Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

Safeguard System Security

Security Management Guide — 522283-021

3 - 16

Securing Critical Objects



HP subvolumes, such as $SYSTEM.SYSTEM, $SYSTEM.SYSnn, and the

$vol.SAFE subvolume on each disk volume



Subvolumes containing process snapshot (saveabend) files generated by the

Inspect subsystem. These subvolumes are named ZZSAPRIV and should be

secured to restrict read access.



Subvolumes containing the TMF audit trails



Subvolumes designated as Safeguard audit pools (which make up the security

audit trail)



Subvolumes specified as the default subvolume for each user



Subvolumes shared by user groups

Advantages of Subvolume Security

Whether you secure subvolumes depends on your security policy. You can use

subvolume security to supplement disk-file security.

Subvolume security offers several advantages:



There are fewer authorization records to manage. Because many files on a

subvolume might need the same protection scheme, you can protect them all with

one access control list on a subvolume. You can protect files that need special

protection with their own disk-file authorization records.



Subvolume authorization records ensure that all files on the subvolume are

protected to some degree (with proper Safeguard configuration settings).



Because individual departments can keep their files confined to a few subvolumes,

you can more easily tailor the security of the files to the needs of the department.

The Safeguard software must be properly configured to recognize subvolume

authorization records. In particular, the CHECK-SUBVOLUME attribute must be set to

ON. However, a few other configuration attributes also affect how subvolume

authorization records are handled. Consider the following configuration settings:

DIRECTION-DISKFILE FILENAME FIRST

COMBINATION-DISKFILE FIRST-ACL

CHECK-VOLUME OFF

CHECK-SUBVOLUME ON

CHECK-FILENAME ON

With these settings, the Safeguard software first checks for a disk-file authorization

record. If one exists, it is used to determine access. If no disk-file authorization record

exists, Safeguard checks for a subvolume authorization record. If one exists, the

subvolume record is used to determine access. If no authorization records exist,

Guardian security is used.

Note. The Safeguard software checks for CREATE authority on VOLUME and SUBVOLUME

records regardless of the CHECK-VOLUME and CHECK-SUBVOLUME configuration settings.