Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
61626364656667686970
Safeguard System Security
Security Management Guide 522283-021
3 - 8
User Configuration Issues
Default Protection
Consider DEFAULT-PROTECTION for a users Guardian disk files. It guarantees that
Safeguard authorization records are created for any files the user creates in the
Guardian environment. The DEFAULT-PROTECTION attribute allows you to specify a
default access control list for a user’s files. Specify more restrictive access control lists
for some users than for others, depending on what type of files they manipulate.
After you determine what type of default access control list you want for a user’s files,
decide whether you want the user to own the authorization records for the files. If the
users own their own records, they can change the security attributes, including the
access control list. Sometimes only the user can determine appropriate security for a
particular file. Again, your security policy should state whether users can control the
security of their files.
The following SAFECOM command alters the user record for PROG.DONNA by
specifying DEFAULT-PROTECTION for her files:
=ALTER USER prog.donna, DEFAULT-PROTECTION (ACCESS &
=10,200 (r,w,e); (4,*, 8,*) r, OWNER sec.admin)
The preceding command gives PROG.DONNA READ, WRITE, and EXECUTE
authority for any files she creates. It also gives anyone in group 4 and group 8 READ
authority for files created by PROG.DONNA. In this case, PROG.DONNA cannot
change the default security for her files because the authorization records are owned
by SEC.ADMIN. As this example shows, enclose all DEFAULT-PROTECTION
attributes in parentheses.
User Configuration Issues
Your security policy might require management of logon attempts and passwords. You
can use some of the Safeguard configuration attributes to help.
If a SECURITY-ADMINISTRATOR security group has been created, you must be a
member of this security group to configure the Safeguard software. Otherwise, you
must be a super-group user.
Logon Configuration
The following Safeguard configuration attributes control logon attempts (default values
enclosed in parentheses):
AUTHENTICATE-MAXIMUM-ATTEMPTS (3)
AUTHENTICATE-FAIL-TIMEOUT (60 seconds)
AUTHENTICATE-FAIL-FREEZE (OFF)
These attributes help you defend against trial-and-error attempts to log on.
AUTHENTICATE-MAXIMUM-ATTEMPTS limits the number of failed attempts before a
freeze or timeout occurs. If this number is exceeded, one of these two events occurs: