limit or change these authorities to suit your company's security policy.
Preliminary Security Planning Introduction Preliminary Security Planning Advance planning is required before you install the Safeguard software. To plan the security for your installation, you must understand the applications used on your system, and you must know which users should be allowed to use system resources.
Who Can Run SAFECOM? Introduction Who Can Run SAFECOM? Decide who will use SAFECOM. Once a user runs SAFECOM, only the Safeguard internal restrictions limit the user's capabilities. The Safeguard software imposes internal restrictions on commands such as ADD USER, ALTER USER, and ADD DEVICE, and most SAFECOM operations on existing protection records are restricted to the record owner, the owner's group manager, and the local super ID. However many SAFECOM commands are unrestricted.
2 Controlling User Access This section describes how to use the SAFECOM user security commands to establish a local user community and to manage user access to a system protected by the Safeguard software. It also describes how to identify network users, how to set up network access for users, and how to establish default protection for users’ disk files. Introduction User security controls are established with USER security commands when you add or alter a user authentication record.
TERMINAL Commands Controlling User Access • • Initial directory, initial program, and initial program type for the user in an HP NonStop Open Systems Services (OSS) environment (INITIAL-DIRECTORY, INITIAL-PROGRAM, and INITIAL-PROGTYPE attributes) Automatic starting of a command interpreter for a user after logon at a terminal controlled by the Safeguard software (CI-PROG attribute) TERMINAL Commands The TERMINAL commands, which are described in Section 7, Securing Terminals, allow you to add terminal de
Controlling User Access ALTER SAFEGUARD Command (PASSWORD-UPPERCASE-REQUIRED) (only on systems running G06.31 and later G-series RVUs and H06.09 and later H-series RVUs) • • • • • • • • • • Password lowercase required, specifies whether a user password will be enforced to have at least one lowercase character (PASSWORD-LOWERCASE-REQUIRED) (only on systems running G06.31 and later G-series RVUs and H06.
ALTER SAFEGUARD Command Controlling User Access • • • • • • • • • • • • • • Password minimum numeric characters required, indicates the minimum number of numeric characters that must be included in a user password (PASSWORD-MINNUMERIC-REQ) (only on systems running J06.11 or later J-series RVUs and H06.22 or later H-series RVUs) Password error detail, indicates the detailed error message displayed when password quality criteria is not met (PASSWORD-ERROR-DETAIL) (only on systems running J06.
Using SAFECOM to Establish a Local User Community Controlling User Access Using SAFECOM to Establish a Local User Community Before a new user can log on to a system, a group manager or the local super ID must use SAFECOM commands to create a user authentication record in the Safeguard subject database. This user authentication record contains the user ID and user name, password, and other security attributes defined for the user.
Adding Users to the System Controlling User Access (Alternatively, you can use the OBJECTTYPE USER command to define a special set of users who have the authority to add other users to the Safeguard database. For more information, see Section 5, OBJECTTYPE Control.) To create a new administrative group, the local super ID assigns a unique group name to a previously unused group number. From that point on, the association between the group number and the group name is fixed.
Adding Users to the System Controlling User Access Table 2-1. User Security Attributes and Default Attribute Values (page 1 of 5) Attribute Description Default Value OWNER Identifies the primary owner of this user authentication record. The primary owner can: The default value is the user ID of the person who adds the new user. • • • • OWNER-LIST Change any of the user's security attributes. Suspend and restore the user's ability to log on to the system.
Adding Users to the System Controlling User Access Table 2-1. User Security Attributes and Default Attribute Values (page 2 of 5) Attribute Description Default Value PASSWORD-EXPIRYGRACE Specifies the number of days after a password expires that the user can change his or her password during logon. The default value is no grace period. AUDIT-AUTHENTICATEPASS Specifies the conditions under which the Safeguard software creates an audit record of successful attempts to log on with this user name.
Adding Users to the System Controlling User Access Table 2-1. User Security Attributes and Default Attribute Values (page 3 of 5) Attribute Description Default Value AUDIT-USER-ACTIONFAIL Specifies the conditions under which the Safeguard software creates an audit record of unsuccessful events attempted by this user. The default value is no auditing.
Adding Users to the System Controlling User Access Table 2-1. User Security Attributes and Default Attribute Values (page 4 of 5) Attribute Description Default Value GUARDIAN DEFAULT SECURITY Sets the Guardian default security string for a user. This security string is given to any of the user disk files that are not added to Safeguard. The default value is OOOO. GUARDIAN DEFAULT VOLUME Sets the Guardian default volume and subvolume for a user. The default value is $SYSTEM.NOSUBVOL.
Adding Users to the System Controlling User Access Table 2-1. User Security Attributes and Default Attribute Values (page 5 of 5) Attribute Description Default Value CI-SWAP Specifies the swap volume to be used when the command interpreter is started after the user logs on at a terminal controlled by the Safeguard software. The default value is null. CI-PRI Specifies the priority at which the command interpreter is run when it is started at a terminal controlled by the Safeguard software.
Adding Users to the System Controlling User Access Table 2-2. User Security Commands Command Description SET USER Establishes default values for the user security attributes. When a user is added to the system, the default values are used for any attributes not specified with ADD USER. SHOW USER Displays the current values of the default user security attributes. ADD USER Adds a user authentication record to the Safeguard subject database.
Adding Users to the System Controlling User Access Then use the SHOW USER command to check the default settings: =SHOW USER TYPE USER OWNER 255,255 WARNING-MODE OFF PASSWORD = USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = * NONE * = * NONE * = 30 DAYS = * NONE * = OOOO = $SYSTEM.
Adding Users to the System Controlling User Access Verify the attributes of the user authentication record, using the DETAIL option of the INFO USER command: =INFO USER 1,255, DETAIL GROUP.USER USER-ID OWNER LAST-MODIFIED LAST-LOGON STATUS WARNING-MODE ADMIN.
Adding Users to the System Controlling User Access For example, ADMIN.MANAGER starts a SAFECOM session and uses the following command to add a new user, ADMIN.BOB, to group 1 and to assign a password to ADMIN.BOB: =ADD USER admin.bob, 1,0, PASSWORD q5s4 ADMIN.MANAGER uses the INFO USER command to verify the settings of the user authentication record for ADMIN.BOB: =INFO USER 1,0, DETAIL The display shows: GROUP.USER ADMIN.
Using SAFECOM to Manage User Access to Your System Controlling User Access ADMIN.BOB should change his password immediately to insure its security. Therefore, on June 17, ADMIN.BOB uses the command interpreter PASSWORD program to change his password: 1> PASSWORD BigChill ADMIN.MANAGER could have used the PASSWORD-EXPIRES attribute to force ADMIN.BOB to change his password immediately. For an example of the use of this attribute, see Forcing Immediate Expiration of a User Password on page 2-23.
Granting a User Temporary Access to Your System Controlling User Access sequence of SAFECOM commands. ADMIN.MANAGER begins by displaying the current user attributes defined for ADMIN.BOB: =INFO USER admin.bob GROUP.USER USER-ID ADMIN.BOB 1,0 OWNER 1,255 LAST-MODIFIED LAST-LOGON 17JUN05, 11:22 * NONE * STATUS THAWED WARNING-MODE OFF This INFO display shows that the user authentication record for ADMIN.BOB is currently owned by 1,255 (ADMIN.MANAGER). ADMIN.
Granting a User Temporary Access to Your System Controlling User Access Next, enter a SHOW USER command to check the default attribute values: =SHOW USER TYPE USER OWNER 4,255 WARNING-MODE OFF PASSWORD = b9v7 USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = 19DEC05, 0:00 = * NONE * = * NONE * = * NONE * = OOOO = $SYSTEM.
Granting a User Temporary Access to Your System Controlling User Access Check the status of the SOFTWARE.GEORGE user authentication record with an INFO USER command: =INFO USER software.george, DETAIL GROUP.USER USER-ID OWNER SOFTWARE.
Requiring Users to Change Their Passwords Controlling User Access manager of the SOFTWARE group can change that user's USER-EXPIRES date with this command: =ALTER USER software.george, USER-EXPIRES Jan 19 2006 The ALTER user command can also be used to remove an expiration date. For example, if SOFTWARE.GEORGE is hired as a permanent employee, the manager of the SOFTWARE group removes his USER-EXPIRES date with this command: =ALTER USER software.
Requiring Users to Change Their Passwords Controlling User Access that SECURITY.SUSAN changed Bob’s authentication record on June 28, 2005. The Safeguard software calculated a PASSWORD-EXPIRES date by adding the PASSWORD-MUST-CHANGE period to the current date (June 28). At this point, ADMIN.BOB has until July 28, 2005, to change his password. Any user can use the command interpreter PASSWORD program to change his or her own password.
Requiring Users to Change Their Passwords Controlling User Access to log on, ADMIN.BOB calls his security administrator, SECURITY.SUSAN on July 29, and asks her to find out why he cannot log on. Susan runs SAFECOM and enters the following INFO USER command: =INFO USER admin.bob GROUP.USER ADMIN.BOB USER-ID OWNER 1,0 200,1 LAST-MODIFIED 28JUN05, 14:09 LAST-LOGON STATUS WARNING-MODE 27JUL05, 08:02 PSWD-EXP OFF The STATUS field in the short INFO USER report shows SECURITY.SUSAN that ADMIN.
Granting a Grace Period for Changing an Expired Password Controlling User Access Granting a Grace Period for Changing an Expired Password You can use the PASSWORD-EXPIRY-GRACE attribute to specify a grace period during which a user can change his or her expired password. The PASSWORD-EXPIRY-GRACE attribute can be specified either in the user authentication record for an individual user or in the Safeguard configuration record for all users.
Freezing a User's Ability to Access the System Controlling User Access For example, assume that the current time is 10:14 on July 29, 2005. To add the new user ADMIN.ALICE with an expired password and a password expiry grace period of five days, ADMIN.MANAGER enters this command: =ADD USER admin.alice, 1,6, LIKE admin.bob, PASSWORD abc,& =PASSWORD-EXPIRES 29 jul 2005, 10:00,& =PASSWORD-EXPIRY-GRACE 5 DAYS The PASSWORD-EXPIRES attribute specifies a time that has already passed.
Specifying Auditing for a User ID Controlling User Access For example, suppose ADMIN.BOB goes on vacation. SECURITY.SUSAN freezes the ADMIN.BOB user name with the FREEZE USER command and displays the record with the INFO USER command: =FREEZE USER admin.bob =INFO USER admin.bob GROUP.USER ADMIN.BOB USER-ID 1,0 OWNER 200,1 LAST-MODIFIED 5AUG05, 16:45 LAST-LOGON 5AUG05, 8:07 STATUS FROZEN WARNING-MODE OFF The STATUS field in the short INFO USER report shows the status of ADMIN.BOB is now frozen.
Deleting Users Controlling User Access Deleting Users The primary and secondary owners of a user authentication record can delete that user with the DELETE USER command. For example, SECURITY.SUSAN can delete ADMIN.BOB with this command: =DELETE USER admin.bob Note. After deleting a user, the security administrator should notify users to remove the deleted user ID from access control lists for objects they own. Also, objects that the deleted user ID owns should be transferred to other owners or deleted.
Controlling User Access Using SAFECOM to Establish a Network of Users Using SAFECOM to Establish a Network of Users Users can be granted access to nodes other than their own and can have access authority for remote objects. A user who can access objects on one or more remote nodes is called a network user. Being a system user on one node of a network of HP NonStop systems does not make you a network user.
Identifying Network Users Controlling User Access Table 2-3.
Granting a Network User Access to Objects on Your System Controlling User Access Granting a Network User Access to Objects on Your System This subsection gives instructions for using SAFECOM to set up remote passwords for a network user. The SAFECOM ADD USER and ALTER USER commands in this procedure can normally be executed only by the local super ID or the local group manager. Before a user on a remote system can access objects on your system, take these steps: 1.
Establishing a Community of Network Users Controlling User Access On the remote system, \LA ADMIN.BOB is given a remote password for his system, \LA: =ALTER USER 1,0, REMOTEPASSWORD \LA abc On the local system, \NY Give ADMIN.BOB a remote password for his system, \LA: =ALTER USER 1,0, REMOTEPASSWORD \LA abc Now the network user ADMIN.BOB has two-way access between \NY and \LA.
Controlling User Access Establishing a Community of Network Users be granted access to any system on which the user ID 1,0 is assigned to another user name, such as, ADMIN.CAROL. (The use of user aliases as network users can alter this behavior, as described at the end of this subsection.) Coordination of group names and numbers across a network also means that an administrative group can be defined as a network group or as a local group. A local group is unique to one node.
Establishing a Community of Network Users Controlling User Access Figure 2-1.
Controlling User Access Changes to the PAID During a User Session With these remote passwords, SALES.FRED can access objects on \SF when he is logged on with the alias Freddie at \NY. SOFTWARE.JOE can access objects on \NY when he is logged on with alias Freddie at \SF. However, Safeguard access control decisions are based on the underlying user ID of the alias at the remote node. In effect, SALES.BOB has access to objects to which SOFTWARE.JOE is normally granted access at \SF, and vice versa.
Establishing Default Protection for a User's Disk Files Controlling User Access However, the underlying user ID defined for the alias at the remote node is still used in access decisions based on Safeguard access control lists at that node. If the remote node is running a product version prior to D30 and does not support user aliases, the user ID identified by the PAID requesting the access is verified, and access decisions are based on that user ID.
Establishing a Default Access Control List Controlling User Access Default auditing specifications Note. Before using DEFAULT-PROTECTION, you might need to convert the USERID file. For more information, see Section 10, Installation and Management. Note. Specifying DEFAULT-PROTECTION when CHECK-DISKFILE-PATTERN is set to ONLY results in the creation of extraneous normal protection records, which will not be examined because ONLY looks at only pattern protection records.
Establishing Default Ownership Controlling User Access Establishing Default Ownership You can specify two types of ownership with DEFAULT-PROTECTION. You specify one with the OWNER attribute of the user record, and you specify the other with OWNER authority in an access control list. Both types of owners can modify the disk file authorization record after it is created. However, only the primary owner, secondary owners, or a super ID can set the PROGID attribute to protect program code.
Eliminating Default Protection for a User Controlling User Access Assume that SECURITY.SUSAN wants to specify default auditing for all files that ADMIN.JEFF creates. To do so, she sets DEFAULT-PROTECTION to include auditing of all successful attempts to access Jeff's disk files: =ALTER USER 1,12, DEFAULT-PROTECTION & =AUDIT-ACCESS-PASS ALL Then she displays the record to verify the DEFAULT-PROTECTION audit settings: =INFO USER 1,12, DEFAULT-PROTECTION GROUP.USER ADMIN.
Establishing Guardian Defaults Controlling User Access Then she issues the INFO USER command with the CI option to check the results: INFO USER admin.jeff, CI The display shows: GROUP.USER ADMIN.JEFF USER-ID 1,12 OWNER 200,1 LAST-MODIFIED 15AUG05, 11:54 LAST-LOGON STATUS 12AUG05, 16:02 THAWED WARNING-MODE OFF CI-PROG = $SYSTEM.SYSTEM.
Specifying the Default Volume and Subvolume Controlling User Access Assume that SECURITY.SUSAN wants to change the Guardian default security string for ADMIN.JEFF to NUNU. To do so, SECURITY.SUSAN uses this SAFECOM command: =ALTER USER admin.jeff, GUARDIAN SECURITY 'NUNU' The word DEFAULT in the GUARDIAN DEFAULT SECURITY attribute is optional when you enter the command. You can include it for readability, but it is not required. Similarly, quotes around the security string specifier are also optional.
Assigning an Alias to a User Controlling User Access To verify the results of the command, SECURITY.SUSAN issues this INFO USER command: =INFO USER admin.jeff, GENERAL GROUP.USER ADMIN.
Assigning an Alias to a User Controlling User Access • In addition, the local super ID can add an alias for any user regardless of the existence of an OBJECTTYPE USER record (unless OBJECTTYPE USER specifically denies the super ID). Each alias must be unique within the local system. An alias is a case-sensitive text string that can be up to 32 alphanumeric characters in length. In addition to alphabetic and numeric characters, the characters period (.
Assigning an Alias to a User Controlling User Access The display shows: NAME RalphW USER-ID 4,32 OWNER 4,255 STATUS THAWED UID USER-EXPIRES PASSWORD-EXPIRES PASSWORD-MAY-CHANGE PASSWORD-MUST-CHANGE EVERY PASSWORD-EXPIRY-GRACE LAST-LOGON LAST-UNSUCESSFUL-ATTEMPT LAST-MODIFIED CREATION-TIME FROZEN/THAWED STATIC FAILED LOGON COUNT STATIC-FAILED-LOGON-RESET GUARDIAN DEFAULT SECURITY GUARDIAN DEFAULT VOLUME = = = = = = = = = = = = = = = CREATOR-USER-NAME CREATOR-USER-TYPE CREATOR-NODENUMBER = SUPER.
3 Managing User Groups This section describes how to use the SAFECOM group commands to define and manage supplementary user groups. Groups created explicitly with the ADD GROUP command can exist independently of user definitions and are typically used for file-sharing purposes. Groups with numbers ranging from 0 through 255 can be used as administrative groups. An administrative group exists primarily for user management although it can also be used for file sharing.
Adding User Groups Managing User Groups Adding User Groups Any super-group member can add a group definition group unless an OBJECTTYPE USER access control list exists. If an OBJECTTYPE USER record exists, only users with CREATE authority on that access control list can use the ADD GROUP command. Assume that the user ADMIN.DON (user ID 16,24) has C authority on the OBJECTTYPE USER access control list. To create a group that could be subsequently activated as an administrative group, ADMIN.
Adding and Deleting Group Members Managing User Groups The display shows: GROUP NAME NUMBER OWNER ProG4 1144 16,24 CREATION-TIME = 15JUL05, 2:03 CREATOR-USER-NAME = SUPER.SUPER CREATOR-USER-TYPE = USER (255,255) CREATOR-NODENUMBER = 86 AUTO-DELETE = OFF DESCRIPTION = Inventory system programmers GROUP OWNER-LIST SECTION UNDEFINED! LAST-MODIFIED 23JUL94, 11:18 Because ADMIN.DON is the owner of these groups, he can use the ALTER GROUP command to manage the groups. In addition, because ADMIN.
Using Wild-cards for Managing Group Members Managing User Groups This command adds the users TEST.PHIL and TEST.JUNE and the user alias Group-Super to the group PROG4. The group owner, ADMIN.DON, has no administrative control over the user and alias authentication records for these users, but he does control their membership in the group PROG4.
Transferring Group Ownership Managing User Groups The following example illustrates the use of wild-card characters for adding group members using the ADD GROUP command: =ADD GROUP PROG5, NUMBER 144, MEMBER (test.p*, test.user?, & =my*p.user?nam, Group-Super, newalia?us*r) Note. • • MEMBER *.* adds all the users and aliases in the Guardian user name format to the group. MEMBER * adds all the users and aliases to the group.
Deleting Groups Managing User Groups The display shows: GROUP NAME PROG4 NUMBER 144 OWNER 16,3 LAST-MODIFIED 26JUL94, 13:20 ADMIN.FRAN is now responsible for managing membership in the PROG4 group. However, ADMIN.FRAN has no authority to manage the user authentication records of the group members. The owner of a user authentication record retains responsibility for the administration of that user. In this instance, ADMIN.DON retains administrative responsibility for PROG4.
4 Securing Volumes and Devices The Safeguard User's Guide explains how to secure disk files, subvolumes, and processes. This section describes how to secure disk volumes and devices. By default, only super-group members can add volumes and devices to the Safeguard database. (However, you can also define a special group of users to be responsible for volumes and devices. To do so, use the appropriate OBJECTTYPE authorization, as described in Section 5, OBJECTTYPE Control.
General Procedure for Securing Volumes and Devices Securing Volumes and Devices You can transfer ownership of a volume or device by changing the OWNER attribute. You can also designate additional owners by specifying OWNER authority in the access control list. Both forms of ownership allow an owner to modify the authorization record for the volume or device. Table 4-2.
Securing Volumes and Devices Considerations for Volumes Considerations for Volumes By default, only super-group users (255,*) can add a disk volume to the Safeguard database and specify the access authorities for the volume. If necessary, you can transfer ownership to a general user if that individual is to be responsible for protection of the volume. A disk volume is usually added to the Safeguard database to control who can create files on that volume.
Securing Volumes and Devices Considerations for Devices and Subdevices Considerations for Devices and Subdevices By default, only super-group users (255,*) can add devices and subdevices to the Safeguard database. If necessary, ownership can be transferred to another user responsible for protection of that device or subdevice. Until a device or subdevice is added to the Safeguard database, any process can open that device or subdevice for input or output.
5 OBJECTTYPE Control So far, you have seen how to protect an individual object such as a disk volume by creating an authorization record for it. This section describes how to use the OBJECTTYPE commands to control who can create authorization records for objects of a given type. By default, only super-group users can create authorization records for volumes, devices, and subdevices, but any user can create authorization records for processes, subprocesses, subvolumes, and disk files.
OBJECTTYPE Control 1. Log on as SUPER.SUPER. Note. SUPER.SUPER is the privileged user authorized to modify ACLs. 2. Create a DISKFILE OBJECTTYPE and set ACL to give C, O authority to user E.F. =ADD OBJECTTYPE DISCFILE, ACCESS E.F(C,O) =INFO OBJECTTYPE DISCFILE The display shows: LAST-MODIFIED OWNER STATUS 18JUN08, SUPER.SUPER THAWED DISCFILE 8:25 E.F C,O 3. Log on as E.F and alter the DISKFILE OBJECTTYPE to set ACL to give C authority to user A.B. Note. User E.
OBJECTTYPE Control 5. Log on as E.F( who has Owner authority) and provide O authority to A.B. = ALTER OBJECTTYPE DISCFILE, ACCESS A.B (O) = INFO OBJECTTYPE DISCFILE,DET The display shows: LAST-MODIFIED OWNER STATUS DISCFILE 18JUN08, A.B E.F 9:00 SUPER.SUPER C,O C,O THAWED OBJECT-TEXT-DESCRIPTION = AUDIT-ACCESS-PASS = NONE AUDIT-ACCESS-FAIL = NONE AUDIT-MANAGE-PASS = NONE AUDIT-MANAGE-FAIL = NONE 6. Log on as A.B.
OBJECTTYPE Control super-group members can add user groups. However, by creating OBJECTTYPE USER, you can give any designated list of users the authority to add users, aliases, and groups. For more information, see Controlling Users as an Object Type on page 5-8. An OBJECTTYPE authorization record has these attributes: ACCESS OWNER OBJECT-TEXT-DESCRIPTION AUDIT-ACCESS-PASS AUDIT-MANAGE-PASS AUDIT-ACCESS-FAIL AUDIT-MANAGE-FAIL Note.
OBJECTTYPE Control Table 5-1. OBJECTTYPE Security Commands Command Description ADD OBJECTTYPE Creates an OBJECTTYPE authorization record with the specified OBJECTTYPE attribute values. By default, only a local super-group user can add an OBJECTTYPE authorization record. ALTER OBJECTTYPE Changes one or more attribute values in an OBJECTTYPE authorization record. DELETE OBJECTTYPE Deletes an OBJECTTYPE authorization record.
OBJECTTYPE Control Controlling an Entire Object Type Note. Users with CREATE authority on an OBJECTTYPE access control list can add any object of that type regardless of the object's ownership. For example, a user with CREATE authority on OBJECTTYPE DISKFILE can create authorization records for any user's files that are not already protected by the Safeguard software. Normally, users can add only their own files.
Controlling an Entire Object Type OBJECTTYPE Control Note. Starting with H06.26/J06.15 RVUs, the OBJECTTYPE DISKFILE/VOLUME/SUBVOLUME is granted additional access permissions, WRITE (W) and PURGE (P), along with the existing CREATE (C) and OWNER (O) permissions. Members having the WRITE (W) permission on OBJECTTYPE DISKFILE/VOLUME/SUBVOLUME can modify the respective DISKFILE/VOLUME/SUBVOLUME protection records.
Controlling Users as an Object Type OBJECTTYPE Control Now display the authorization record for OBJECTTYPE SUBDEVICE: =INFO OBJECTTYPE SUBDEVICE LAST-MODIFIED OBJECTTYPE SUBDEVICE 26JAN88, 11:10 012,* OWNER STATUS 12,8 THAWED WARNING-MODE OFF C The authorization record has the same attributes as OBJECTTYPE DEVICE. Now users whose administrative group is group 12 are the only users who can add authorization records for device and subdevice names. Note.
Controlling Who Can Add an Object Type OBJECTTYPE Control These same users also have the authority to add groups. For security, adding an alias requires additional authority, as described in Assigning an Alias to a User on page 2-40.
OBJECTTYPE Auditing OBJECTTYPE Control OBJECTTYPE Auditing All OBJECTTYPE authorization records provide auditing attributes. These attributes enable you to audit attempts to add individual authorization records as well as attempts to change the OBJECTTYPE authorization record. The OBJECTTYPE audit attributes are: AUDIT-ACCESS-PASS Successful attempts to add an individual authorization record are audited. AUDIT-ACCESS-FAIL Unsuccessful attempts to add an individual authorization record are audited.
6 Managing Security Groups The Safeguard subsystem allows you to define seven special security groups to control the use of certain restricted commands.
Managing Security Groups Note. 1. It is recommended that SUPER.SUPER must not to be added to either SOA/SPA security groups. 2. It is recommended that SOA/SPA security groups be added by any SUPER.* and not by SUPER.SUPER, so that super.super would not gain ownership on the security-groups. 3. SUPER.SUPER can be explicitly denied by using Safeguard ACL's in either SOA/SPA Security groups to prevent its access inadvertently. For example: alter sec-group sec-prv-admin,access super.
Managing Security Groups Note. Until you add the SECURITY-ADMINISTRATOR and SYSTEM-OPERATOR security groups, any super-group user (user ID 255,n) can use all the commands listed in Table 6-1. Table 6-2 lists and describes the SECURITY-GROUP security commands. Table 6-2. SECURITY-GROUP Command Summary Command Description ADD SECURITY-GROUP Adds a group authorization record with the specified group attribute values. If you do not specify attribute values, the current default is used.
Adding Security Groups Managing Security Groups Adding Security Groups Initially, any super-group member can add the group authorization records for the SECURITY-ADMINISTRATOR, SYSTEM-OPERATOR, SECURITY-OSSADMINISTRATOR, SECURITY-PRV-ADMINISTRATOR, SECURITY-AUDITOR, SECURITY-MEDIA-ADMIN, and SECURITY-PERSISTENCE-ADMIN security groups.
Adding Security Groups Managing Security Groups Except for SYSOP.DALE and the super ID, all super-group members are now prohibited from using the commands reserved for the SYSTEM-OPERATOR security group. Because SYSOP.DALE has both EXECUTE and OWNER authority on the access control list, he can execute these commands and also add other users to the SYSTEM-OPERATOR security group. You can define membership in the SECURITY-OSS-ADMINISTRATOR security group by adding an authorization record for that group.
Adding Security Groups Managing Security Groups The display shows: LAST-MODIFIED SECURITY-PRV-ADMINISTRATOR 1MAY10, 13:20 GROUP OWNER STATUS 255,255 THAWED SECGRP E,O = You can define membership in the SECURITY-AUDITOR security group by adding an authorization record for that group. For example, the following command creates the authorization record for the SECURITY-AUDITOR security group: = ADD SECURITY-GROUP SECURITY-AUDITOR, ACCESS SECGRP.
Transferring Security Group Ownership Managing Security Groups To verify the results of the command: =INFO SECURITY-GROUP SECURITY-PERSISTENCE-ADMIN LAST-MODIFIED SECURITY-PERSISTENCE-ADMIN 18MAR13, 18:23 GROUP OWNER STATUS 255,255 THAWED 00255 E, O Transferring Security Group Ownership You can transfer ownership of a group authorization record to another user. For example, this command gives ownership of the SECURITY-ADMINISTRATOR authorization record to ADMIN.
Transferring Security Group Ownership Managing Security Groups You can transfer ownership of a group authorization record to another user using the ALTER command. For example, this command gives ownership of the SECURITY-PRV-ADMINISTRATOR authorization record to another user: =ALTER SECURITY-GROUP SECURITY-PRV-ADMINISTRATOR, & ACCESS TEST1.USER1 (E,O) ; TEST1.
Transferring Security Group Ownership Managing Security Groups To verify the results, use the following command: =INFO SECURITY-GROUP SECURITY-PERSISTENCE-ADMIN The display shows: LAST-MODIFIED SECURITY-PERSISTENCE-ADMIN 18MAR13, 18:23 022,001 GROUP 00255 OWNER STATUS 255,255 E, O E, O THAWED Safeguard Administrator’s Manual—523317-029 6-9
Freezing and Thawing Security Groups Managing Security Groups Freezing and Thawing Security Groups A security group can be frozen by the primary owner or by any user with OWNER authority on the access control list for the group. When a group is frozen, the only individuals who can execute the commands restricted to that group are the primary owner, the primary owner's group manager, owners on the access control list, and the local super ID. For example, ADMIN.
Freezing and Thawing Security Groups Managing Security Groups To thaw the group: = THAW SECURITY-GROUP SECURITY-OSS-ADMINISTRATOR To verify the results: = INFO SECURITY-GROUP SECURITY-OSS-ADMINISTRATOR The display shows: LAST-MODIFIED SECURITY-OSS-ADMINISTRATOR 24MAY06, 1:31 240,001 240,002 240,003 240,004 OWNER STATUS 255,5 THAWED O E E, O O The SECURITY-PRV-ADMINISTRATOR security group can be frozen by the primary owner or by any user with OWNER authority on the access control list for the group.
Freezing and Thawing Security Groups Managing Security Groups To verify the results: =INFO SECURITY-GROUP SECURITY-AUDITOR The display shows: LAST-MODIFIED OWNER STATUS 204,1 FROZEN SECURITY-AUDITOR 11DEC10, GROUP 17:01 00144 E To thaw the group: = THAW SECURITY-GROUP SECURITY-AUDITOR To verify the results: = INFO SECURITY-GROUP SECURITY-AUDITOR The display shows: LAST-MODIFIED OWNER STATUS 11DEC10, 17:02 204,1 THAWED SECURITY-AUDITOR GROUP 00144 E The SECURITY-MEDIA-ADMIN security group
Deleting Security Groups and Group Members Managing Security Groups The display shows: LAST-MODIFIED SECURITY-MEDIA-ADMIN 13JUL12, 14:44 GROUP 005,255 00255 OWNER 255,255 E, E, STATUS THAWED O O The SECURITY-PERSISTENCE-ADMIN security group can be frozen using the following command: =FREEZE SECURITY-GROUP SECURITY-PERSISTENCE-ADMIN To verify the results, use the following command: =INFO SECURITY-GROUP SECURITY-PERSISTENCE-ADMIN The display shows: LAST-MODIFIED SECURITY-PERSISTENCE-ADMIN 18MAR13, 18:2
Deleting Security Groups and Group Members Managing Security Groups If you want to delete an entire security group, use the DELETE SECURITY-GROUP command. For example, this command deletes the SYSTEM-OPERATOR security group: =DELETE SECURITY-GROUP SYS-OPER To delete an entire SECURITY-OSS-ADMINISTRATOR security group, use the DELETE SECURITY-GROUP command.
7 Securing Terminals This section explains how to add a terminal definition to the Safeguard database so that the Safeguard software controls that terminal.
Control of the Logon Dialog Securing Terminals Table 7-2. TERMINAL Command Summary Command Description ADD TERMINAL Adds a terminal definition record with the specified terminal attribute values. ALTER TERMINAL Changes one or more attribute values in a terminal definition record. DELETE TERMINAL Deletes a terminal definition record. FREEZE TERMINAL Disables a terminal from accepting the LOGON command. INFO TERMINAL Displays the existing attribute values in a terminal definition record.
Adding a Terminal Definition Securing Terminals change the configuration record, the command interpreter defined in that record is $SYSTEM.SYSTEM.TACL. The Safeguard software can honor the command interpreter specification only at a terminal that it controls. If the Safeguard software does not control the logon dialog at a terminal, all command interpreter specifications are ignored at that terminal.
Altering a Terminal Definition Securing Terminals the priority at which the command interpreter is to execute. For more information about these parameters, see the Safeguard Reference Manual. For example, this command adds terminal $TFOX.#T015 and causes TACL to be started after user authentication at the terminal: =ADD TERMINAL $tfox.#t015, PROG $system.system.tacl Use the INFO TERMINAL command to verify the results: =INFO TERMINAL $tfox.
Freezing and Thawing a Terminal Securing Terminals The display shows: TERMINAL PROG LIB PNAME SWAP CPU PRI = = = = = = $TFOX.#T015 STATUS THAWED $SYSTEM.SYSTEM.TACL * NONE * * NONE * $DATA2 4 150 PARAM-TEXT =5 Freezing and Thawing a Terminal When you freeze a Safeguard terminal, all logon attempts at that terminal are disallowed. For example, this command freezes the terminal $TFOX.#T014: FREEZE TERM $tfox.#t014 To reenable users to log on at the terminal: THAW TERM $tfox.
Deleting a Terminal Definition Securing Terminals Safeguard Administrator’s Manual—523317-029 7-6
8 Warning Mode Warning mode is a special state that allows you to test the reliability and effectiveness of Safeguard protection on your system. In warning mode, the Safeguard software allows access to objects that have a protection record even if the protection record does not grant access. The Safeguard software audits any access attempt that would normally have been denied. Objects that are not protected by the Safeguard software are unaffected in warning mode.
Warning Mode Considerations for Disk Files and Processes Considerations for Disk Files and Processes Because disk files and processes have Guardian security associated with them, special circumstances can apply in warning mode when Safeguard protection is bypassed. For these two types of objects, you can specify that warning mode be run with a fallback option. The fallback option is controlled by a Safeguard global configuration attribute that can be set to either GUARDIAN or GRANT.
Process Stop Mode Security Warning Mode Table 8-2. Warning Mode Rulings on Disk-File ACLs Safeguard ACL Ruling Guardian Security Access Result Audit Record Generated Outcome in Audit Record Standard Mode Grants Denies No record N.A. N.A. Use Guardian Yes No Yes/No~ As specified As specified No Granted Denied N.A. Warning Mode Fallback Guardian Grants Denies Denies No record N.A. Grants Denies Use Guardian Yes Yes* No* Yes/No~ As specified Always As specified No Granted Warning* Denied N.A.
Using Warning Mode Warning Mode For more information about Guardian stop modes, see the SETSTOP procedure in the Guardian Procedure Calls Reference Manual. Table 8-3.
Using Warning Mode Warning Mode To verify the results of the commands: =INFO SAFEGUARD The display shows: AUTHENTICATE-MAXIMUM-ATTEMPTS = 3 AUTHENTICATE-FAIL-TIMEOUT = 60 SECONDS AUTHENTICATE-FAIL-FREEZE = OFF PASSWORD-REQUIRED = OFF PASSWORD-ENCRYPT = ON PASSWORD-HISTORY = 0 PASSWORD-MINIMUM-LENGTH = 0 PASSWORD-MAXIMUM-LENGTH = 8 PASSWORD-ALGORITHM = DES PASSWORD-COMPATIBILITY-MODE = ON PASSWORD-UPPERCASE-REQUIRED = OFF PASSWORD-LOWERCASE-REQUIRED = OFF PASSWORD-NUMERIC-REQUIRED = OFF PASSWORD-SPECIAL
Using Warning Mode Warning Mode <=SET DESTINATION FILE report1 <=SET WHERE OUTCOME=warning <=START To disable warning mode when you are finished testing the Safeguard security settings: ALTER SAFEGUARD, SYSTEM-WARNING-MODE OFF Safeguard Administrator’s Manual—523317-029 8-6
9 Configuration This section describes the restricted command ALTER SAFEGUARD. It is intended for trusted users who are members of the SECURITY-ADMINISTRATOR security group. If you have not defined a SECURITY-ADMINISTRATOR group, any super-group user can alter the Safeguard configuration or stop the Safeguard software. (For information about defining security groups, see Section 6, Managing Security Groups.
Safeguard Attributes Configuration At any time, you can display the current settings of the attributes by issuing the INFO SAFEGUARD command from SAFECOM. Table 9-1.
Safeguard Attributes Configuration Table 9-1.
Safeguard Attributes Configuration Table 9-1. Safeguard Attribute Default Values (page 3 of 4) Attribute Name Initial or Default Value AUDIT-OBJECT-MANAGE-FAIL NONE AUDIT-CLIENT-GUARDIAN** ON TERMINAL-EXCLUSIVE-ACCESS OFF CI-PROG $SYSTEM.SYSTEM.
Configuring User Authentication Configuration Table 9-1. Safeguard Attribute Default Values (page 4 of 4) Attribute Name Initial or Default Value PASSWORD-LOWERCASE-REQUIRED ^ OFF PASSWORD-NUMERIC-REQUIRED ^ OFF PASSWORD-SPECIALCHAR-REQUIRED ^ OFF PASSWORD-SPACES-ALLOWED ^ OFF PASSWORD-MIN-QUALITY-REQUIRED ^ 0 AUDIT-EXCLUDE-FIELD& NONE AUDIT-EXCLUDE-VALUE& NONE AUDIT-OSS-FILTER1 OFF AUDIT-TACL-LOGOFF1 OFF DYNAMIC-PROC-UPDATE2 OFF * For systems running H06.
Configuring Password Control Configuration AUTHENTICATE-FAIL-TIMEOUT The specified timeout for a user ID if AUTHENTICATE-MAXIMUM-ATTEMPTS is exceeded. The default is 60 seconds. The command interpreter process at the terminal remains locked for the duration of the timeout period. Caution. Because the command interpreter process at the terminal remains locked for the duration of the AUTHENTICATE-FAIL-TIMEOUT period, avoid specifying an unreasonably long period.
Configuring Password Control Configuration PASSWORD-HISTORY Records a specified number of previously used passwords for each user and does not allow a user to change his or her password to any password in this history. You can specify a history of 0 to 60 passwords. (If you specify a history of more than 20 passwords, you must convert the USERID files as described in Section 10, Installation and Management.) Values of 0 and 1 allow the user to reuse any password, even if used recently.
Configuring Password Control Configuration Note. • • • On systems running J06.11 and later J-series RVUs and H06.22 and later H-series RVUs, the PASSWORD-UPPERCASE-REQUIRED attribute supports the DES and HMAC256 password algorithms. Therefore, the PASSWORD-UPPERCASE-REQUIRED attribute can be set to ON when PASSWORD-ENCRYPT is ON. The PASSWORD-UPPERCASE-REQUIRED attribute will take effect only when the PASSWORD-MIN-QUALITY-REQUIRED attribute is set to a value greater than 0.
Configuring Password Control Configuration PASSWORD-SPECIALCHAR-REQUIRED {ON / OFF} Specifies whether the user password will be enforced to have at least one special character. The initial value is OFF. The PASSWORD-SPECIALCHAR-REQUIRED attribute can be set to ON when PASSWORD-ALGORITHM is HMAC256 and PASSWORD-ENCRYPT is ON. Note. • • • On systems running J06.11 and later J-series RVUs and H06.
Configuring Password Control Configuration • PASSWORD-MIN-QUALITY-REQUIRED can be modified only when PASSWORDENCRYPT is ON. Note. On systems running J06.11 and later J-series RVUs and H06.22 and later H-series RVUs, the PASSWORD-MIN-QUALITY-REQUIRED attribute can be modified when PASSWORD-ENCRYPT is ON. • When PASSWORD-ENCRYPT is OFF, an attempt to alter the quality attributes results in an error.
Configuring Password Control Configuration The PASSWORD-MIN-UPPERCASE-REQ attribute can have values from 0 through 8. The initial value is 0. Note. This attribute is supported only on systems running J06.11 or later J-series RVUs and H06.22 or later H-series RVUs. The following considerations apply to the PASSWORD-MIN-UPPERCASE-REQ attribute: • • • • The PASSWORD-MIN-UPPERCASE-REQ attribute will take effect only when the PASSWORD-UPPERCASE-REQUIRED attribute is enabled.
Configuring Password Control Configuration PASSWORD-MIN-NUMERIC-REQ, PASSWORD-MIN-SPECIALCHAR-REQ or PASSWORD-MIN-ALPHA-REQ) must not be greater than the value of the PASSWORD-MAXIMUM-LEN attribute. PASSWORD-MIN-NUMERIC-REQ Specifies the minimum number of numeric characters required in a user password when it is set or changed. The PASSWORD-MIN-NUMERIC-REQ attribute can have values from 0 through 8. The initial value is 0. Note. This attribute is supported only on systems running J06.
Configuring Password Control Configuration • • • When the PASSWORD-SPECIALCHAR-REQUIRED attribute is changed from OFF to ON, Safeguard sets the numeric value of the PASSWORD-MINSPECIALCHAR-REQ attribute to 1. When the PASSWORD-SPECIALCHAR-REQUIRED attribute is changed from ON to OFF, Safeguard sets the numeric value of the PASSWORD-MINSPECIALCHAR-REQ attribute to 0.
Configuring Password Control Configuration PASSWORD-MIN-ALPHA-REQ) must not be greater than the value of the PASSWORD-MAXIMUM-LEN attribute. PASSWORD-ERROR-DETAIL Determines whether a detailed error message is displayed to the user when the password supplied does not meet the minimum complexity as defined. Detailed error message is displayed when PASSWORD-ERROR-DETAIL is ON as per the password minimum required complexity. A default error message is displayed when PASSWORD-ERROR-DETAIL is OFF.
Configuring Password Control Configuration PASSWORD-ALGORITHM Indicates the algorithm to encrypt passwords when they are changed. The initial value is DES. Note. This attribute is supported only on systems running H06.06 and later H-series RVUs and G06.29 and later G-series RVUs. DES Indicates to use the DES algorithm to encrypt passwords. This is the initial value. Encrypted passwords are stored in the L/USERID and L/USERAX files.
Configuring Device Control Configuration Consider this example with the attributes set as: PASSWORD-MUST-CHANGE EVERY = 20 DAYS PASSWORD-MAY-CHANGE = 5 DAYS On July 1, the owner of the user authentication record changes the user's password. These dates are calculated: PASSWORD-MAY-CHANGE = * NONE * PASSWORD-EXPIRES = 21JULY1993 The user must change the password in the next 20 days because the password expires on July 21. On July 21, the user changes the password.
Configuring Process Control Configuration information, see the following note.) The value can be FIRST-ACL, FIRST-RULE, or ALL. The initial value is FIRST-ACL. ACL-REQUIRED-DEVICE If no access control list is found, access is denied. If this attribute is OFF, and no access control list is found, Guardian rules apply. The initial value is OFF. Note. COMBINATION-DEVICE resolves conflicts between access control lists if CHECK-DEVICE and CHECK-SUBDEVICE are both ON.
Configuring Disk-File Control Configuration COMBINATION-PROCESS Determines how conflicts are resolved between process and subprocess access control lists. This attribute is used in conjunction with DIRECTION-PROCESS. (For more information, see the following note.) The value can be FIRST-ACL, FIRST-RULE, or ALL. The initial value is FIRST-ACL. ACL-REQUIRED-PROCESS If no access control list is found, access is denied. If this attribute is OFF, and no access control list is found, Guardian rules apply.
Configuring Disk-File Control Configuration CHECK-SUBVOLUME Access control lists are checked at the subvolume level. The initial value is OFF. The Safeguard software checks for CREATE authority at the subvolume level even when CHECK-SUBVOLUME is OFF. CHECK-FILENAME Access control lists are checked at the disk-file level. The initial value is ON. DIRECTION-DISKFILE Determines which direction to search for access control lists if more than one of the preceding attributes is ON.
Configuring Disk-File Control Configuration CHECK-DISKFILE-PATTERN Specifies how to search diskfile patterns. OFF specifies that no pattern searches will occur. FIRST specifies that pattern searching will occur first, if and only if the result is NORECORD then the normal search for a protection record will occur. LAST specify that pattern searching will occur after the normal search if and only if the normal search result is NORECORD. ONLY specifies that only pattern searching will occur.
Configuring Safeguard Auditing Configuration This command specifies that the Safeguard software is to use the first access control list it finds in this following order—disk file, subvolume, volume: =ALTER SAFEGUARD, COMBINATION-DISKFILE FIRST-ACL, & =DIRECTION-DISKFILE DISKFILE-FIRST Caution. If you set CHECK-SUBVOLUME ON and set DIRECTION-DISKFILE to VOLUME-FIRST, any user can gain access to someone else's files.
Configuring Device Auditing Configuration These Safeguard attributes relate to user authentication auditing: AUDIT-AUTHENTICATE-PASS Successful user and alias logon attempts are audited. This setting supplements the audit settings in the user or alias authentication record. The conditions can be ALL, NONE, or LOCAL. The default is NONE. AUDIT-AUTHENTICATE-FAIL Unsuccessful user and alias logon attempts are audited. This setting supplements the audit settings in the user or alias authentication record.
Configuring Process Auditing Configuration AUDIT-DEVICE-ACCESS-FAIL Unsuccessful attempts to access all devices or subdevices on the system are audited. This setting supplements the audit settings for individual devices or subdevices. The conditions can be ALL, NONE, LOCAL, or REMOTE. The default is NONE. AUDIT-DEVICE-MANAGE-PASS Successful attempts to create or manage the authorization record of a device or subdevice are audited.
Configuring Disk File Auditing Configuration AUDIT-PROCESS-MANAGE-PASS Successful attempts to create or manage the authorization record for a process or subprocess are audited. This setting supplements the audit settings for individual processes or subprocesses. The conditions can be ALL, NONE, LOCAL, or REMOTE. The default is NONE. AUDIT-PROCESS-MANAGE-FAIL Unsuccessful attempts to create or manage the authorization record for a process or subprocess are audited.
Configuring Auditing of All System Objects Configuration AUDIT-DISKFILE-MANAGE-FAIL Unsuccessful attempts to create or manage authorization records for a volume, subvolume, or disk file are audited. This setting supplements the individual audit settings. The conditions can be ALL, NONE, LOCAL, or REMOTE. The default is NONE. AUDIT-DISKFILE-PRIV-LOGON specifies conditions for auditing attempts to perform a priv logon on the system. This setting supplements the individual audit settings.
Configuring Client Auditing Configuration To change any of these values, issue the ALTER SAFEGUARD command from SAFECOM. For example, to audit all successful attempts to manage an authorization record for any system object: =ALTER SAFEGUARD, AUDIT-OBJECT-MANAGE-PASS ALL Caution. Configuring the Safeguard software to audit all system objects might cause system performance problems. Be sure you have adequate system resources to handle extensive auditing.
Configuring Audit Exclusion of NonStop Client Events Configuration generated based on the value of the AUDIT-AUTHENTICATE-PASS and AUDITAUTHENTICATE-FAIL attributes. When set to FALSE, audits for the TACL LOGOFF or TACL EXIT operations are generated based on the value of the AUDIT-CLIENT-GUARDIAN, AUDITPROCESS-ACCESS-PASS, and AUDIT-PROCESS-ACCESS-FAIL attributes. The initial value is FALSE. Note. The AUDIT-TACL-LOGOFF attribute is supported only on systems running J06.08 and later J-series RVUs, H06.
Configuring Audit Exclusion of NonStop Client Events Configuration Table 9-2.
Configuring Audit Exclusion of NonStop Client Events Configuration Table 9-2.
Configuring Audit Exclusion of NonStop Client Events Configuration Table 9-2.
Configuring Audit Exclusion of NonStop Client Events Configuration Table 9-2.
Configuring Audit Exclusion of NonStop Client Events Configuration Table 9-2. AUDIT-EXCLUDE-FIELDs and their corresponding values (page 5 of 5) AUDIT-EXCLUDE-FIELD OWNERISREMOTE Values for AUDIT-EXCLUDE-VALUE • • • • • • • • • • OSSFILESET SOCKET SYMLINK TTY PROCESSGROUP OSSPROCESS REMOTE LOCAL NONE UNKNOWN The following AUDIT-EXCLUDE-FIELD values have dynamic variable names, therefore, no enums are defined.
Configuring a Default Command Interpreter Configuration • • • • • • CREATORSYSTEMNUMBER CREATORPROCESSNAME CREATORAUTHLOCNAME CREATORTERMINALNAME CREATORAUTHLOCNUMBER OBJECTNAME AUDIT-EXCLUDE-VALUE specifies a set of values (up to five) for the respective field names in the AUDITEXCLUDE-FIELD. Combination of field names and the values determine the exclusion of NonStop client audit events. The default value is NONE. Note.
Configuring Communication With $CMON Configuration CI-PROG Specifies the name of the command interpreter's object file. The file name must be a local file name. The initial value for CI-PROG file is $SYSTEM.SYSTEM.TACL. A null entry for CI-PROG sets the value to null. If the value of CI-PROG is null and no CI-PROG is defined for the user or the terminal, a command interpreter is not started at the terminal. CI-LIB Specifies the file name of the library to be used with the command interpreter.
Configuring Logon Dialog Configuration CMON ON specifies that the Safeguard software is to communicate with the $CMON process during the following events: logon, illegal logon attempts, logoff, and newprocess of the command interpreter. If CMON is OFF, there is no communication with $CMON during these events. The initial value is OFF. CMONTIMEOUT Specifies the number of seconds that the Safeguard software is to wait for any $CMON operation. The default is 30 seconds.
Configuring Exclusive Access at Safeguard Terminals Configuration Configuring Exclusive Access at Safeguard Terminals You can set the TERMINAL-EXCLUSIVE-ACCESS attribute so that a user who is logged on at a Safeguard terminal has exclusive access to the terminal. This attribute applies only to terminals that are controlled by the Safeguard software. TERMINAL-EXCLUSIVE-ACCESS ON specifies that access at a Safeguard terminal is exclusively reserved for the user who is currently logged on.
Configuring Persistence Configuration Configuring Persistence Use the ADD command to configure persistence, which allows you to create protection records for disk files. The NORMAL value of this attribute is designed to preserve backward compatibility. The ALWAYS value provides access to the persistence feature. Note. PROGID, LICENSE, TRUST, PRIV-LOGON, and CLEARONPURGE are reset for a disk file with a persistent protection record when the file is created.
Configuration Configuring Dynamic Process Updates The following SAFECOM commands trigger a dynamic update to the process security attributes, when the DYNAMIC-PROC-UPDATE attribute is ON: SAFECOM ALTER USER/ALIAS [user/alias name] , AUDIT-USER-ACTION LOCAL/REMOTE/ALL/NONE SAFECOM ALTER GROUP [ group name ], MEMBER [user/alias name] Note. • • HP recommends that you use the dynamic process update feature for maintenance purposes only. This feature is supported only on systems running on J06.
10 Installation and Management This section is intended for the security administrator or trusted user who is responsible for installing, supervising, and maintaining the Safeguard subsystem. This section includes an overview of the Safeguard software components, procedures for installing the Safeguard subsystem, and guidelines for securing the Safeguard software. Safeguard Components Before you install the Safeguard software, you should have a basic understanding of its software components.
The Security Monitors (SMONs) Installation and Management Security Database Management The SMP makes all changes to the subject and object databases on the local system. You make changes to the databases with SAFECOM commands. SAFECOM interprets the commands and communicates with the SMP to change the database. When a SAFECOM user requests information about a user or a protected object, SAFECOM requests the information from the SMP.
Process Considerations for the SMP and SAFECOM Installation and Management ° ° Supplementary group list Group count A separate SHP process runs in every processor in a protected system. Each SHP updates the process attributes of every process in its own processor running with the user identity whose above-mentioned user attributes are changed. The SMP ensures that all SHPs are operational. Note. SHP is supported on systems running on J06.10 and later J-series RVUs and H06.21 and later H-series RVUs.
Safeguard Subsystem Management Commands Installation and Management Safeguard Subsystem Management Commands The Safeguard subsystem management commands are entered through SAFECOM. Table 10-1 on page 10-4 described them briefly. The syntax of these commands is described in detail in the Safeguard Reference Manual. The procedures you use to install and monitor the Safeguard software are described later in this section. Table 10-1.
Installing the Safeguard Software Installation and Management Installing the Safeguard Software The method you use to install the Safeguard software is based on the software RVU you are running and manner in which you want the Safeguard software to be started and stopped.
Adding the Safeguard Software to the Kernel Subsystem (G-Series RVUs) Installation and Management BACKUPCPU 1, & PRIMARYCPU 0, & DEFAULTVOL $SYSTEM.SYSTEM, & EXTSWAP $SWAP01, & HIGHPIN ON, & HOMETERM $ZHOME, & NAME $ZSMP, & OUTFILE $ZHOME, & PRIORITY 198, & PROGRAM $SYSTEM.SYSTEM.OSMP, & SAVEABEND OFF, & STARTMODE KERNEL or SYSTEM, & STARTUPMSG "", & STOPMODE STANDARD, & TYPE OTHER, & USERID SUPER.
Including the Safeguard Software in the OSIMAGE File (D-Series RVUs) Installation and Management Including the Safeguard Software in the OSIMAGE File (D-Series RVUs) To configure the Safeguard software in your CONFTEXT file, you must add the Safeguard files OSMP and OSMON to the SYSTEM_PROCESS_CODE_FILES entry of the ALLPROCESSORS paragraph. The entry should contain these definitions: SYSTEM_PROCESS_CODE_FILES $dsv-vol.ZSAFEGRD.OSMON, $dsv-vol.ZSAFEGRD.
Starting the SMP Installation and Management This command is typically part of your CIIN or system startup files. Note. Because the OSMP object program file contains PRIV code, it can only be run by the super ID. If other users are to be allowed to start the SMP, the super ID must license the OSMP and OSMON. For example: VOLUME $SYSTEM.SYSnn FUP LICENSE (OSMP, OSMON) In this example, the backup SMP process is created in CPU 4. If you do not specify a backup processor, no backup process is created.
Converting to the Safeguard Subsystem Installation and Management Note. • • The $SYSTEM.SAFE.SPTGUARD file is created when the SAVED-DISKFILE-PATTERN protection record is created. The $SYSTEM.SAFE.SPTGUARD file is supported only on systems running J06.10 and later J-series RVUs and H06.21 and later H-series RVUs. The SMP also starts the SMON processes. It uses this naming convention for the SMON process names: $ZS00 $ZS01 $ZS02 $ZS03 . . .
Updating the Safeguard Software Installation and Management For Safeguard product versions prior to D30, HP recommends that the ADDUSER, DELUSER, and RPASSWRD program object files be deleted when the Safeguard software is installed on a system. With D30, it is no longer necessary to delete these programs because they now coordinate requests for their services through the Safeguard software. When the Safeguard software is installed for the first time, Expand line handlers need to be restarted.
Returning to a Previous RVU Installation and Management 3. Start the Safeguard software. 4. Make a new DDL dictionary if you use one. Returning to a Previous RVU To return to a previous RVU, follow the steps used to change over to this RVU, but use the previous RVU's programs. Make a new DDL dictionary if you use one. Note. Consult the softdoc for migration and fallback issues.
Installation and Management Guidelines for Securing the Safeguard Subsystem Guidelines for Securing the Safeguard Subsystem After you install the Safeguard subsystem, take steps to ensure the security of its components. To do so: 1. Secure the SAFECOM program object file as necessary. If you create an access control list for SAFECOM, you can restrict the use of the command interpreter to certain users.
Installation and Management • Guidelines for Securing the Safeguard Subsystem Sensitive process names, including those used by the operating system, by the Safeguard software, or by your applications. For example, you might want to secure $CMON and process names associated with the spooler and Pathway monitor. You might also want to create the special NAMED and UNNAMED protection records for processes. (For more information, see the Safeguard Reference Manual.
Monitoring the Safeguard Subsystem Installation and Management Monitoring the Safeguard Subsystem Monitoring the Safeguard subsystem comprises checking the system console for Safeguard status and internal error messages, and managing the Safeguard audit files to prevent data loss. Safeguard Console Messages The Safeguard subsystem reports both status messages and internal error messages on the system console.
A SAFECOM Command Syntax This appendix summarizes the syntax of all the SAFECOM commands. The commands are listed in alphabetic order. SAFECOM reserved words can be abbreviated. Typically, a reserved word can be abbreviated to its first three characters unless a longer abbreviation is necessary to distinguish between similar reserved words. The syntax notation conventions used here and throughout this manual are listed in Notation Conventions on page xiv.
Common Syntax Elements SAFECOM Command Syntax node-spec can take any of these forms: * | node-name | node-number node-name specifies the system name. node-number specifies the Expand node number. sec-group-list has the form: { sec-group-spec } { ( sec-group-spec [ , sec-group-spec ] ... ) } sec-group-spec can be any of: SECURITY-ADMINISTRATOR SYSTEM-OPERATOR SECURITY-OSS-ADMINISTRATOR Note. The SECURITY-OSS-ADMINISTRATOR security group is supported only on systems running G06.
SAFECOM Command Syntax SAFECOM Command Syntax For subprocesses, can be either a fully or a partially qualified subprocess name. For OBJECTTYPE, there is no object-spec. object-spec can contain * and ? wild-card characters except in ADD commands for devices, subdevices, processes, and subprocesses. object-name is the name of an existing protected object of the same type as the object-type of the command; used in the LIKE clause. terminal-name is a fully or partially qualified device or subdevice name.
SAFECOM Command Syntax SAFECOM Command Syntax file-spec is one of: EXTENTSIZE (primary-ext [ , secondary-ext ] ) MAXEXTENTS n MAXFILES n AUDITCLEARONPURGE { ON | OFF } Note. AUDITCLEARONPURGE is supported only on systems running J06.03 and later Jseries RVUs, H06.12 and later H-series RVUs, and G06.32 and later G-series RVUs. ADD EVENT-EXIT-PROCESS name [ [ , ] exit-attribute ] [ , exit-attribute ] ... exit-attribute specifies the name of the event-exit-process attribute to be set.
SAFECOM Command Syntax SAFECOM Command Syntax ADD TERMINAL terminal-name [ , ] [ LIKE terminal-name | term-param ] [ , term-param ] ... term-param is one of: PROG prog-filename LIB lib-filename CPU cpu-number PNAME process-name SWAP swap-vol PRI priority PARAM-TEXT startup-param-text ADD USER group-name.user-name , group-num , user-num [ , ] [ LIKE user | user-attribute ] [ , user-attribute ] ... ALTER object-type object-list [ , ] { LIKE object-name | object-attribute } [ , object-attribute ] ...
SAFECOM Command Syntax SAFECOM Command Syntax recovery is one of: RECYCLE [ FILES ] SUSPEND AUDIT DENY GRANTS ALTER EVENT-EXIT-PROCESS name [ , ] exit-attribute [ , exit-attribute ] ... ALTER GROUP { [ NAME ] name-list | NUMBER num-list } [ , ] [ group-attribute [ , group-attribute ] ] ... ALTER SAFEGUARD [ , ] attribute [ , attribute ] ... ALTER SECURITY-GROUP sec-group-list [ , ] { LIKE sec-group-spec | sec-group-attribute } [ , sec-group-attribute ] ...
SAFECOM Command Syntax SAFECOM Command Syntax DELETE EVENT-EXIT-PROCESS name DELETE GROUP { [ NAME ] name-list | NUMBER num-list } DELETE SECURITY-GROUP sec-group-list DELETE TERMINAL terminal-name DELETE USER { user-spec |( user-spec [ , user-spec ] ... ) } [ [,] WHERE expression ] DISPLAY command [ , command ] ... command is one these DISPLAY commands: [ AS ] COMMANDS [ ON | OFF ] DETAIL [ ON | OFF ] HEADERS [ ON | OFF | ONCE ] PROMPT [ prompt-item ] [ ( prompt-item [ , prompt-item ] ) ...
SAFECOM Command Syntax SAFECOM Command Syntax WARNINGS USER DETAIL AS COMMANDS HEADERS PROMPT EXIT FC [ [ [ [ string “string” linenum -linenum ] ] ] ] FREEZE object-type object-list[ [ , ] WHERE option-list ] WHERE option-list applies to disk files and diskfile-patterns only. FREEZE ALIAS { alias | ( alias [ , alias ] ... ) } [ [,] WHERE expression ] FREEZE SECURITY-GROUP sec-group-list FREEZE TERMINAL terminal-name FREEZE USER { user-spec | ( user-spec [ , user-spec ] ...
SAFECOM Command Syntax SAFECOM Command Syntax display-option is one of: DETAIL [ ON | OFF ] WARNINGS [ ON | OFF ] WHERE option-list WHERE options apply to disk files and diskfile-patterns only. WARNINGS options apply to disk files only. . INFO [ / OUT listfile / ] ALIAS { alias | ( alias [ , alias ] ... ) } [ [ , ] option ] [ , option ] ...
SAFECOM Command Syntax SAFECOM Command Syntax CI COMPARE INFO [ / OUT listfile / ] SECURITY-GROUP [ , ] sec-group-list [ [ , ] DETAIL ] INFO [ / OUT listfile / ] TERMINAL terminal-name INFO [ / OUT listfile / ] USER { user-spec | ( user-spec [ , user-spec ] ... ) } [ [ , ] option ] [ , option ] ...
SAFECOM Command Syntax SAFECOM Command Syntax audit-file audit-file : audit-file RESET object-type [ [ , ] object-attribute-keyword ] [ , object-attribute-keyword ] ... RESET ALIAS [ [ , ] user-attribute-keyword ] [ , user-attribute-keyword ] ... RESET SECURITY-GROUP [ [ , ] sec-group-attribute-keyword ] [ , sec-group-attribute-keyword ] ... RESET USER [ [ , ] user-attribute-keyword ] [ , user-attribute-keyword ] ... RUN program-file [ [ / run-option [ , run-option ] ...
SAFECOM Command Syntax SAFECOM Command Syntax object-attribute is one of: OWNER [owner-id] ACCESS access-spec [ ; access-spec ] ...
SAFECOM Command Syntax SAFECOM Command Syntax REMOTE NONE SET ALIAS [ , ] { LIKE alias | user-attribute } [ , user-attribute ] ... SET SECURITY-GROUP [ , ] { LIKE sec-group-spec | sec-group-attribute } [ , sec-group-attribute ] ... sec-group-attribute is one of: OWNER [owner-id] ACCESS access-spec [ ; access-spec ] ...
SAFECOM Command Syntax SAFECOM Command Syntax USER-EXPIRES [ date [ , time] ] PASSWORD-MUST-CHANGE [EVERY num DAYS] PASSWORD-EXPIRY-GRACE [num [DAYS]] PASSWORD-EXPIRES [ date [ , time] ] AUDIT-AUTHENTICATE-PASS [audit-spec] AUDIT-AUTHENTICATE-FAIL [audit-spec] AUDIT-MANAGE-PASS [audit-spec] AUDIT-MANAGE-FAIL [audit-spec] AUDIT-USER-ACTION-PASS [audit-spec] AUDIT-USER-ACTION-FAIL [audit-spec] TEXT-DESCRIPTION "[text]" REMOTEPASSWORD \system-name remote-password DEFAULT-PROTECTION [ obj-attr ] [ ( obj-attr
SAFECOM Command Syntax SAFECOM Command Syntax THAW object-type object-list [ [ , ] WHERE option-list ] WHERE option-list applies to disk files and diskfile-patterns only. THAW ALIAS { alias | ( alias [ , alias ] ... ) } [ [,] WHERE expression ] THAW SECURITY-GROUP sec-group-list THAW TERMINAL terminal-name THAW USER { user-spec | ( user-spec [ , user-spec ] ... ) } [ [,] WHERE expression ] VOLUME [ $volume ] [ $volume.
SAFECOM Command Syntax SAFECOM Command Syntax Safeguard Administrator’s Manual—523317-029 A-16
Index A ACCESS authorities for all objects 4-2 for devices and subdevices 4-4 for disk volumes 4-3 for OBJECTTYPE records 5-6 Access control lists device and subdevice priority 9-17 for terminals 7-1 process and subprocess priority 9-17 testing 8-1 volume, subvolume and disk-file priority 9-19 ADD ALIAS command 2-41 ADD DEVICE command 4-1, 4-4 ADD GROUP command 3-2 ADD OBJECTTYPE command 5-6 ADD SECURITY-GROUP command 6-4 ADD TERMINAL command 7-3 ADD USER command 2-12 ADD VOLUME command 4-1, 4-3 Adding a de
C Index C Changing a password 2-21, 2-22 Changing the owner of a user record 2-16, 2-17 CIIN file 10-7, 10-8 CI-CPU attribute 2-7 CI-LIB attribute 2-7 CI-NAME attribute 2-7 CI-PARAM-TEXT attribute 2-7 CI-PRI attribute 2-7 CI-PROG attribute 2-7 CI-PROG Safeguard attribute 9-33 CI-SWAP attribute 2-7 CMON attribute 9-35 Command interpreter specification for a terminal 7-2 for a user 2-37 for Safeguard configuration 9-33 precedence 7-2 Command syntax (SAFECOM) A-3 Commands for device security 4-1 for network
E Index DELUSER program 2-28, 10-9 DETAIL option of INFO OBJECTTYPE command 5-11 of INFO USER command 2-14 Device security commands 4-1 Devices adding to the Safeguard database 4-4 valid ACCESS authorities 4-4 DYNAMIC-PROC-UPDATE 9-5, 9-27 E Effective group ID 2-34 Establishing a network of users 2-27 Establishing a user community 2-5 Establishing network users 2-30 Exclusive access at Safeguard terminals 7-1, 9-36 Expiration date for users 2-17 F FREEZE DEVICE command 4-1 FREEZE OBJECTTYPE command 5-6
N Index N P NAMED process protection records 9-18 NAMELOGON attribute 9-35 Network users aliases as 2-33 defined 2-27 establishing 2-30 granting access to objects 2-29 identifying 2-28 managing with SAFECOM commands 2-28 managing with standard security 2-28 remote passwords for 2-29 PASSWORD 9-4, 9-7 Password 9-7 changing at logon 7-2 changing with PASSWORD program 2-20 compatibility mode 9-6 encryption 9-6 expiration 2-21, 9-7 expiration grace 2-23, 9-6 immediate expiration 2-23 maximum length 9-7 min
R Index Previous RVU, returning to 10-11 PRIMARY-GROUP attribute 2-11 Process stop modes 8-3 Protecting an entire object type 5-7 Protecting an object 4-2 R Remote passwords converting to Safeguard protection 10-9 for network users 2-29 REMOTEPASSWORD attribute 2-7 RESET DEVICE command 4-1 RESET OBJECTTYPE command 5-6 RESET USER command 2-12 RESET VOLUME command 4-1 RESET-BINARY-DESCRIPTION attribute 2-9 Returning to a previous RVU 10-11 RPASSWRD program 2-28, 10-9 S SAFECOM 10-1 command syntax A-3 comm
T Index for volumes 4-3 Specifying auditing for a user ID 2-25 Standard security programs 2-28 START SAFEGUARD command 10-4 Starting the SMP 10-7 STATIC-FAILED-LOGON-RESET 2-11 STOP SAFEGUARD command 6-2, 10-4 Subdevices adding to the Safeguard database 4-4 valid ACCESS authorities 4-4 Subject database 10-1 Super ID denial of authorities 5-8, 5-9 restricting authority 1-2 undeniable 10-5 Systemwide auditing for all objects 9-25 for devices 9-22 for disk files 9-24 for processes 9-23 for subvolumes 9-24 fo
W Index W Warning mode 8-1 WARNING-MODE Safeguard attribute 9-36 Special Characters $CMON 9-34 $SYSTEM.SAFE.A000000n 10-8 $SYSTEM.SAFE.CONFIG 10-8 $SYSTEM.SAFE.CONFIGA 10-8 $SYSTEM.SAFE.CONFIGP 10-8 $SYSTEM.SAFE.GUARD 10-8 $SYSTEM.SAFE.LUSERID 10-8 $SYSTEM.SAFE.LUSERIDG 10-8 $SYSTEM.SAFE.OTHER 10-8 $SYSTEM.SAFE.PATGUARD 10-8 $SYSTEM.SAFE.
Special Characters Index Safeguard Administrator’s Manual—523317-029 Index-8
