HP 3000 Manuals HP 3000 Manuals
Table of Contents
Manager's Guide to MPE/iX Security
Manager's Guide to MPE/iX Security : COPYRIGHT NOTICE
Ch 1. Introduction
Manager's Guide to MPE/iX Security
Ch 2. Overview of Security on the MPE/iX Computer System
Physical Security
Procedural Security
System Security
Identification
Authentication
Authorization
User Roles
The System Manager
The System Supervisor
The System Operator
The Account Manager
General Users
Components of the Account Structure
The Individual Account
Using Files
Standard Characteristics
Creating Naming Conventions
User Names
Group Names
File Names
Hierarchical file system (HFS)
HFS file names
HFS syntax
Designing an Account Structure
Controlling Access to System Resources
Auditing System Usage
Security Policy
Security Considerations
General Security Threats
Loss of Use
Loss of Performance
Disclosure of Information
Loss of Integrity
Recognizing Security Incursions
General Defenses Against Security Threats
Defenses Against Loss of Use
Prevention of Access
Defenses Against Loss of Performance
Defenses Against Data and Performance Loss Due to Sabotage
Defenses Against Information Disclosure
Ch 3. Managing System Users with Passwords and Logon Restrictons
Managing System Access with Passwords
Commands Used to Create and Maintain Passwords
Guidelines for Selecting Passwords
Creating a New Account with a Password
Modifying an Account Password
Removing Account Level Passwords
Creating a New Group With Group Password
Modifying a Group Password
Removing Group Level Passwords
Creating a New User With User Passwords
Modifying a User Password
Modifying User Passwords with :PASSWORD
Removing User Passwords
Displaying Security Information
Discussion
Managing System Access With Account and Group Attributes
Controlling Account and Group CPU Time Limits
Controlling Account and Group Connect Time
Managing System Access With Logon Restrictions
Controlling Access With Logon UDCs
Creating a UDC
Ch 4. Protecting Your System with Access Control Definitions (ACDs)
Access Control Definitions (ACDs)
What is an ACD?
How do ACDs work
Access modes
User specifications
Required ACDs
HFS Object creation
HFS Object deletion
HFS File renaming
File owner
Appropriate Privilege
System manager capability
Account manager capability
Execute (X) Access
User Identification
SAVE access in MPE groups
CWD and File Security
ACD examples
Tasks Involving System Security
Listing ACDs
Listing ACDs for directories and files in directories
Changing access to HFS files and directories
Creating ACDs
Assigning ACDs
Adding an ACD Pair
Replacing an ACD Pair
Replacing ACDs
Modifying ACDs
Deleting ACDs
Deleting an ACD Pair
Deleting Optional ACDs
Copying ACDs
Copying ACD Pairs
Copying Files That Have ACDs
Ch 5. Protecting Files with File Access Restrictions and Lockwords.
File System Security Features
Restricting File Access
Access Modes
User Types
Specifying File Access Restrictions
Account-Level File Security
Group-Level Security
File-Level Security
Default File Access Restrictions
Lockwords
Releasing and Securing File Security
Summary
Ch 6. Controlling User's Special Abilities with Capabilities.
Capabilities
Listing Capabilities
Listing Capabilities Assigned to an Account
Listing Capabilities Assigned to a Group
Listing Capabilities Assigned to Users
Assigning Capabilities
To assign capabilities to accounts, groups, users, and programs
To alter capabilities
Capabilities Table
Account Librarian (AL)
Account Manager (AM)
Batch Access (BA)
Use Communications Software (CS)
Diagnostician (DI)
Extra Data Segments (DS)
Group Librarian (GL)
Interactive Access (IA)
Multiple RIN (MR)
Network Administrator (NA)
Node Manager (NM)
Use Nonshareable Devices (ND)
Use Mountable Volume Sets (UV)
Privileged Mode (PM)
Process Handling (PH)
Programmatic Sessions (PS)
Save User Files Permanently (SF)
System Manager (SM)
System Supervisor (OP)
Use User Logging Facility (LG)
Create Mountable Volume Sets (CV)
Ch 7. Auditing System Use
Using System Logging
The LOG configurator
Entering the LOG Configurator
Using the LOG Configurator Help Facility
Showing Current LOG Values
Logging System Events
Logging User Events
Clearing Log Configuration Changes
Holding and Saving Configuration Changes
Entering an MPE Command from the LOG Configurator
Exiting the LOG Configurator
Printing a Log File
Printing a subset of a log file
Accessing Log Files from Programs
Creating and naming log files
Log file commands
File security
Log file structure
Console messages for log files
File error handling
LOGTOOL
Using the LOGTOOL Utility
COMMAND SUMMARY
Logging Formats
Format 1#### system log record header
Format 1#### system log audit trailer
Format 2#### system log record header
Log Record Types
System Log Record Formats
Log failure record,type 100
System up record,type 101
Job initiation record, type 102
Logon queue
CPU time limit
MPE/iX status
Job termination record, type 103
Process termination record, type 104
NM File close record, type 105
NM File close record, type 205
Unique file identifier (UFID)
Disposition field
Shutdown record, type 106
Power failure record, type 107
I/O error record,type 111
Physical mount/dismount record, type 112
Logical mount/dismount record, type 113
System Log Record Formats (cont.)
Tape labels record, type 114
Console log record, type 115
Program file event record, type 116
NMS spoolfile done log record, type 120 (input)
NMS spoolfile done log record, type 120 (output)
Processor launch information log record, type 131
Password changes log record, type 134
System logging configuration record, type 135
Restore log record,type 136
Restore log record, type 236
Printer access failure log record, type 137
ACD changes log record, type 138
Type 238
Job stream initiation log record, type 139
User logging record, type 140
System Log Record Formats (cont)
Process creation log record, type 141
Internal Data Structure, type 242
Change group record, type 143
File open record,type 144*
File open record, type 244
Configurable Command Logging
Maintenance Request Record Format, type 146
Diagnostic information records, type 150
Diagnostic system information record, type 150
High-priority machine check, type 151
Check type word
CPU state word
Detected by word
Cache check word
TLB check word
Bus check word
Assists check word
Processor check word
Assist ID word
Low-priority machine check, type 152
CM file close record, type 160
Ap A. The FOS Security Maintenance Checklist
Ap B. Error Messages
General Error Messages
General Error Messages (cont.)
ACD Related Error Messages
INDEX
Index