Security Management Guide (G06.24+, H06.03+)
Guardian System Security
Security Management Guide—522283-008
2-25
General Comments
Monitoring for Changes
Both the security administrator and the system manager should maintain a list of
licensed programs.
The system files that require licensing can vary from one RVU to another. To determine
which files need to be licensed, consult the CUSTFILE files. The CUSTFILE indicates
licensing requirements in section 2 with an L in column 62 for modules that must be
licensed. (INSTALL uses this information to determine if a module should be licensed
when it is moved in the REPSUBSYS phase or restored from a system-image tape
(SIT) in the RESTSYS phase.)
Routinely monitor the system, and revoke any unauthorized license.
General Comments
Licensing is not just a simple way to gain privileges for a program. Licensing treats the
program as part of the operating system. A licensed program has the potential to
bypass known, documented, and tested interfaces.
Writing code for a licensed program requires an intimate knowledge of the operating
system code and should be undertaken only by programmers having access to
operating system source code.
Even after extensive testing and revision, licensed programs can contain residual bugs
that might seriously interfere with operating system functions.
A licensed user-written program might be RVU dependent and could be affected by
changes in the internal operating system structures from one RVU to another. Such a
licensed program can fail or do great harm, also causing the system to halt, under one
RVU although it worked perfectly under a previous RVU. HP does not accept
responsibility for the effects of user-written programs functioning at the level of the
operating system and does not support such programs.
Detecting Licensed Programs
To list the names of all licensed programs residing on a disk volume, use the DSAP
command. For example, this command lists the licensed programs on volume
$SYSTEM:
1> DSAP $SYSTEM,LICENSED
...
User
Name/ID Filename Type Code ...
SUPER.SYS
(255,0) SYS00.ADDUSER 100L
SYS00.BACKUP 100L
SYS00.CMP 100L