Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Guardian System Security
Security Management Guide522283-008
2-18
$CMON
When Safeguard is installed on the system, the following EMS message is displayed if
the password configuration attribute, PASSWORD-COMPATIBILITY-MODE, is altered
using the PWCONFIG program.
When Safeguard is not installed on the system, the following EMS message is
displayed if the password configuration attribute, PASSWORD-COMPATIBILITY-
MODE, is altered using the PWCONFIG program.
$CMON
$CMON programs can monitor and control requests to the command interpreter and
the Safeguard subsystem, such as logon requests and explicit or implicit RUN
commands. For example, you could write a $CMON program that does not allow
certain individuals to log on during nonbusiness hours or from certain terminal
locations. $CMON programs can also require the use of user names (instead of user
IDs) and blind passwords during logon attempts.
$CMON programs monitor requests only to the command interpreter or the Safeguard
subsystem. Requests made through other programs, such as TEDIT, are not
monitored.
Protect the object code for $CMON programs so that only the owner has WRITE
authority.
For more information about $CMON, see the Guardian Programmer’s Guide.
Managing the Super ID
The super ID is user ID 255,255. Managing its use is crucial to protecting a NonStop
system because the super ID bypasses the protective restrictions that the operating
system applies to other users. In general, the less you rely on the super ID, the more
secure your system is.
Abilities of the Super ID
The super ID sets up a system initially and resolves system emergencies. It is not
intended for routine operational use.
TANDEM.SFG.H04 000100 \<system-name>.$SYSTEM.SYSnn.PWCONFIG:
Password configuration attribute PASSWORD-COMPATIBILITY-MODE
changed from ON to OFF
by <user name> at terminal <terminal name>
<system-name>.$SYSTEM.SYSnn.PWCONFIG:
Password configuration attribute PASSWORD-COMPATIBILITY-MODE
changed from ON to OFF
by <user name> at terminal <terminal name>