Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
131132133134135136137138139140
Concerns for the EDP Auditor
Security Management Guide522283-008
8-6
Security Event Exits
Use PERUSE to check the output of the DSAP program.
Review documentation for all PROGID programs. Make sure the programs are written
so they perform only specified tasks. Make sure only specified users can execute
PROGID programs.
PROGID programs run under the user ID of the owner, not under the user ID of the
person executing the program. Consequently, accountability is lost because audit
records show the owners ID, not the ID of the person running the program.
Only the primary owner of a program or the super ID can set PROGID.
Security Event Exits
If your system has an event-exit process installed to participate in security policy
enforcement, be sure you understand scope and function of the rulings made by the
process. Also be sure the event-exit process is properly secured and protected from
unauthorized alteration or the substitution of a Trojan horse program.