Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
Security Management Guide522283-008
3-1
3 Safeguard System Security
This section explains how to use Safeguard features to secure your system. Also read
Section 2, Guardian System Security, to become familiar with the basic Guardian
security features. Safeguard features provide additional capabilities in the following
areas:
Certain security operations, such as the management of user aliases and file-sharing
groups, are available only through Safeguard. Further, all users who work in the OSS
environment must be added and managed.
For a more complete introduction to Safeguard features, read the Guardian User’s
Guide and the Safeguard Administrator’s Manual
Authentication More control is provided over authentication attempts and
password management through global configuration attributes
and through individual user authentication records. Additionally,
you can apply special authentication features such as blind
logon and password expiration warnings. You can also define
user aliases, which give users alternate names with which to log
on to the system.
Authorization Protection of objects is extended to include volumes,
subvolumes, devices, subdevices, processes and subprocesses
as well as disk files. Each object can be protected by an
authorization record that contains an access control list (ACL).
An ACL allows you to specify access to a much greater level of
detail than you can have with Guardian security strings.
Auditing Records can be generated for attempts to access an object as
well as attempts to change the authorization record associated
with an object. You can also record attempts to log on and
attempts to change the user authentication records. Additionally,
you can audit the actions performed by specific users.
Administration The task of security administration can be distributed among the
security staff through OBJECTTYPE authorization and
membership in security groups. In addition, you can run other
programs directly from SAFECOM, the Safeguard command
interpreter.
Note. Safeguard access control lists generally have no effect on objects in the OSS
environment. For more information, see Section 4, OSS System Security. The OSS access
control lists are supported only on systems running G06.29 and later G-series RVUs and
H06.08 and later H-series RVUs.