XYGATE Access Control Reference Manual
XYGATE
®
Access Control Reference Manual
Introduction
XYPRO Technology Corporation xxi Proprietary and Confidential
PARAM-TEXT = * NONE *
(255,255)-3 = ALTER TERMINAL $MYTERM,PROG $SYSTEM.XYGATEAC.XYGATEAC,PARAM-TEXT
SAFEGUARD-TACL
(255,255)-4 = INFO TERMINAL $MYTERM
TERMINAL $MYTERM STATUS FROZEN
PROG = $SYSTEM.XYGATEAC.XYGATEAC
LIB = * NONE *
PNAME = $MYTCL
SWAP = * NONE *
CPU = * NONE *
PRI = 150
PARAM-TEXT = SAFEGUARD-TACL
(255,255)-5 = THAW $MYTERM
(255,255)-6 = EXIT
After these changes are made and the TACLs are restarted using the new method, the
TACLs will all be controlled by XAC, and every keystroke made by the user will be
written to the AUDIT files. All three of these TACLs are defined to be USER
GROUP,USER, so the user must know his or her password to logon and no special
privileges will be granted. The only thing that will change in the environment is the
addition of keystroke auditing.
Secure OSS Shells
A secure OSS shell is installed during the XAC installation. An entry is put into the
XAC ACACL file and a service is added to the TELNET configuration. When all of this
is done, activity performed at the shell will be audited to the XAC audit log.
ACACL Command Entry:
COMMAND OSS-AUDITED-SHELL
OBJECT $system.xygateac.xygateoa
USER GROUP,USER
ACL $EVERYONE
OPENSBYOBJECTS \*.$*.*.*
START_LOGGED_ON
STARTUP "-xac"
USER_SWITCH PRIVLOGON
AUTHENTICATE_USER ON
PASSWORDTIMEOUT 1800
TIMEOUT 3600
The SCF program must be used to modify the services available to include the secure
OSS:
Example:
13> scf
SCF - T9082G02 - (06JAN06) (31OCT05) - 03/23/2011 07:44:42 System \XYS7000
(C) 1986 Tandem (C) 2006 Hewlett Packard Development Company, L.P.
(Invoking \XYS7000.$DATAA.XXXXX.SCFCSTM)
1-> assume process $ztnp2
PROCESS $ZTNP2 2-> info service oss,detail
TELSERV Detailed Info SERVICE \XYS7000.$ZTNP2.oss