® ™ XYGATE Compliance PRO Reference Manual HP Part Number: 641881-002 Published: August 2013 Edition: J06.03 and subsequent J-series RVUs. H06.03 and subsequent J-series RVUs. G06.10 and subsequent G-series RVUs.
© Copyright 2013 Hewlett-Packard Development Company, L.P Legal Notice Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
Publication History Software Ver. Description Date 2.60 Reformatted for new template. Jan. 2011 2.70 Added new sections: Service Process Tab, Selecting Collection Files for Hashing, Integrity Checks for Guardian Files and OSS Files; added new SWCONF keywords: CPU_HASH_LIST and HASH_PRIORITY. Jan. 2012 2.80 New and updated screens provided; added references for using IPV6; added Chapter 12.
CONTENTS Introduction ............................................................................................ xiii Features .................................................................................. xiii Architecture .............................................................................. xv What’s New in this Release............................................................ xvi General Syntax Notation ...............................................................
XYGATE® Compliance PRO™ Reference Manual Contents 2.3.8 Chapter 3. Generating Reports .................................................. 36 2.4 Children Windows ................................................................ 38 2.5 Pop-up Windows .................................................................. 39 Starting Compliance PRO (XSW) the First Time ...................................41 3.1 Install Database and Start the Connection Wizard .......................... 42 3.
XYGATE® Compliance PRO™ Reference Manual Contents 4.10.1 4.10.2 4.10.3 4.10.4 Service Process Tab.................................................. 80 Service Process Monitoring Function .............................. 83 Database Locations Tab ............................................. 86 Host Environments Tab.............................................. 89 4.11 XSW Exception Processor ....................................................... 90 4.11.1 Exception Error...................................
XYGATE® Compliance PRO™ Reference Manual Contents Chapter 6. Chapter 7. Chapter 8. Data Discovery Rules ................................................................. 125 6.1 Entities and Attributes .........................................................126 6.2 Generating a Basic Query ......................................................128 6.3 The Predicate as the Rule Selection Criteria ...............................129 6.3.1 Applying the Rule Selection Criteria to a Collection...........
XYGATE® Compliance PRO™ Reference Manual Contents 8.9 Chapter 9. Copying 8.9.1 8.9.2 8.9.3 8.9.4 8.9.5 Best Practices and Custom Best Practices ........................162 Copying Logic ........................................................162 Copying Rules from One Node to Another Node ................164 Target Node Selection..............................................165 Copy Results Message Box .........................................166 Resolution Screen .......................................
XYGATE® Compliance PRO™ Reference Manual Contents 11.7.1 11.7.2 Files by User Query .................................................195 Files Owners Query .................................................195 11.8 XAC Access Analysis .............................................................196 11.8.1 The XAC Access Queries ............................................197 11.8.2 ACLGROUPS Query ..................................................198 11.8.3 ALLOW/DENY by Command Query ....................
XYGATE® Compliance PRO™ Reference Manual Contents A7: BATCH_SCHEDULER .............................................................231 A8: BATCH_TYPE .....................................................................231 A9: COLLECTOR ......................................................................231 A10: COMPANY_NAME .................................................................232 A11: CONCURRENT_JOBS .............................................................232 A12: CPU_HASH_LIST ..
XYGATE® Compliance PRO™ Reference Manual Contents Appendix D: XSW Host Error Messages ............................................................ 255 Glossary ........................................................................................... 257 Index ...........................................................................................
Introduction Welcome to the XYGATE® Compliance PRO™ software module. XSW is designed to make it easy for you to research the security on your HP NonStop™ server, report on the information found and build policies that monitor the state of the security rules in your environment. This allows you to compare your existing security against supplied PCI, SOX, HIPAA and standard best-practice policy recommendations.
XYGATE® Compliance PRO™ Reference Manual Introduction Once the data is integrated into the PC or network server database, there are several ways to make enquiries of the data. Some of these methods are automated. Others allow you to query the data and build your own rules. Data Discovery Queries Data Discovery Queries are SQL queries built by the user using an easy interface that allows the query to be built using drop-down lists for items to be queried and values to query for.
XYGATE® Compliance PRO™ Reference Manual Introduction Architecture XSW consists of a server on each one of your NonStop hosts, a client on your PC and several ACCESS databases of information that can be stored in the same or different locations on your PC or on a network server.
XYGATE® Compliance PRO™ Reference Manual Introduction PC that will be querying the data and on the PC that controls the data collection definitions. (Please note that the PC GUI installation controlling the data collection can also be used to query the data.) The ACCESS tables containing the data can be located anywhere on the network that is accessible to the various GUIs querying the data.
XYGATE® Compliance PRO™ Reference Manual Introduction General Syntax Notation The following list summarizes the notation conventions for syntax presentation in this manual. UPPERCASE LETTERS. Uppercase letters indicate keywords and reserved words; enter these items exactly as shown. Items not enclosed in brackets are required. For example: MAXATTACH < > Angle Brackets. A pair of matching angle brackets indicate variable items that you supply but without the brackets.
XYGATE® Compliance PRO™ Reference Manual Introduction … Ellipsis. An ellipsis immediately following a pair of brackets or braces indicates that you can repeat the enclosed sequence of syntax items any number of times. For example: M [ , ]... [ - ] {0|1|2|3|4|5|6|7|8|9}... An ellipsis immediately following a single syntax item indicates that you can repeat that syntax item any number of times. For example: "s-char..." Punctuation.
XYGATE® Compliance PRO™ Reference Manual Introduction Additional XYPRO Reference Manuals A number of XYGATE client windows can be used to report from the XSW database to monitor alerts from NonStop systems and to modify the configuration of host XYGATE modules. The reference manuals for the client components are part of the XYGATE Online Help (XOH) package. After installing XSW on the host system, find the IXOHEXE file, FTP it in binary mode to your PC workstation, and then rename it to XOHINST.
Chapter 1. Installing Compliance PRO (XSW) This chapter describes the installation procedure for the XYGATE Compliance PRO (XSW) software using the AutoInstall script. 1.1 Pre-Installation Considerations 1. Map the node connections you will make to gather the data.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) The first time you use the XSW software, we recommend running a manual collection and load. At this point you can connect to other nodes as needed, create collections, download collected data, generate queries against that data, develop policies and examine Best Practices as needed. 1.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) A SUPER logon or other method to LICENSE programs EDIT, FUP, RESTORE, UNPAK, TACL, SCF, PSTATE, PERUSE, SPOOLCOM, VPROC A TMF audited volume PATHCOM to start a Pathway environment. User-Defined Configuration Values Required for AutoInstall You have the option of specifying the user-defined values shown in Table 1 when using the AutoInstall script.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Table 3 defines default configuration values and file locations that will be generated automatically by the AutoInstall script. Table 3: AutoInstall-Assigned Default Values or Locations Config File Configuration Settings Default Values Assigned by AutoInstall Script or Locations A staging subvolume for installation only. May be removed after installation has been completed.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Config File Configuration Settings Default Values Assigned by AutoInstall Script or Locations TRCONF XTR option REPORT_OWNER 0,0 TRCONF XTR option TR_MASTER_SUBVOL $VOL.XYGATETR TRCONF XTR encryption options OFF TRCONF XTR SSL options OFF TRCONF XTR monitor/debug options OFF TRACL XTR/XSW $OWNER Authorized users OWNER running the script + SUPER.SUPER TRACL XTR option TR_INSTALLATION IP + Port# 1.3.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Example: Enter XTR volume <$DAT90>? In the above example, $DAT90 is accepted as the default XTR volume. Script prompts will return an error to the screen if the entered value is not valid. You can then change your response to a valid entry. Example: Enter XTR volume <$DAT90>? Zmywrk Invalid volume entry, try again Invalid response You can end the script by pressing Ctrl+Y at any prompt.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) 4. You are now ready to run the AutoInstall script. Review the questions you will be asked during this script and obtain any answers from your system manager. 5. Obey the file IXYBIN to unpack executable files and prepare them for the automated install script.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) SUPER.SUPER) at the time of the initial installation, the user has the option to stop the installation. The next time the user runs the IWIZARD, the installation process will continue from the point where it was stopped. Are you ready to continue ? Y The AutoInstall script will attempt to locate any installed XTR environments and will display these located environments as shown below.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Discovering XSW ($*.*) ... Discovery complete. SEL --1) LOCATION VERSION OWNER AVAILABILITY ----------------- ------- ----------------- -----------$VOL.JIM XYPRO.JAMES Available P) Prompt for new location Available Press BREAK or -Y to exit.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Only and SUPER.SUPER will be authorized to use XYGATE GUI programs. You can optionally authorize additional users and aliases by entering them at the next two prompts. Pressing without providing additional users or aliases means no additional users or alias will be authorized. If this is a new install, you will be asked for any additional users/aliases (90-characters max.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Example: TACL> RUN \X.$VOL.ZXYPROSW.LICENSES File Utility Program - T6553H01 - (26APR2010) System \X (C)1981 Tandem (C)2006 Hewlett Packard Development Company, L.P. license $VOL.XSW160.USERINFO license $VOL.XSW160.ACLINFO license $VOL.XSW160.OSSLIB secure $VOL.XSW160.xygatesw,,progid secure $VOL.XSW160.xyswstrt,,progid Licensing $VOL.XTR156.ADOPT Licensing $VOL.XTR156.USERINFO TACL> Logoff as the SUPER.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) more information on LISTNERs (refer to “Additional XYPRO Reference Manuals” in the “Introduction” for the instructions on how to get this and other XYPRO manuals). WARNING: The start listner macro is intended for testing your XYGATE/TR configuration. For production usage, you must use the HP Listner by making entries in your PORTCONF. XYLISTEN has bound to port : 1121 Listner process $Y4LA started. Taking inventory ...
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Example: $MYVOL ZXYPROSW 3> FUP PURGE $MYVOL.ZXYPROSW.* ! 3. Duplicate the DSV to the new location. If you know the location of the initial installation staging subvolume, overwrite that using the PURGE option of FUP. This will ensure that the installed environments are correctly upgraded to the most current product. Syntax: $MYVOL ZXYPROSW 3> FUP DUP [$VOL].ZXYPROSW.* EXCLUDE Z*,[$VOL].[NEWSVOL].
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Example: TACL> RUN IWIZARD Initializing config file ... Done initializing config file. Warning: Access to SUPER.SUPER (or an alias to SUPER.SUPER) may be required to complete the installation of each XYGATE product. During the installation, if the need for SUPER.SUPER arises, the installation will be paused and the user will be asked to issue specific commands from another TACL prompt while logged on as SUPER.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) The AutoInstall script will attempt to locate any already installed XSW environments and display these located environments as shown below. Discovering XSW ($*.*) ... Discovery complete. SEL --1) 2) LOCATION VERSION OWNER AVAILABILITY ----------------- ------- ----------------- -----------$VOL.JIM XYPRO.JAMES Available $VOL.XSW160 2.60 XYPRO.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Please go to another TACL session, logon as SUPER.SUPER or an alias of SUPER.SUPER, and license these files. You may continue when this has been done. If you decide not to continue, the next time the wizard is run, the wizard will continue where you last stopped. To license these files, enter the following commands: FUP LICENSE $VOL.P46DSDST.IADOPTN4 Are you ready to continue ? Do not answer the prompt yet.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Do not answer the prompt yet. Start another TACL session using a SUPER logon, and perform the licensing tasks as directed by the script. The specific licensing instructions vary depending on which products were installed or upgraded. Licensing requirements are to be performed by a SUPER logon for XTR only: Example: TACL> RUN $VOL.XTR156.XTR INSTALL TACL> XTR_FINISH_INSTALL Licensing $VOL.XTR156.ADOPT Licensing $VOL.XTR156.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) 1.4.2 Running the XSW AutoInstall Upgrade Access to SUPER.SUPER (or an alias to SUPER.SUPER) will be required during the upgrade to perform necessary licensing tasks in a separate TACL session. This requirement will be indicated by the AutoInstall script and is also documented in this procedure.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) SEL --1) LOCATION VERSION OWNER AVAILABILITY ----------------- ------- ----------------- -----------$VOL.XTR156 1.56 XYPRO.JAMES Available P) Prompt for new location Available Enter available selection: To run an upgrade, choose the number (under the SEL heading) of the existing environment to be upgraded. Only environments that are owned by your userid are available to be upgraded.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) If the installed software is older than the current version, the script will notify you and perform the upgrade. Upgrading the XSW software requires licensing of one of the installation programs to perform this function. Comparing installed version of XSW to available version ... A higher version of XSW was found. XSW will be upgraded. Installing XSW from \X.$VOL.ZXYPROSW ... Install of XSW complete.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Taking inventory complete. Validating the installation ... A final status screen will display the current XSW environment. Product -------XSW XTR Distribution Version -------------------2.60 1.56 Installed Version ----------------2.60 1.56 Listner is running and listening on port 1121. ----------------------------------------------------------------Validation finished.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) The AutoInstall script will attempt to locate any already installed XTR environments and display these located environments as shown below. Establishing product locations ... ------------------------------------------------------------------------------The XYGATE Transaction Router (XTR) is used to provide communication between XYGATE GUI products and their HP NonStop server counterparts.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) If this is an upgrade, choose the number of the existing environment to be upgraded. Only environments that are owned by your userid are available to be upgraded. Other environments are shown for information only. Enter available selection: 2 Updating config ... Config updated. Product locations established. Performing verifications ...
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Do not answer the prompt yet. Start a separate TACL session using a SUPER logon, and perform the necessary licensing tasks as shown in the Example below. Example: TACL> FUP LICENSE $VOL.P46DSDST.IADOPTN4 TACL> Logoff as the SUPER.SUPER or SUPER alias When you complete the licensing tasks, answer Y to the prompt to continue. Are you ready to continue ? Y Establishing product locations ... Product locations established.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) When you complete the licensing tasks, answer Y to the prompt to continue. Are you ready to continue ? Y Establishing product locations ... Product locations established. Performing verifications ... Verifications complete. Installing products: If the installed software is older than the current version, the script will notify you and perform the upgrade.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) 1.5 Uninstalling XTR and XSW Using the Auto Uninstall Script The Auto Uninstall script is designed for an easy removal of the XSW and XTR server programs, and files. It should only be run if the IWIZARD was run to install or upgrade the XSW and/or XTR environments and you want to completely remove the XSW and XTR environments. 1.5.
XYGATE® Compliance PRO™ Reference Manual Chapter 1. Installing Compliance PRO (XSW) Examining environment ... Done examining environment. XYGATE XTR and XSW Products Uninstall WARNING: This will remove ALL files from the following locations, even if the product was not recently installed or upgraded: XTR Installed files XSW Installed files on \X.$VOL.XTR156 on \X.$VOL.XSW160 Are you ready to continue ? If you wish to uninstall these XSW and XTR environments, enter Y to continue.
XYGATE® Compliance PRO™ Reference Manual Chapter 1.
Chapter 2. The Compliance PRO (XSW) Environment This section discusses the configuration and general usage of the XSW GUI interface. Click on the XYGATESW icon to start and display the XYGATE Compliance PRO screen shown below.
XYGATE® Compliance PRO™ Reference Manual Chapter 2. The Compliance PRO (XSW) Environment 2.1 The XSW Main Treeview Tab The functions of the Compliance PRO (XSW) module are divided into seven categories. The expanded XSW Main tree tab is shown below. Collection Specifications Data Discovery Rules System Policy Analyzer Best Practice Policy System Integrity Checks XYGATE Products Configuration Access Analysis Mapping 2.1.
XYGATE® Compliance PRO™ Reference Manual Chapter 2. The Compliance PRO (XSW) Environment Example 1 reviewing a set of system policies: 1. Right-click the System Policy Analyzer line and then select Expand Tree to expand the whole tree. 2. Select a policy to display by doubleclicking on the name of the policy or right-clicking on that name, and then select Review Results to display the data. This displays the System Policy Analyzer screen for the selected policy. 3.
XYGATE® Compliance PRO™ Reference Manual Chapter 2. The Compliance PRO (XSW) Environment 2.2 Treeview Ruler Colors The Compliance PRO (XSW) treeview displays various icons to show you graphically which data items are present. These icons are explained below. Yellow ruler: Data Discovery Rule/Query Gray ruler (not shown): policy is obsolete. More recent data has been collected for the entities referenced in the policy but that dataset has not yet been applied to it.
XYGATE® Compliance PRO™ Reference Manual Chapter 2. The Compliance PRO (XSW) Environment 2.3 The XSW Tree Tabs The Compliance PRO (XSW) functions are divided into seven categories as shown in the XSW Main tab in the previous section 2.1, “The XSW Main Treeview Tab.” You can define up to three additional tree tabs to reference specific System Policies, Best Practices, Integrity Checks, and Access Maps under alternate naming conventions. These three additional tabs can be used for any purpose.
XYGATE® Compliance PRO™ Reference Manual Chapter 2. The Compliance PRO (XSW) Environment To rename or update a tab, right-click on the tab name and select Rename or Update Tab. Renaming a tab also does not delete the rules that have been associated with this tab name. You can also assign a description to this tab. The XSW Main tab is usually the top tab, which controls the treeview that is displayed when XSW is started.
XYGATE® Compliance PRO™ Reference Manual Chapter 2. The Compliance PRO (XSW) Environment The alternate tree tab setup fields are as follows: 1 Tree Tab selection from the pull down list. 2 The node selection from the pull down list is available for System Policies only; otherwise, the node is defaulted. 3 Group Options: Select a pre-existing group name from the list or create a new one. Descriptive text can be added or updated.
XYGATE® Compliance PRO™ Reference Manual Chapter 2. The Compliance PRO (XSW) Environment Here are the rules for copying reports on tree tabs: • Existing reports of the same name are not overwritten. If there is a difference in the underlying policy, this is neither updated nor evaluated, only the duplication of name is checked. • Reports that are not supported by an underlying policy are skipped. This most often happens when copying from one node to another node. 2.3.
XYGATE® Compliance PRO™ Reference Manual Chapter 2. The Compliance PRO (XSW) Environment Updating Reporting Options Each alternate report has several options associated with it as shown in the screenshot below. These options are the same as the underlying policy options; reference, description, notification, priority and auto-export, but can be setup differently from the underlying policy.
XYGATE® Compliance PRO™ Reference Manual Chapter 2. The Compliance PRO (XSW) Environment 2.4 Children Windows When you select a functional item from the treeview, a child window is usually displayed. Children windows can be cascaded, tiled, minimized, etc., so that you may view multiple windows and navigate back and forth between windows. Children windows “pop out” of the form and are moveable by clicking on the title bar, holding the left-mouse button and moving the window.
XYGATE® Compliance PRO™ Reference Manual Chapter 2. The Compliance PRO (XSW) Environment 2.5 Pop-up Windows Some windows are pop-up in nature to supply information for the application. Once the information is entered, the window is closed.
XYGATE® Compliance PRO™ Reference Manual Chapter 2.
Chapter 3. Starting Compliance PRO (XSW) the First Time The first time you start Compliance PRO (XSW), you will go through the following steps: 1. Installing your databases by creating new data subdirectories in your Documents and Settings folder (refer to section 3.1 on page 42); at this point you will be prompted to start the Connection Wizard to set up your first collection. 2. Setting up the user’s preferences (refer to section 3.2 starting on page 45). 3.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 3.1 Install Database and Start the Connection Wizard The first time you start XSW, you will be prompted to create the subdirectories where the XSW data is stored. Click OK to start the creation. At the end of the create operation, the line The installation of XYGATE/SW for this user has been completed successfully will appear on the window shown on page 43. Click Finish to continue.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time If you want to attach to existing databases elsewhere on your network, let XSW create its local files and then select Database Configurations from the Tools menu to attach to a different database. 1. Click OK to complete the steps shown in the remainder of this chapter. 2. Click Cancel to do each step by hand.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time After the database is created, you will be asked if you want to start the Connection Wizard as shown on the following screen. 1. Click Yes to complete the steps shown in the remainder of this chapter. 2. Click No to use only the demonstration data included with the software. 3. Click Cancel to do each step by hand.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 3.2 Setting the User Preferences The first step of the process is to set the user’s preferences that will control how the software acts for this particular user. Select either File > Preferences from the main menus, or click the Preferences button on the toolbar to display the User Preferences screen. 11 1 2 3 4 5 6 7 8 9 10 1 Enter your email user name in the Default E-mail user name field.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 6 If you want to use a specific collection for all queries, set that query name here; otherwise, this field will record the name of the most recent collection. When you first install the software and before you have loaded any data collections, this field will be set to XSW Demo Collection. 7 When the treeview appears, only failed policies can be displayed or all policies can be displayed.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 11 12 13 14 15 16 17 18 19 20 12 Select the default date format from the drop-down list to use for reports. 13 Select to implement the Auto-archive function for any collection. Auto-archive enforces that the collections generated in the XSW application are archived to a second location. The location is defined in the next field (item 14).
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 15 Select Yes or No to implement the Auto-export function for defining all entities. Auto-export allows you to automatically create files containing the data for entities that have been generated in the XSW application. For instance, you can export a file containing Access Mapping data. The exported file can be then used within other tools or applications.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 3.3 Connect to Host Node After you have set your preferences, you will be presented with a connection configuration screen as shown below. 1 Enter the TCP/IP address (IPV4 or IPV6 or DNS name and communication port for the Transaction Router server (XTR server)) on the node you wish to connect to. Note: To use IPV6 addresses as a client and host connection, the XSW 2.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 6 Messages about the host connection will be displayed in this box. A pop-up window will appear prompting you to accept a security certificate. Select View Certificate. Note: This message will only appear for the first connection. After that, the certificate will be used automatically. The host connection dialog displays in the box at the bottom of the screen.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time After the collection is started, you may switch to the Collection Status tab shown below to see the progress of the first collection being created. At this time, you can continue with other work while the dataset collection runs in the background. You can also click Refresh at any time to see how much progress has been made on the host collection of data.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 3.5 Downloading the First Collection When the dataset collection is complete, the Start Load button will be enabled on the Collection Status table of the Collection Wizard page. Click Start Load, and the Collection Loader will be displayed to start downloading the dataset.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 3.7 Reviewing the First Set of System Policies After the first collection is loaded, the policies that are delivered with the software will be updated with your new collection’s information. You now have access to the most popular policies as applied to your data. You can display one of these policies shown above as follows (refer to section 2.1.1 on page 30 for the steps on navigating the treeview): 1.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 3. To print the above report, click Report in the upper right-hand corner. 4. Click OK on the Output Selection screen to accept the default values and display the reports. 5. Click the Save File icon to save the report to your PC, or click the Print icon to print it to a printer. The data on the policy documents some security aspect of your system using a pattern to check for items that match the pattern.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time You can display one of these best practices policies shown above as follows (refer to section 2.1.1 on page 30 for the steps on navigating the treeview): 1. Expand the Best Practice Policy section by right-clicking the Best Practice Policy line and selecting Expand Tree. All of the Best Practice categories will be expanded for each NonStop host you have defined. 2.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 3.9 Reviewing the First Set of Integrity Checks After the first collection is loaded, the integrity checks that are delivered with the software will be updated with your new collection’s information. You now have access to the integrity check data as applied to your nodes. You can display one of the integrity checks policies shown above as follows (refer to section 2.1.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 2. Select an Integrity Check result set by double-clicking on the result name, or by right-clicking the result name and selecting Review Results. The Review Data Results screen appears as shown above. 3.10 3. Double-click in the left margin of a single item to display the Item Detail screen for that item. 4.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 3.11 Reviewing the First Set of Access Analysis Maps After the first collection is loaded, the access analysis mapping function for any collected nodes is available as shown in the screenshot below. You now have access to the access analysis maps as applied to your nodes. 3 5 6 4 You can display one of the Access Analysis Maps policies shown above as follows (refer to section 2.1.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time 4 Select the query type you want from the Query Type drop-down list. Depending upon the query, you may be asked to make additional selections from drop-down boxes of userids and aliases on the system or file masks. 5 Click Execute to generate the access analysis.
XYGATE® Compliance PRO™ Reference Manual Chapter 3. Starting Compliance PRO (XSW) the First Time After right-clicking the PCI report tree item and selecting Review Results, the form displayed below is the PCI requirements results form for a System Integrity Check.
Chapter 4. Common Screen Functions Children windows have many common features and many features unique to their special function. The common features are detailed below and not with each functional screen. 4.1 The Grid Views Most children windows display data, such as the results of a query, in a grid form as shown below. Grid Buttons The grid functions are as follows: 1 The grid can be grouped by pulling a column header to the top gray area of the grid.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4 5 One row can be selected by clicking the row indicator on the left of the row or by clicking any cell in a row. Multiple rows can be selected by clicking the row indicator and 1) using the Shift+ click method to select a group of contiguous rows, and 2) using the Ctrl+ click method to select non-contiguous rows. Columns can be selected by holding down the Shift key and then clicking the column header.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions E-Mail Send selected rows to generate an email message containing formatted data that can be addressed to appropriate parties. You fill in the remainder of the text. Print Memo Send selected rows to generate formatted text to be printed. Exclude Exclude items from a policy. As long as the item retains the current value, it will never be marked ‘failed’ again – it will always be assumed correct.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.2 Displaying a Drilled-Down Row To display the text details for a specific item, double-click on a row on a grid to bring up the detailed drilled-down format display. The drilled-down display is text-based and appears similar to the screenshot below. Click Report to display the preview screen shown below.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.3 Sending Email for a Selection XSW allows you to send email to others with a formatted block of text showing the selected items from a grid. To send an email, select the rows you want to include in your email message. Note: The default email Interface is set up on the User Preferences screen (item 2 on page 45). There are some minor differences in email platforms.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.4 Saved References for Policies XSW allows you to assign references, priority and notification information only to a System Policy Analyzer (page 67), Best Practice Policy (page 68), System Integrity Checks category (page 69), Access Analysis Mapping (page 70) or alternative tab report. These references are used to identify features of each individual policy when reporting, emailing, and updating, etc.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.4.1 System Policy Analyzer Select and expand System Policy Analyzer (see section 2.1, pages 30 and 31). Right-click a policy class item and select Review Results. The System Policy Analyzer screen appears as shown below. This has the Policy Class, Policy Name and Policy Description which you can edit in the next screen. Select a Policy Class and Policy Name from the drop-down lists.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.4.2 Best Practice Policy Select and expand Best Practice Policy (see section 2.1, pages 30 and 31). Right-click a \node name and select Review Results. The Best Practice Policy Analyzer screen appears showing the Node Name, Category and Policy Description which you can edit in the next screen. Select a Node Name and Category from the drop-down lists. This updates the screen and the top row of tabs (shown below).
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.4.3 System Integrity Checks Select and expand System Integrity Checks (see section 2.1, pages 30 and 31). Right-click a \node name and select System Integrity Rule Builder. The System Integrity Rule Builder screen appears showing the Node Name and Check Entity drop-down lists. 6 1 4 2 5 3 Select a Node Name and Check Entity from the drop-down lists to update the screen.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.4.4 Access Analysis Mapping Select and expand Access Analysis Mapping (see section 2.1, pages 30 and 31). Right-click a \node name and select Build Access Map. The Access Analysis Mapping screen appears showing a row of tab names, and their respective Query Type and User/Group Selections drop-down lists. 1 2 4 6 5 3 Select a tab name (Guardian, OSS, Safeguard, etc.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.5 Exporting Results for Policies XSW allows you to export the data of a System Policy, Integrity Check, Best Practice category or Access Map.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.5.1 Exported File Naming Convention Exported files are saved in the export location with a naming convention of: Example: D:\Export Loc\Node1\SFG (My Collection)\ACLs by User_20071219_085604.xml \System Policies \Collection Name \Policy Class Name \Policy Name_nnnn.ext \Best Practices \Best Practice Node \Best Practice Entity \Category_nnnn.ext \Integrity Checks \Integrity Checks Node \Integrity Checks Entity \Category_nnnn.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.5.3 Setting Auto-Export ON/OFF Auto-export can be set up on any individual System Policy, Integrity Check, Best Practice category and saved Access Map, as well as any alternate tree tab report. If the user preferences are set up to allow auto-export, you can use treeview shortcuts to turn auto-export ON or OFF.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.6 Send To Selected rows or the entire grid can be exported to a file, the clipboard or formatted to print as a report. The Send To grid button (refer to the screen image in section 4.1 on page 61) has numerous variations and selections to allow you to format, save and print data from the grids.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 2 Include: If no selections have been made on the underlying grid, the Entire Grid selection is the only selection available. If selections are active in the underlying grid, then the Selection radio button is checked, but you may override this to the entire grid. 3 Add a Checklist Column: If desired, you can add an empty column to the resulting file or report.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions If you selected Send to Printer, the dialog box will appear as shown below.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.7 XSW Summary and Detailed Reports Each function of XSW provides Summary and Detailed reports. These reports differ from the reports that can be generated from the Send To function button (section 4.1 on page 61) in that they are pre-defined for the columns and rows that are presented. They also have a different format than the Send To printable features.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.8 The Properties Window The Properties window provides high-level information about an entity, collection, policy, etc., as a pop-up screen. 4.9 The GUI Environment The GUI environment has four executable components and three distinct database locations.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 3. Collection, best practice, access and integrity policy databases - optionally distinct or shared database to store the collections and related-collection policy information as pointed to by the following registry entry: HKEY_CURRENT_USER.SOFTWARE.XYPRO.XYGATESW xyDBloc1 Note: xyDbloc1 and xyDbloc2 default directory location is the same as the user preferences database as noted in item 1 unless otherwise moved.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.10 Connection Configurations This section describes the connection configuration procedures for the three tabs shown on the next page. 4.10.1 Service Process Tab If you choose to configure XSW to download collections automatically, you must enable the service process on the PC where the database will be located.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions Select Tools > Manage Service Process from the main menus to display the screen shown below. 2 Ensure that you are on the Service Process tab. Notice that the status of the Service Process is shown in red text. If the Service Process is currently installed, then you can uninstall it, update options, restart it (if installed but stopped), and add additional PC user login names to the list of this Service Process.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions Sleep Interval – The sleep interval is the time between host polling sessions. In a production environment, this should be set to a longer interval, such as 6 hours, to reduce the traffic between the PC and the NonStop server. Service Process Logon – You can define a special logon for the Service Process. This logon must be able to logon to all connection nodes. This logon is only used to make the connections.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.10.2 Service Process Monitoring Function If the XSW Service Process Monitor function is enabled (item 5 on page 45 and shown below), this will monitor the service process status in “real time.” It will automatically restart if the PC or NonStop server is restarted. This form also has the ability to display the XSW Service Process log file (XSWSPlog.txt) and show the current status of the service process.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions Green means the service process is currently polling and ready to download a collection or is currently loading a collection. Hover your cursor over the button to display a line of text to indicate its current status as shown above. Yellow means the service process is sleeping but polling for a collection that is complete. Hover your cursor over the button to display a line of text to indicate its current status as shown above.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 1 2 5 3 4 6 1 Click Refresh to refresh the status of the service process. This only affects the status of this form. 2 Click View Log to display the entire XSWSPlog.txt file. This log displays service process information only. 3 Click Clear Log to clear the XSWSPlog.txt file. This will clear the XSWSPlog.txt file only. 4 Click Manage SP to launch the Manage Service Process form.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.10.3 Database Locations Tab Database locations are stored in the registry of your PC. The names of the keys are: HKEY_CURRENT_USER.SOFTWARE.XYPRO.XYGATESW.XYDBloc1 HKEY_CURRENT_USER.SOFTWARE.XYPRO.XYGATESW.XYDBloc2 The database location can be set using the Connection Configurations window. Select Tools > Database Configurations from the main menu. There are two sets of databases that can be moved or attached.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions many people are working on the same report, or it may be more appropriate to have a separate Rules and Policies Database for some users. Note: Always keep in mind when setting up XSW remote locations, whether a user is connecting or the Service Process is connecting, that it is essential that Remote users have Read and Write access to the Database or you will generate access problems.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions When you are reverted to an archived environment, the Service Process may still be active, and if so, will process to the original “current working environment” as is reflected in the registry of your PC. Working in a reverted environment is limited to query-only type functions. Each archived environment was created at the time of a completed collection.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.10.4 Host Environments Tab The Host Environments tab displays the connection and expand node(s) that have been currently added to the SWACL file (Appendix B:). If the Connection node properties are deleted, the Host Environments tab will be cleared. Once a connection has been re-established, the grid will populate with the current connections.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.11 XSW Exception Processor An exception error that is raised during program execution is handled by the XSW Exception Processor. If an error is encountered, an XSW Exception Processor message will propagate in the form of a standard message box that displays the contents of the error. 4.11.1 Exception Error The following screen is an example of an exception error.
XYGATE® Compliance PRO™ Reference Manual Chapter 4. Common Screen Functions 4.11.2 Unhandled Exception Error An unhandled exception is an error that is “thrown” but is never caught by the program, which results in a message as seen in the snapshot below. This could occur depending on the circumstance.
XYGATE® Compliance PRO™ Reference Manual Chapter 4.
Chapter 5. Collection Specifications A Collection Specification is the definition of the data to collect and the calendar defining when to collect the information. A collection definition always includes Users and Aliases; all other system resources can be defined to be part of the collection. Additionally, you can configure what automatic updates the xswLoader program will make when the collection is loaded. 5.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.1.3 Merged Collection Sometimes, you want to be able to compare information across nodes that are not connected via Expand. If this is the case, then you will have to collect on each node and merge the collections together to create a unified database. You must have the XSW host software installed on each node. There must be a port defined on each node.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.2 Creating a Standard Collection The basic collection connects to the host connection node and collects data for it and every other node defined in the connection node’s SWACL file described in Appendix B:. To create a collection, right-click Collection Specifications and then select Collection Setup and Status. The Collection Specifications form will appear as shown below. 1 Select a name for your collection.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 4 Specify the File Entities to be collected. If you select Guardian Files, you must also select whether or not VPROC information for the object files will be collected (Y or N). Note: Collecting VPROC information requires that the userid that owns the XSW software have READ access to program files on the system. If READ access is not available, the VPROC information will be skipped on a file-by-filebasis.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications each node or check All Disks to ensure that all the disks in each node for each system are collected. If All Disks is chosen, then the list of disks will be evaluated at the time the collection dataset is created to include all disks on the system. This allows new disks to be defined or existing disks to be removed without compromising the disks list defined for XSW.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications If this is a one-time collection to be started at a specific time or a regularly occurring collection, select Batch. 11 12 If you have selected Batch, the Batch Setup Parameters will be enabled. Select the frequency and set the first start date and time for the batch job to execute. (Refer to section 5.4, “Managing Batch Collections” on page 105.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 15 16 If you want this collection to update the Best Practices and the Customer Best Practices automatically when the XSW Loader loads this collection, check this box. If you want Integrity Checks to be performed automatically when the XSW Loader loads this collection, check this box. 17 If you have Saved Access Maps that you want automatically updated when the XSW Loader loads this collection, check this box.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.3 Selecting Collection Files for Hashing Click Select Hashing (item 7 on page 95) on the Resource Selections tab (item 3) to launch the Hashing form. The Select Collection Files form will appear as shown below for the Collection Name specified in item 1 on page 95.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications Hashing should be restricted to just those files that your security policy requires to be checked for changes. Hashing should not be set for all files. The priority of the hashing process should be set in the SWCONF file (Appendix A15: page 233) to be below that of production applications. 5.3.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications Note: The more volumes that are checked or changed, the longer it will take to display in the tree and grid. Selecting (checking) a volume or subvolume will select the subvolumes underneath. Files are automatically selected and displayed in the grid for that volume and subvolume. Note: Filenames are only displayed in the grid for the expanded volumes. To add an individual file or files to be monitored for hashing: 1.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications The Save button will save the tree and grid choices to be associated with the specified Collection Name (item 1 on page 95). The user will be given the option to exit the Select Collection Files form or to leave the form active to continue further selections. Note: The more files that are checked or changed, the longer it will take to update the collection criteria. 5.3.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 4 Expand a desired top-level directory (/bin for example) to display the existing subdirectories in the tree. Right-clicking on a directory itself displays a context menu that offers a Check All or Uncheck All feature. This will automatically check or uncheck all check boxes for that volume and subvolume only.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications To remove an individual file or files no longer to be monitored for hashing: 1. Select a row or multiple rows by clicking in the row indicator shown on page 100. (Refer also to section 4.1, “The Grid Views” on page 61.) 2. Click the UnCheck button. 3. Clear the check box by mouse click to deselect that individual file. To send the resultant highlighted rows to an export management screen, click Send To.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.4.1 Using NetBatch If you are using NetBatch you have two choices; Auto or Manual. Auto will attempt to manage the job automatically from the GUI, adding the job and later deleting the job without any manual host commands. The GUI can do this if the userid you are using has this capability.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications Manual Batch Text for NetBatch If your network has a policy of re-loading NetBatch jobs periodically, you will need to use the manual method and ask for the batch administrator to add the XSW job to the list of re-loaded jobs. Two files are automatically created on the \XYPRO\XSW_cpf directory. NetBatch.txt Is a demonstration file to show how to use the NetBatch_.txt file in a TACL macro NetBatch_.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.4.2 Using MultiBatch If you are using MultiBatch, all batch collections are manual and the batch administrator will be required to add and delete the job manually on the host. You will receive a manual pop-up screen containing the manual commands that will need to be performed by an authorized user. Manual Batch Text for MultiBatch A single file is automatically created on the \XYPRO\XSW_cpf directory. MBatch.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.5 Deleting an Immediate Collection Deleting a collection criterion can also delete all underlying collection datasets. Rightclick Collection Specifications then select Collection Setup and Status, and select a collection criterion. The Collection Specifications form appears. Select the collection criterion you want to delete, and click Delete 5.5.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications The pop-up can be used in the same manner as the pop-up to add the job. Provide this file or job id to your batch administrator who will have to delete the job manually.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.6 Creating a Primary Collection with Merged Secondary A primary collection with merged secondary collections is used when there are multiple host connections in XSW and there is a need to do queries or policy analysis on the combined information across the multiple nodes. Typically, this occurs only in networks where there is no EXPAND link between systems for which data needs to be collected. 5.6.1 Primary Node 1.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.6.2 Secondary Nodes 16. Select the Host Connection tab. Disconnect from the current connection if you did not do so already. 17. Select a subordinate node. Connect to this node. 18. Select the Setup Criteria tab. 19. Specify the same collection name as you used for the primary collection in step 5. 20. Select the same entities as the primary collection. 21. Select the Collection Run-time Options tab. 22.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.7 Checking on the Host Completion Status The Collection Status tab on the Collection Specifications screen shows which collections are active. A collection can be: READY All components are complete and the collection is ready to download. READY w/ERRORS All components are complete, but some components have errors.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications From the above Status screen you can do the following: 1 Use the Host Connection tab to connect to your current connection. 2 Switch to the Collection Status tab to view collections. If the collection is marked Ready w/errors, review the grid for the entities with errors. You can load the collection with errors, but the entities will be skipped. This may be important or not.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 6 Select a collection in the Status drop-down list. The details will be displayed in the grid (item 7) below. 7 View the grid for the details of the collection. You will see the Host_Status for each entity and can determine which entity received an error, if any. All entities must be completed before you can load the collection. 5.7.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications There are several places to check on the host for collections that have encountered a catastrophic problem. The CLERRLOG file will be located in the XSW installed directory. This file will detail the creation of error files associated for the named collection. This file is a running log of error files. \X.$VAAA.P44EA260.e08260 : ERROR file for "Users Only"/XYPRO.QA/ \X/2010-08-26:06:13:41 \X.$VAAA.P44EA260.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications WRK-WRK-VOL .$VAAA. WRK-WRK-SVOL .ZZXSW000. WRK-HOMETERM .$VHS. CTR-HOMETERM .$VHS. CTR-MACRONAME .XYMCUSER. COLLECTION-ID .Users Only. COLLECTION-TS .2010-08-30:12:43:56. COLLECTION-USERID .XYPRO.QA. COLLECTION-RESULTFILE .XYUSSW. XSWP9 .$xsw. XSW-VERSION .280. SYSNN .\Node1.$SYSTEM.SYS00. JOB-SCHEDULER .$ZBAT. *ERROR* Unlicensed privileged program ***Error Routine *** :XSW_PROCESS_ERROR.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.8.2 Automatically Initiated If you use the xswService service process to manage the initiation of downloads, the download will be started the next time the service process check cycle is started. If you set the cycle for every three hours, for example, then the xswService process will check for a collection on the host(s) after every three hours. If a collection is found and it is ready to download, it will be downloaded.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.8.5 Auto-archiving XSW datasets The loader will automatically archive each dataset that is loaded to the location as defined in the User Preferences screen (see page 47). Auto-archiving insures that datasets are available later, even if they have been recycled in the local environment. You can import an archived dataset using the View Dataset Status window.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications errors are significant. Certain errors may not affect the use of or validity of the entire collection. A Collection displaying a white X signifies a pending load completion that is not yet available for query, and normally is not an error. Even though the collection shows as having some errors, you should review the summary to determine if those errors are significant.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications The values for Entity_Status are the following: Value Meaning Access map exported The access maps that have been defined for automatic export to a spreadsheet or XML file have been exported and the filename is in the Error/Information text field. Access map export aborted Auto-export has stopped during the process because an error was encountered. Access map export skipped The process of exporting has been disabled.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications Value Meaning Best practices update aborted Fatal error updating BP in general. Best practices exported The best practice categories that have been defined for automatic export to a spreadsheet or XML files have been exported and the filename is in the Error/Information text field. Best practices export skipped The process of exporting has been disabled.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications Value Meaning System policy exported The system policy categories that have been defined for automatic export to a spreadsheet or XML files have been exported and the filename is in the Error/Information text field. System policy export skipped The process of exporting has been disabled. System policy export aborted Auto-export has stopped during the process because an error was encountered.
XYGATE® Compliance PRO™ Reference Manual Chapter 5. Collection Specifications 5.9.3 Loading Errors Loading errors can occur for many reasons. For example, the collection file on the host had an error, the connection to the host can be broken during the loading processing, the files from the host have been removed are unavailable, or an error can occur on the PC processing of the downloaded files. A collection load can be restarted if the collect files are still on the host node.
Chapter 6. Data Discovery Rules Data Discovery Rules are questions you ask about the data. These queries can be one time only, or they can be converted into System Policies that are tracked over time. Data discovery rules come in five varieties: Comparative query A comparative query compares one attribute of one entity on one node to the same attribute of the entity on another node.
XYGATE® Compliance PRO™ Reference Manual Chapter 6. Data Discovery Rules 6.1 Entities and Attributes Entities are the basic categories of information in a query. Only one entity can be referenced in a query. Attributes are characteristics of entities. One entity can have many attributes. The example shown below shows the attributes of the Guardian Files entity.
XYGATE® Compliance PRO™ Reference Manual Chapter 6.
XYGATE® Compliance PRO™ Reference Manual Chapter 6. Data Discovery Rules 6.2 Generating a Basic Query A basic query is a query that uses one or more of the built-in attributes for the entity you have chosen. Each attribute has its own set of values that it prompts for. For example, the PROGID characteristic of the Guardian File entity prompts for the existence of a PROGID on the file or the non-existence, so you can test for either the presence or absence of a characteristic.
XYGATE® Compliance PRO™ Reference Manual Chapter 6. Data Discovery Rules 6 Select an item from the Attribute List. 7 Complete the appropriate attribute values, if there are any. You can repeat items 6 and 7 to build a list of multiple attributes to check. Note that these attributes are combined using AND not OR. If you need OR, you must highlight the AND in the Rule Selection Criteria box and type OR to replace the AND. 6.3 8 Click Save to save the query. 9 To use this new rule, click Apply.
XYGATE® Compliance PRO™ Reference Manual Chapter 6. Data Discovery Rules 6.4 Reviewing the Results When you click Apply, the results are displayed in a grid. This form has numerous features to allow you to export, print, review the data results and set as a policy. You can also use the buttons on the upper-right corner of the screen. Report Generate a report showing the results returned by this data discovery query.
XYGATE® Compliance PRO™ Reference Manual Chapter 6. Data Discovery Rules 6.5 Converting a Data Discovery Rule to a System Analysis Policy If you click Set Policy for a Data Discovery rule on the results grid shown above, the query will be converted to a policy. Not every Data Discovery rule needs to become a policy. Some queries make an instantaneous snapshot of the system, useful immediately but retention is not needed. Some queries have too much data—tracking all that data would be burdensome.
XYGATE® Compliance PRO™ Reference Manual Chapter 6. Data Discovery Rules 10 3 4 5 8 6 9 7 3 Enter, select or create a Policy Class name for this new policy. It will be displayed under this class on the treeview. 4 The Policy Name is defaulted to the Rule Name, but may be changed. 5 The Auto-Export selections Y/N can be set as described in the common functions. 6 The Priority Level is a reference setting to identify more critical or less critical policies.
XYGATE® Compliance PRO™ Reference Manual Chapter 6. Data Discovery Rules 6.6 Rule Group Maintenance Functions The Rule Group Maintenance window is used to add a new Rule Group, copy rule definitions from one group to another, report on the groups, manually update, and delete groups. To access the functions below, right-click the Rule Group name in the tree. 6.6.1 Rule Group Maintenance Buttons Add Adds a new Rule Group.
XYGATE® Compliance PRO™ Reference Manual Chapter 6.
Chapter 7. System Policy Analyzer The key difference between Data Discovery results and System Policies is that policies allow you to track failures over a period of time, from discovery until the final correction, and to monitor that new failures do not occur. Because of the tracking mechanisms however, policies are most effective for the discovery of exception items. Policies are generally negative based.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer 7.2 Security Policy Data Items Three fields contained in the table provide important information for use in processing the items contained in your Security Policy. Tracking_No: This field displays the unique identifier assigned to this data row. For the duration of this policy’s existence, this tracking number will be assigned to the entity named in this row.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer Recent Results – The entries displayed on this tab are entries that have been added to results because of conditions found in the most recent host data collection that was analyzed. The data on this tab will also be found on one of the other tabs, whichever is appropriate to how the data changed from the previous collection to the current collection.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer Properties – This contains two tabs for information regarding the datasets that have been applied to this Security Policy: the Summary tab (shown below) and the Maintenance tab (shown on the next page).
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer The screen below shows the Maintenance tab side of the window.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer 7.4 Security Policy Window Buttons Report (see page 138) XYPRO Technology Corporation Causes a report to be generated on the entire policy across the tabbed-grid boundaries in a pre-formatted way as shown below.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer Apply (see page 138) XYPRO Technology Corporation Allows you to apply a new collection to the policy as shown below.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer Export (see page 138) 7.5 Allows you to perform Send To functions on the entire policy across the tabbed-grid boundaries as shown below. Resolving Policy Information Once you have created a Security Policy, you will want to research and resolve any item that violates this policy. The usual intent of a security policy is to resolve exceptions to the rule until the policy “passes” and has no failures.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer 7.5.2 Drilling Down for More Information about a Result Item Double-click on any grid line to display (or drill down) the grid data in text form as shown below. This format may be easier to print or review. You can double click on any grid line to provide the grid data in a text format. 7.5.3 Choosing Items to Exclude from Consideration Inevitably, there will be some policy items that must not be remedied.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer 7.5.4 Items Resolved by Subsequent Collections As each collection is applied to the rule, policy items will be resolved because the offending issue gets changed or the item is removed from the system. These items will migrate from the Failed or Exclusions tab to the Resolved tab. These will always be visible immediately after the resolving collection.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer If the collection finds new items that match the policy’s rule and the user preference setting is Delete (item 8 on page 45), new failed items are added. If the collection finds new items and the preference setting is Keep (item 8 on page 45), then it checks for this item to be in the resolved state. If the state is resolved, the item is reinstated to the last known state, either failed or excluded.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer 3 This is a list of the Nodes and the Entities within each Node used to collect the data you are about to apply to your Security Policy. If you want to select a new collection, go to the Advanced Link Dataset Selection tab. 4 7 5 8 6 7.6.3 Advanced Link Dataset Selection 4 This tab allows you to choose a new collection and dataset to use with your policy.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer Update All Statuses This is the default update option. The new Dataset from the newly selected Collection will be compared to existing Failed and Policy Exclusion Items. Any Failed or Policy Exclusion item that does not match against an item in the newly applied Dataset will be moved to the Resolved Items list.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer Merged Collections Warning! XSW has limited ability to know whether a merged Dataset is complete. Assume that you are going to merge three nodes. You collect the three nodes separately. You load the first Node (Primary Node) and then you load one of the subordinate Nodes. You fail to load the last subordinate Node. Then you apply the Dataset to a Security Rule or Security Policy. 7.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer 7.8 Policy Class Maintenance Functions To access the functions below, right-click on the Policy Class on the tree. The Policy Class Maintenance screen is used to add a new Policy class, copy policy definitions from one class to another, report on the classes, manually update, and delete classes.
X XYGATE® Compliance PRO™ Reference Manual Chapter 7. System Policy Analyzer Remove Deletes selected policies Send To This button sends the resultant rows that have been highlighted to an export management screen that allows you to format the highlighted rows for a variety of output styles, such as Microsoft Excel.
Chapter 8. Best Practice Policy Best Practice Policies are positive system configuration parameters that can be tested. For example, one Best Practice is The Safeguard parameter NAME-LOGON must be set to ON. Best Practices are created and reported on an individual node basis.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 8.2 Reviewing Best Practices When the dataset collected for the definition is loaded, the Best Practice database is updated for participating nodes. To display the Best Practice database for a node, expand the \node name under the Best Practice header in the tree in the left pane, and expand the underlying categories (refer to section 2.1, pages 30 and 31). Best Practices can be viewed by a specific category or at a higher level.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 8.3 Recent Results The entries displayed on this tab are entries that have been added to results because of conditions found in the most recent host data collection that was analyzed. The data on this tab will also be found on one of the other tabs, whichever is appropriate to how the data changed from the previous collection to the current collection.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 8.4 Disabling a Best Practice Some Best Practices may not be applicable to one of your nodes. For example, you may have a system that does not have Safeguard. In this case, you do not want to see any of the Safeguard Best Practices. Select the row(s) you want to disable and click Disable. The Best Practice item(s) will be moved to the disabled list, which can be seen on another tab of the Best Practice display.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy When the Recommended value and Discovered value are different, the rule fails. To correct this situation you have several choices: 8.6 Disable the rule The rule does not apply to your system Update the discovered Value By clicking Update, the recommended value is updated to match the discovered value. All subsequent collection comparisons should pass the rule.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 8.7 Available Best Practice Checks Best Practices can check the following entities for consistency.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy Entity Selection Processes Check Condition Exists Description Process is identified by name. Owner Priority CPU Program Name Home Term Safeguard Globals Each Safeguard global value can be checked by unique name Safeguard Running Safeguard configuration values can be checked SUPER.
XYGATE® Compliance PRO™ Reference Manual Chapter 8.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 8.8 Adding New Custom Best Practices You can create a customized Best Practice (called a CP) to perform a Best Practice comparison on your company’s specific information. Please note that CPs are node-specific in the same manner as the XSW supplied BPs. 4 1. Right-click on a node name in the Best Practices section of the tree, and select Best Practice Rule Builder. The Best Practice Rules form will appear. 2.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 6 Select a value for Part 3 from the drop-down list or enter a new value. This value will be used as a part of the sorting criteria for the Best Practice display in the left pane. 7 Select a sequence number for Part 4 from the drop-down list. Note that parts 1, 2, 3 and 4 make up a sequence number. This sequence number does not need to be unique.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy List View Return to the list display of Best Practices. Clear Clear the values in the fields of this screen. Update Change the Attribute Value of this field to a new value. Delete Completely eliminate this Customer Best Practice. Disable Remove this Best Practice from consideration. Prev Go back to the previous Best Practice entry. Next Go forward to the next Best Practice entry.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 8.9 Copying Best Practices and Custom Best Practices This section describes how to copy and normalize multiple Best Practices (BPs) or Custom Best Practices (CPs) from one Source node to a Target node. 8.9.1 Copying Logic Refer to the flowchart diagram below and the descriptions on the following page.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy • If BPs and CPs do not exist on the Target node, they are created. • If BPs and CPs do exist on the Target node and are identical to the Source node, the item or items are skipped and a copy of rules does not occur • If a BP and CP record exists and the Source and Target records are different, then the Override options will be invoked (see item 2 in section 8.9.3). • a.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 8.9.2 Copying Rules from One Node to Another Node This section describes the steps for copying multiple Best Practices (BPs) or Custom Best Practices (CPs) from one Source node to one Target node. 1 Select a Source node name from the Node Name drop-down list. Note: \XSWDEMO cannot be used as either a Source node or a Target node.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 8.9.3 Target Node Selection This section describes how to copy Best Practice (BP) or Custom Best Practice (CP) rules to a Target node. 1 2 3 Select a Target Node Name from the drop-down list, which shows all XSWconnected nodes except the Source node and \XSWDEMO node. Select an Override options checkbox.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 8.9.4 Copy Results Message Box After the copying process is completed, the results are displayed in a message box with the number of copied BPs and CPs as shown below. The first line in the message box shows the results of copying Best Practices from \X (the Source node) to \EST1983 (the Target node).
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 8.9.5 Resolution Screen If no Override options have been selected (item 2 in section 8.9.3 on page 165), the resolution screen shown below will appear for the user to compare the fields of each policy in conflict and then decide whether or not to copy the given policy. 1 Source node details - All fields of BP or CP on a Source node that contain at least one or more differences highlighted in red.
XYGATE® Compliance PRO™ Reference Manual Chapter 8. Best Practice Policy 4 Buttons on the Resolution screen: Copy Copy the selected BPs and CPs to an existing Target node. Do not Copy Removes the selected BPs and CPs from the form. The removed records will not be copied to the Target node. Send To Sends the selected BPs and CPs to an export management screen that allows user to save them for a variety of output styles, such as Excel.
Chapter 9. System Integrity Checks The System Integrity Check investigates Guardian subvolumes, Guardian files, logon access, Pathways, Safeguard configurations, Spooler configurations, NetBatch configurations, TMF configurations and OSS configurations for consistency for each individual NonStop host node. The current information from the collection is checked against the baseline. If a difference is found, the integrity check fails. 9.
XYGATE® Compliance PRO™ Reference Manual Chapter 9. System Integrity Checks 9.3 Available Integrity Checks The Integrity Check section of XSW can check the following entities for consistency. Category Type Category Key Description Guardian File Hashing File Hashing Guardian MD-5 or SHA-1 algorithms used when files are collected. OSS File Hashing File Hashing - OSS MD-5 or SHA-1 algorithms used when files are collected.
XYGATE® Compliance PRO™ Reference Manual Chapter 9.
XYGATE® Compliance PRO™ Reference Manual Chapter 9. System Integrity Checks 9.4 Integrity Checks for Guardian Files and OSS Files Various attributes are collected about each file being inspected. Analyzing the baseline value and comparing it to the current value determines whether or not the Integrity Check has failed.
XYGATE® Compliance PRO™ Reference Manual Chapter 9. System Integrity Checks 9.5 Reviewing an Integrity Check To see a specific category of integrity checks, right-click on the category name and select Review Results (refer to section 2.1, pages 30 and 31). The Review Data Results window shows the last collection dataset used to update these Integrity Checks, and the statistics show the number of records that have been changed or verified in this Integrity Check.
XYGATE® Compliance PRO™ Reference Manual Chapter 9. System Integrity Checks 9.6 Accepting a New Baseline There are times when your Integrity Checks will flag inconsistencies that are expected. For example, you may have Integrity Checks that monitor a specific application. When you install a new version of the application, your Integrity Check will flag all the items that have changed for the application.
XYGATE® Compliance PRO™ Reference Manual Chapter 9. System Integrity Checks To display the Detail Display for an individual Integrity Check, double-click on the individual item in the Integrity Check summary. 1 2 3 4 5 6 Lines 1 to 6 show the changed baseline values of an item. The number of fields displayed on the Detail Display form (above) is dependent upon the type of integrity check selected.
XYGATE® Compliance PRO™ Reference Manual Chapter 9. System Integrity Checks 9.8 Creating an Integrity Check To create an Integrity Check for your NonStop host node, expand System Integrity Checks, right-click on the NonStop host node name where you want to create the check, and select System Integrity Rule Builder (see section 2.1, pages 30 and 31).
XYGATE® Compliance PRO™ Reference Manual Chapter 9. System Integrity Checks 1 Select the type of check you want from the Check Entity drop-down list. 2 Most entities predefine the group name by category or subvol. If the group name has selections, select one, and enter the name into the box. If you already have a Group Name defined that you want to add to, select it from the drop-down box to display. If this is a new Group, enter the new name in the Category Name dropdown box.
XYGATE® Compliance PRO™ Reference Manual Chapter 9. System Integrity Checks names, such as Guardian Files, the list will contain individual items in that group. If the category is a pre-defined group, such as Logon, users, the list will only contain the category level. 2 3 4 5 6 3 If resetting individual files or the entire category back to a new baseline, click Reset. 4 To remove an individual file(s) or category that is no longer being monitored, select single or multiple rows, and click Remove.
Chapter 10. XYGATE Products Configuration The XYGATE Products Configuration section of XSW checks the consistency of your XYGATE security software installation across collection datasets. This assurance lets you know that your ACL and CONF files have remained the same over time, or brings to your attention the information that changes have been made and what the changes are if any. 10.
XYGATE® Compliance PRO™ Reference Manual Chapter 10. XYGATE Products Configuration 10.3 Side-by-Side Comparison of Discrepancies The side-by-side comparison uses the MS Windows tool WinDiff to display the two files, old and new, highlighting the differences. 10.4 View Baseline Text To view old versions of the file; right-click on the filename in the left pane and select View Baseline Text. The original text of the file is then displayed in MS Windows Notepad.
XYGATE® Compliance PRO™ Reference Manual Chapter 10. XYGATE Products Configuration 10.5 Accept a New Baseline Once you have reviewed the changes that have occurred and are satisfied that they are both authorized and acceptable, you must indicate to XSW that a new baseline should be saved. Once a new baseline is saved, all subsequent collections will be compared to it. To create the new baseline, right-click on the name of the node in the XYGATE Products section of the left pane.
XYGATE® Compliance PRO™ Reference Manual Chapter 10.
Chapter 11. Access Analysis Mapping The Access Analysis Mapping feature allows you to obtain file access maps for diskfiles secured with Guardian, OSS, Safeguard, XAC and XOS. The queries allow you to examine your access rules. You can quickly locate the rules that apply to a particular file or all the rules that grant a particular user or user group access. Note: Access mapping is only as good as the data that is collected.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping To display the saved map details, expand the Access Analysis Mapping node name in the treeview to find the saved map name. Right-click on the saved map name and select Review Results from the selections displayed. The review results form will appear in the Access Analysis Mapping window as shown below. Buttons on the right side of this screen are: Execute Build the access map and display results in the grid.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping 11.4 XOS Access Analysis Access Mapping for XOS can be performed on any collection from a node that includes any volumes (not necessarily all volumes) and has the XOS Authorization SEEP installed. During the load of such a collection, the OSCONF and OSACL files are expanded and loaded into a database. Note: All relevant disks (or all disks) must be included in the collection.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping Group ID User ID The group and member numbers of each individual userid in the OSGROUP’s ACL Group Name User Name The group and member names of each individual userid or alias in the OSGROUP’s ACL Group Type DOGROUP, FOGROUP, or POGROUP Mask The actual mask as entered in the OSGROUP Node The node where the query applies OSGROUP The name of the OSGROUP that protects each file. Permission ALLOW or DENY.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping 11.4.1 How User-Related Entries are Expanded in XOS Queries Each OSGROUP mask is expanded for each user in the ACL as described below: • *, 255 will expand to all groups that have a 255 user. • SUPER.* or 255,* will expand to all members of the SUPER group. • Alias:"joe*" will expand to all aliases that begin with the lowercase characters "joe". • UNDERLYING:RA.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping For the variations on the OBJECT_OWNER_GROUP, OBJECT_OWNER_USER keyword, (OOG, or , OOU), the mask will often be $*.*.*. Rather than include all the files on the system, there will be a single "place holder" row noting the occurrence of each of these keywords in an FOGROUP’s ACL to indicate that the selected user has access to his own files regardless of their location or name.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping All available userids, aliases, and (XOS) ACLGROUPs on a system are shown in the drop-down list. The list shows both the user name and user number. The userids are displayed in order by group name and user name. Aliases appear last. Subvols by User Query Entering a specific (no wildcarding) userid, alias, or ACLGROUP, will return the set of subvolumes that the selected user, alias, or ACLGROUP members may have access to.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping S A placeholder in the ACLGROUP for an expansion, such as \*.*,255. X A subordinate ACLGROUP referenced within the current ACLGROUP. The Permission column will always contain "ALLOW" unless the NOT or DENY keyword is present in an ACLGROUP. All the selection criteria keywords are included in the output grid.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping Accesses The combined list of the accesses granted to the user; for example R,W ACL UserName It shows the actual entry in the Protection Record’s ACL. It might be \*.*.* or *.*, a network wild-carded group, a local wild-carded group, a network individual userid or a local userid. Group Name User Name The group and member names of each user in the ACL.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping 11.5.1 How User Entries are Expanded in Safeguard Queries Each Protection Record mask is expanded for each user in the ACL as described below: • .* or ,* will expand to all members of the . For Example, SUPER.* and 255,* will expand to all members of the SUPER group. • *.* will expand to every user on the system. • \*..
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping ACLs by User Query Entering a user name will return a listing of all Protection Records that include the selected user(s). You may choose all members of group by entering .* or choose all users by entering *,*. All available userids on a system are shown in the drop-down list. The list shows both the user name and user number. The userids are displayed in order by group name and user name.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping The Sfg_Flags are: NF Indicates that a SUBVOLUME Protection Record exists, but the subvolume does not. NR Indicates that the subvolume exists but is not secured with a Safeguard SUBVOLUME Protection Record. Y Indicates that the subvolume exists and is secured with a SUBVOLUME Protection Record. If a Protection Record exists (Y, NF), there will be one row per user in the Protection Record’s ACL.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping 11.7 The Guardian Access Queries The available queries are: • Files by User • File Owners Note: Depending upon the wildcarding, the resultant fileset may be very large and very time-consuming. We strongly suggest not using $*.*.*. 11.7.1 Files by User Query You may enter a specific user name and wildcard file mask. There will be one row per file to which the user has access, based on the file’s security vector (RWEP).
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping 11.8 XAC Access Analysis Access Mapping for XAC can be performed on any collection from a node that includes the XAC product. During the load of such a collection, the ACCONF and ACACL files are expanded and loaded into a database.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping Command Name Group ID The Name of the Command. The group and member numbers of each individual userid in the COMMAND’s ACL User ID Group Name User Name The group and member names of each individual userid or alias in the COMMAND’s ACL Node The node where the query applies Object File Filename of the OBJECT file executed by this command Opens_By_User OpenByObjects_List Percent Permission ALLOW or DENY.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping 11.8.2 ACLGROUPS Query The ACLGROUPS query returns a list of all the ACLGROUPs in the ACACL file. There will be a line per ACL entry. If the ACL entry is an ACLGROUP, there will be a row for each userid and/or alias in the ACLGROUP. Likewise, the UNDERLYING and NETUNDERLYING entries will generate a row for each alias with the indicated underlying ID. Refer to section 11.4.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping If you want to see a list of all the ALLOW/DENY commands for a particular object file such as SCF, use the List by Object query. This will return a list of all the commands that execute the selected object file. There will be a row per user in each COMMAND’s ACL. 11.8.4 COMMANDS Query This query returns a list of all the XAC commands in the ACACL file. There will be one row per COMMAND.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping If you want a shorter list that presents just one row per XAC command per object file (OBJECT), you might want to use the COMMANDs Query instead and group the grid by OBJECT. 11.8.7 List by Run-as User Query This query is intended to list users who can invoke XAC Commands which will execute as the selected Run-as user. It returns the list of commands that run-as the selected user.
XYGATE® Compliance PRO™ Reference Manual Chapter 11.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping 11.9.1 The OSS Access Queries OSS Access queries are uniquely more complex than Guardian or Safeguard as access may be derived from a layering of directories and their security masks.
XYGATE® Compliance PRO™ Reference Manual Chapter 11. Access Analysis Mapping Directories by Group Query You may enter a specific group name. There will be one row per OSS directory that the group has access to based on the directory’s security vector (---rwx---). If the group is granted access, then the directory is returned. All available groups on a system are shown in the drop-down list. The list shows both the group name and group number. The groups are displayed in order by group name.
XYGATE® Compliance PRO™ Reference Manual Chapter 11.
Chapter 12. XSW Auditing and Audit Reporting XSW auditing is performed by the XSW host modules only. At this time, none of the XSW GUI modules (XYGATE Client, Loader and Service Process) perform auditing. 12.1 XSW within the XYGATE Audit Architecture XSW auditing fits into the general XYGATE audit architecture. The diagram below illustrates the high-level audit architecture, common to the XYGATE products.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting on the host (usually named AUDIT). The format and meaning of the audit records that make up the audit trail are specified per product. Audit collection details for XSW can be found below in section 12.3, “Audit Collection.” This includes a detailed record definition. 12.1.3 Audit Reporting XYGATE products have several available alternatives for audit reporting.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting 12.2.2 Audit Diskfile Creation and Rollover Auditing to a diskfile is the most commonly used audit configuration. Auditing to an Enscribe diskfile makes it possible to generate reports using the host reporting macros or the XYGATE Report Manager (XRM). To get this and other XYPRO documents, refer to the section “Additional XYPRO Reference Manuals” in this manual.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting 12.3.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting Field 12.4 Type Description Objecttype PIC X(32) The type of object being audited. One of the following. • INTERFACE (connecting to the host) • COLLECTION (collection criteria management) • COLLECTION-DATA (collecting data) • DATASET (a collected set of data) (An object name can have spaces.) Objectname PIC X(90) The name of the object being audited.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting The default ENFORM temporary work file location is the vol.subvol from which ENFORM is executed. This volume portion of the ENFORM temporary work file location can be changed via assigns. If the user does not have Create and Write access to the files in the product installation location, then he or she can use one of the following: • Set his or her TACL volume.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting H: I: J: K: L: M: N: O: P: X: Z: ZP: Object Type :* Object Name :* Operation :* Outcome (*,S,F) :* Result :* Platform :* Sort order :TIME Output file :$S.#XYGATE.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting B: Report Date and/or Time Range Enter the start date in YYYY-MM-DD format. Enter the start time in HH:MM format. If the leading portion of a date is omitted, it will default to today’s date; that is, if today is 2012-09-13 and a date of 12 is entered, a date of 2012-09-12 will be used. To choose a date range, select B. Example: Selection? B If the leading portion of a date is omitted it will default to today's date, I.E.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting If you put an asterisk ( * ) at the end of the string, XSW will include any IP address that begins with the entry in the report. Example IP Address: 123* finds all IP Addresses starting with 123. 205* finds all IP Addresses starting with 250. If you enter an IP address without either a leading or trailing asterisk ( * ), then XSW will only include the IP addresses that exactly match the IP address you have entered.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting F/G: Subject Userid and/or Login Name The subject Userid/Login Name is the ID of the person executing the XYGATESW Commands displayed in the report. You may enter either the Userid or the Login name of the user(s) you want to include in the report. Do not enter both. The Login name includes both the Safeguard Alias ID and the NonStop Kernel userid. To select a Userid to include in the report, select F.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting I: Object Name This allows you to limit your report to given object name. Example Selection? I Enter object names separated by commas. A leading * on an object name will match any object names that contain the specified string. A trailing * will match any object names that start with the specified string.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting K: Outcome You may limit your report to only certain XSW outcomes. The valid entries are: S Operation was successful F Operation was unsuccessful * for all Example: Selection? K Enter the type of outcome to include in report Outcome (*,S,F) <*>?F L: Result You may limit your report to only certain XSW results. Example: Selection? L Enter result text separated by commas.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting N: Sort Order You may choose the report format that best suits your needs. XYGATESW comes with the following sort options: Sort Order Description USER Audit entries are grouped by the Subject Userid. SUBJECT-LOGIN Audit entries are grouped by subject login CLIENT-LOGIN Audit entries are grouped by client login TIME Audit entries appear in strict chronological order.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting P: User Specified Title You can assign a custom title to your report. To enter the title, select N and enter the desired information.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting ZP: Run the Report and Go Directly into Peruse When you select ZP to create the report, the XSW_REPORT macro will generate the report and put you directly into PERUSE. When you have examined, printed, or written the report to an edit file, and typed EXIT, you will be returned to the XSW Report Selection screen where you may change your selections and create another report.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting 12.4.3 Designing Your Own Custom Audit Reports (REPMAC) Below is a sample report macro. It can also be found in the install subvol and is called REPMAC. It runs a complete audit report for the previous week. This file can be set up in NetBatch to run every week. Refer to the XSW_DATETIME_MAKE macro on page 247 and the XSW_AUDIT_REPORT macro on page 244 for more information.
XYGATE® Compliance PRO™ Reference Manual Chapter 12. XSW Auditing and Audit Reporting 12.4.4 Designing Your Own Host ENFORM Report (REPSAMP) A sample ENFORM report, REPSAMP, is included in the XYGATESW subvolume during installation. REPSAMP is designed to show how a custom report can be written. Run the report as follows: TACL> ENFORM/IN REPSAMP/ ENFORM uses the REPSAMP file as its command file and pulls the data to be reported from the XSW audit file.
XYGATE® Compliance PRO™ Reference Manual Chapter 12.
Chapter 13. EMS Message Format Templates A template is supplied on the installation subvolume to allow the audit lines written to EMS to be tokenized and organized as desired by the customer. Three files are supplied at installation to allow this customization. The three files are: EMSBUILD A macro to build the template file based on the system templates and the EMSTEMP file. EMSDDL A DDL layout for the EMS message. EMSTEMP The TEMPLATE layout for the XYGATESW messages.
XYGATE® Compliance PRO™ Reference Manual Chapter 13. EMS Message Format Templates Do you want the installation performed ? Building Dictionary with the following input file, please wait ?dictn $DATAB.EMSTEMP ! ?source $SYSTEM.ZSPIDEF.ZSPIDDL ?source $SYSTEM.ZSPIDEF.ZEMSDDL ?source $DATAB.XSW280.EMSDDL 195 196 CONSTANT xsw-event-audit Constant XSW-EVENT-AUDIT defined. Constant XSW-EVENT-AUDIT added to dictionary. VALUE IS 0.
XYGATE® Compliance PRO™ Reference Manual Chapter 13. EMS Message Format Templates TANDEM.OVMON (254) (OVM) - formatting version: T0001G06 - 9APR03 (25 AUG 06 18:19) TANDEM.BRU (255) (BRU) - formatting version: S0010 - 10AUG04 (13 NOV 09 19:20) TANDEM.OVNPM (258) (OVP) - formatting version: T0001G06 - 9APR03 (25 AUG 06 18:19) TANDEM.FCSM (262) (FSM) - formatting version: T1176G06 (24 MAY 06 03:33) XYPRO.XSW (44) (???) - formatting version: XYGATESW 2.80 (16 OCT 12 11:34) Resident templates file: $DATAB.
XYGATE® Compliance PRO™ Reference Manual Chapter 13.
Appendix A: The SWCONF File The SWCONF file on the NonStop server host configures the external performance characteristics of the XSW software on the host.
XYGATE® Compliance PRO™ Reference Manual Appendix A: The SWCONF File A2: Sample SWCONF File The SWCONF file configures global values for the individual XSW Host product. AUDIT $VDRV.XYGATESW.AUDIT PRIORITY 099 HOMETERM $VHS PERUSE_OBJECT $SYSTEM.XYGATESP.PERUSE COLLECTOR $S COMPANY_NAME "xmi testing" BATCH_SCHEDULER $ZBAT BATCH_TYPE NETBATCH BATCH_CLASS DEFAULT CONCURRENT_JOBS 10 CPU_LIST * WORK_VOLUME $VDRV.
XYGATE® Compliance PRO™ Reference Manual Appendix A: The SWCONF File A3: AUDIT (Filename) This keyword determines the audit file specifications when a filename is defined. Refer to Chapter 12, “XSW Auditing and Audit Reporting” for more information. Syntax: AUDIT [EXT(pri,sec,max)] [NO_ROLL_MSGS] Example: AUDIT $SYSTEM.XYGATESW.AUDIT EXT(300,300,14) NO_ROLL_MSGS AUDIT $SYSTEM.XYGATESW.
XYGATE® Compliance PRO™ Reference Manual Appendix A: The SWCONF File A5: AUDIT (IP Process Name) This keyword determines the audit file specifications when an IP address is defined. Refer to Chapter 12, “XSW Auditing and Audit Reporting” for more information. Syntax: AUDIT IP [SYSLOG_PREFIX "<134>"] [SYSLOG_CRITICAL_PREFIX "<130>"] Note: There is no error-checking available on an IP port write. Example: AUDIT $ZTC0 IP 208.202.151.
XYGATE® Compliance PRO™ Reference Manual Appendix A: The SWCONF File A6: BATCH_CLASS The BATCH_CLASS keyword is valid when BATCH_TYPE is set to NETBATCH. It determines which NETBATCH class will be used for collections that will be run through NetBatch. (Please check with your batch administrator) If the BATCH_TYPE keyword is set to MULTIBATCH, this keyword is not used. The class in NetBatch controls the flow of jobs to executors.
XYGATE® Compliance PRO™ Reference Manual Appendix A: The SWCONF File A10: COMPANY_NAME The COMPANY_NAME keyword sets the name of the company that will appear on the reports generated by the XSW GUI. The company name must be enclosed by double-quotation marks. Syntax: COMPANY_NAME "" Example: COMPANY_NAME "Bank of Cochran Street Wire Transfer Systems" A11: CONCURRENT_JOBS The CONCURRENT_JOBS keyword controls how many collection components can execute at the same time.
XYGATE® Compliance PRO™ Reference Manual Appendix A: The SWCONF File A14: DOWNLOAD_SWITCH This keyword controls how the ownership of the collections to be downloaded affects the xswLoader process. If this option is set to ALL then a request for collections ready for downloading will retrieve all collections regardless of userid. If the option is set to USER, then only collections belonging to the current logon user will be downloaded.
XYGATE® Compliance PRO™ Reference Manual Appendix A: The SWCONF File A17: MACRO_NAME This keyword records the macro name assigned to XSW at installation. This macro name value will allow subsequent installations to “remember” the macro name chosen. Syntax: MACRO_NAME Example: MACRO_NAME XSW Note: Because the macro name is compiled into the macro library, the MACRO value cannot be changed by changing this keyword; re-installation of the software must be performed in order to change it.
XYGATE® Compliance PRO™ Reference Manual Appendix A: The SWCONF File A20: WORK_VOLUME The WORK_VOLUME keyword determines the disk file name and the first five characters of the subvolume name of the location where XSW will put its collection data files until they can be transferred to the GUI database. Based on the volume and first five characters of the subvolume name, the individual work subvolumes will be created, one for each collection, by adding a three digit sequence number to the end.
XYGATE® Compliance PRO™ Reference Manual Appendix A: The SWCONF File XYPRO Technology Corporation 236 Proprietary and Confidential
Appendix B: The SWACL File The SWACL file is located in the same subvolume as the XYGATESW software. It has three keywords: ACLGROUP, TASK and NODE. B1: The SWACL File Keywords There are three keywords available in the SWACL file as follows: ACLGROUP $ TASK NODE B2: Sample SWACL File This sample SWACL file shows how the keywords described in the following subsections are used in a production environment.
XYGATE® Compliance PRO™ Reference Manual Appendix B: The SWACL File B3: ACLGROUP ACLGROUP is a method for profiling users by group name rather than listing the entire set of users. Syntax: ACLGROUP $ where is a 31-character name and is a list of valid NonStop userids and aliases. Example: ACLGROUP $EVERYONE \*.*.* ALIAS:”\*.*” In this example, the entire set of userids and aliases available on the NonStop server is labeled $EVERYONE.
XYGATE® Compliance PRO™ Reference Manual Appendix B: The SWACL File This example allows any userid or alias to connect to a NonStop server using the XSW GUI and request a collection. Of course, Safeguard and/or XOS security on the NonStop host software that constitutes the XSW application will ultimately limit who can execute the collection software. Example: TASK COLLECTION ACL SEC.* TECH.
XYGATE® Compliance PRO™ Reference Manual Appendix B: The SWACL File XYPRO Technology Corporation 240 Proprietary and Confidential
Appendix C: XSW Host Macros Several host macros are supplied with the XSW software. These macros provide extra functionality or convenient methods of performing common tasks. Note: Throughout this section, it is assumed that XSW is the name assigned to XYGATESW at the time of installation. If your installation uses another name, the macro names will change to match the name of your installation. The XSW macros are stored in the XSW_SEG TACL segment that is attached when the user executes XSW INSTALL.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros C2: XSWHELP The XSWHELP macro displays information about all of the host XYGATESW macros. Syntax: XSWHELP Example: 42> XSWHELP XSW_EDIT_ACL This macro provides a controlled method for changing the SWACL file. It makes a copy of the existing SWACL. The EDIT program is started with the copy. After modifying the copy, the copy will be checked for syntax errors. If there are no syntax errors, you will be prompted to install the new ACL.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros XSW_REPORT The XSW_REPORT macro displays the Report Selection Screen. Alter the criteria by entering the letter representing the item you wish to change. Once you have altered the criteria you wish to, press either "Z" or "ZP" to generate the report. Z - generates the report and returns you to a TACL prompt. ZP - generates the report and opens peruse.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros C3: XSW_AUDIT_REPORT XSW_AUDIT_REPORT is a single-line, batch-oriented method of generating an audit report. Most often this used in a TACL macro. The REPMAC sample TACL macro is described in section 12.4.3, “Designing Your Own Custom Audit Reports (REPMAC)” starting on page 220.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros operation CONNECT, DISCONNECT, INITIATE, DELETE, START. outcome S(ucess), F(ail), or * for all. result Explanation of audit event, * for all. client-logon PC user login name. custom-columns Used only when sort-order is set to CUSTOM.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros Example: Operation <*>?*CONNECT Includes CONNECT and DISCONNECT Also, the NOT keyword can be used on most fields. Syntax:
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros C4: XSW_DATETIME_MAKE XSW_DATETIME_MAKE allows relative dates to be included when other macros, such as XSW_AUDIT_REPORT, are used. This macro calculates dates to establish a range of dates in the past equal to the entered. The macro can be run on the command line or used in a TACL macro to create batch jobs.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros C5: XSW_EDIT_ACL The XSW_EDIT_ACL macro automates the recommended method of changing the SWACL file. First, the macro makes a duplicate of the current SWACL file and names it NEWSWACL. Then it presents the duplicate, NEWSWACL, for editing. After all the editing changes are done, the NEWSWACL is checked for syntax errors. If no errors are found, XSW_EDIT_ACL asks if you want to install the new ACL.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros Checking for SYNTAX errors in the NEWSWACL XYGATE/SW 2.80 (c) 2003-2012 XYPRO Technology Corporation XYPRO Technology \SIMI 20121231 SWCONF CHECKSUM 336940895 ($SYSTEM.XYGATESW.SWCONF) SWACL CHECKSUM 1451102739 ($SYSTEM.XYGATESW.NEWSWACL) No syntax errors found Do you want to install the new ACL (Y/N) ?Y FILES DUPLICATED: 1 Last generation is $SYSTEM.XYGATESW.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros At this point, you can enter N to save the erroneous file in order to fix the error; or enter Y to discard your changes. Either way, the existing SWACL file has not been changed and is still in use. Example – New SWACL file already exists If there is already a NEWSWACL file when you make the call to XSW_EDIT_ACL, then you need to decide what to do with that NEWSWACL file. Example 3: $SYSTEM.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros C6: XSW_INSTALL_LICENSE This macro moves the P44F001 license from a temporary location into the XSW subvolume. The old license is renamed rather than deleted so it can be recovered if necessary. Syntax: XSW_INSTALL_LICENSE Example: TACL> XSW_install_license $A.WORK.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros C7: XSW_REPORT XSW_REPORT generates an audit report using the XSW audit file (the AUDIT keyword is described in Appendix A:). The XSW_REPORT macro prompts for information to use in generating the report and is thus run interactively. Refer to section 12.4.2, “Generating Host Audit Reports using XSW_REPORT” starting on page 210. C8: XSW_SYNTAX_CHECK XSW_SYNTAX_CHECK performs a syntax check on the SWACL file.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros C9: XSW_VERSION XSW_VERSION displays VPROC information for the XYGATESW objects. This information may be requested by XYPRO Technical Support during support calls. Example: TACL> XSW_VERSION This is version 2.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros XYPRO Technology Corporation 254 Proprietary and Confidential
Appendix D: XSW Host Error Messages The XSW host module displays several types of errors that go to EMS or are visible on the screen to a user. The following table describes these errors: Error Message Where the message is logged Cause and Action XSW; ; EMS or terminal output of the XSW_SYNTAX_CHECK macro (described on page 252). XSW has an invalid license. Contact support@xypro.com or your XYGATE sales representative.
XYGATE® Compliance PRO™ Reference Manual Appendix C: XSW Host Macros Error Message Where the message is logged Cause and Action XSW - Syntax Error in SWCONF at line - EMS or terminal output of the XSW_SYNTAX_CHECK macro (described on page 252). There is a syntax error in the SWCONF file. The error may be caused by a misspelled configuration keyword or an invalid value to a keyword.
Glossary Some specialized terms are used in XSW. Terms in bold font are defined in this section. ACCESS MAP Access mapping provides a way to discover which users can do what to which files based on Guardian, Safeguard, and XOS security implementations and which users can execute which ACACL Command entries in XAC. ALTERNATE TAB Alternate views of security rules are available on tabs via the treeview. These tabs can be used or custom tabs created.
XYGATE® Compliance PRO™ Reference Manual Glossary Best Practices that have been created by XYPRO in accordance with HP NonStop Server Security: A Practical Handbook are prefixed with BP. Best Practices defined by the customer are prefixed with CP. COLLECT To collect is to gather data on the NonStop Host using the XYGATESW program and its associated macros and program. Collecting XSW data acquires information about the collection entity that was specified in the definition of the collection.
XYGATE® Compliance PRO™ Reference Manual Glossary CUSTOMER BEST PRACTICE The Best Practice policies allow a customer to define Best Practices that are specific to a single node. The Best Practices are prefixed with CP (Customer Practice). DATA DISCOVERY QUERY A data discovery query is the display of information gathered in a collection dataset according to a defined rule. There are five types of security rules/queries.
XYGATE® Compliance PRO™ Reference Manual Glossary EMS Templates and Macros The EMS Message Format Templates allow the output from ALERTS and program messages written to EMS to be tokenized and organized as desired by the customer. The following three files are supplied at installation to allow for this customization: EMSBUILD A macro to build the template file based on the system templates and the EMSTEMP file. EMSDDL A DDL layout for the EMS message.
XYGATE® Compliance PRO™ Reference Manual Glossary MERGED COLLECTION A merged collection is the combined data gathered from two or more host connections. A single host connection can gather data for any number of other NonStop hosts that are connected to that host connection via EXPAND, but sometimes it is necessary to build a unified security picture of a NonStop host installation where there are systems that cannot be connected using EXPAND and thus require separate host connections.
XYGATE® Compliance PRO™ Reference Manual Glossary Note: Not all Security Query/Rules that are defined will lead to a policy. A security query/rule lists security information without tracking. A Best Practice policy is defined by XYPRO and optionally updated by the customer. A dataset is matched against a set of Best Practice policies to produce a snapshot picture of the current state of the NonStop server host.
XYGATE® Compliance PRO™ Reference Manual Glossary SECURITY RULE GROUP A security rule group is a set of security rules/queries that can be grouped together for a specific reason. An example might be a security rule group designed to fit the needs of a specific user, such as the security administrator or the auditor, or security rule group that fits a certain collection schedule, such as weekly. Security Rule Groups are a way to organize rules in some user-defined categories.
XYGATE® Compliance PRO™ Reference Manual Glossary XYPRO Technology Corporation 264 Proprietary and Confidential
Index Default and User-Defined Values ...............3 Default Values or Locations ........................4 Running ......................................................6 A Access Analysis Mapping Guardian Access Queries ...................... 195 Loading Access Maps Automatically ...... 183 NonStop Guardian Files......................... 194 OSS Files .............................................. 200 Review Results ...................................... 184 Safeguard Mapping ...........................
XYGATE® Compliance PRO™ Reference Manual Index Starting, First Time .................................. 41 User Preferences ..................................... 45 XSW Main Treeview ................................ 30 Connection Configurations .......................... 80 Database Locations Tab .......................... 86 Host Environments Tab ........................... 89 Service Process Tab ................................ 80 Guardian Access Queries ..........................
XYGATE® Compliance PRO™ Reference Manual Index Converting from Data Discovery ............ 131 Loading Policies Automatically............... 135 Policy Data items ................................... 136 Properties and Maintenance tabs .......... 138 Set Policy button ............................ 130, 131 Loading Policies Automatically ...............135 Maintenance Functions ..........................149 Policy Data items....................................136 Properties and Maintenance tabs ...........
XYGATE® Compliance PRO™ Reference Manual Index Installing .................................................. 82 Uninstalling .............................................. 82 Updating or Restarting ............................. 82 xswServicesw.exe ....................................... 78 XTR and IPV6 ............................................. 49 Comparing Discrepancies.......................180 Display ...................................................179 Loading Product Info Automatically ........
XYGATE® Compliance PRO™ Reference Manual Index XYPRO Technology Corporation 269 Proprietary and Confidential
