Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

Safeguard System Security

Security Management Guide—522283-008

3-15

Securing Critical Objects

What Processes Should Be Secured?

Secure process names used by the operating system and the Safeguard software.

Also secure process names or subprocess names used by your applications.

The following list includes some process names you should secure:

•

$CMON (Command Monitor)

•

Pathway Monitor (usually $PM)

•

Spooler Supervisor (usually $SPLS)

•

Spooler Collector Names (usually $S, $S1, $S2 and so on)

In general, you should grant READ and WRITE authority to any users who need to

open a process. For some processes, this might include most users on the system.

Grant CREATE, PURGE, and OWNER authorities to a small set of trusted users. For

example, you might need to grant CREATE and PURGE authority to the operations

staff and grant OWNER authority to a few members of the security staff.

Additionally, create an authorization record for OBJECTTYPE PROCESS. This record

is used to control who can protect process names with Safeguard access control lists.

Without an OBJECTTYPE PROCESS record, any user can add a Safeguard record for

a process name (regardless of ownership), thereby gaining control of the process.

OBJECTTYPE PROCESS also controls who can create the special records NAMED

and UNNAMED. This feature is important because whoever is granted PURGE

authority on the access control lists for these two records can stop any process on the

system.

Securing Subvolumes

The advantages of subvolume security follow. If you use subvolume security, consider

securing the following subvolumes:

•

Subvolumes used by your applications

•

HP subvolumes, such as $SYSTEM.SYSTEM, $SYSTEM.SYSnn, and the

$vol.SAFE subvolume on each disk volume

•

Subvolumes containing process snapshot (saveabend) files generated by the

Inspect subsystem. These subvolumes are named ZZSAPRIV and should be

secured to restrict read access.

•

Subvolumes containing the TMF audit trails

•

Subvolumes designated as Safeguard audit pools (which make up the security

audit trail)

•

Subvolumes specified as the default subvolume for each user

Note. The process names $ZSMP and $ZSMP. #ZSPI should not be secured. Also, you

cannot secure the process name $0 with the Safeguard software