HPlogo

HP Security Monitor/iX Manager's Guide: HP 3000 MPE/iX Computer Systems
» 

Technical documentation

Complete book in PDF
» Feedback

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
   
 

HP Part Number: 32650-90498

Edition: First Edition

Published: Printed in U.S.A. April 1994

Table of Contents

Preface
1 Introduction
HP Security Monitor/iX Manager's Guide
2 Overview of Security on the MPE/iX Computer System
Physical Security
Procedural Security
System Security
Identification
Authentication
Authorization
Components of the Account Structure
The Individual Account
Using Files
Standard Characteristics
Creating Naming Conventions
User Names
Group Names
File Names
Hierarchical file system (HFS)
HFS file names
HFS syntax
Designing an Account Structure
Controlling Access to System Resources
Auditing System Usage
Security Policy
Security Considerations
General Security Threats
Loss of Use
Loss of Performance
Disclosure of Information
Loss of Integrity
Recognizing Security Incursions
General Defenses Against Security Threats
Defenses Against Loss of Use
Prevention of Access
Defenses Against Loss of Performance
Defenses Against Data and Performance Loss Due to Sabotage
Defenses Against Information Disclosure
3 Managing System Users with Passwords and Logon Restrictons
Managing System Access with Passwords
Commands Used to Create and Maintain Passwords
Guidelines for Selecting Passwords
Creating a New Account with a Password
Modifying an Account Password
Removing Account Level Passwords
Creating a New Group With Group Password
Modifying a Group Password
Removing Group Level Passwords
Creating a New User With User Passwords
Modifying a User Password
Modifying User Passwords with :PASSWORD
Removing User Passwords
Revising Old Passwords
Expiring User Passwords
Global Password Expiration
Password Aging
Encrypting Passwords
Discussion
Effects of Password Encryption
Enforcing Minimum Password Lengths
Displaying Security Information
Discussion
Managing System Access With Account and Group Attributes
Controlling Account and Group CPU Time Limits
Controlling Account and Group Connect Time
Managing System Access With Logon Restrictions
Controlling Access With Logon UDCs
Creating a UDC
4 Protecting Your System with Access Control Definitions (ACDs)
Access Control Definitions (ACDs)
What is an ACD?
How do ACDs work
Access modes
User specifications
Required ACDs
HFS Object creation
HFS Object deletion
HFS File renaming
File owner
Appropriate Privilege
System manager capability
Account manager capability
Execute (X) Access
User Identification
SAVE access in MPE groups
CWD and File Security
The Maximum File Protection Option
ACD examples
Tasks Involving System Security
Listing ACDs
Listing ACDs for directories and files in directories
Changing access to HFS files and directories
Creating ACDs
Assigning ACDs
Adding an ACD Pair
Replacing an ACD Pair
Replacing ACDs
Modifying ACDs
Deleting ACDs
Copying ACDs
Copying Files That Have ACDs
5 Protecting Files with File Access Restrictions and Lockwords.
File System Security Features
Restricting File Access
Access Modes
User Types
Specifying File Access Restrictions
Account-Level File Security
Group-Level Security
File-Level Security
Default File Access Restrictions
Lockwords
Releasing and Securing File Security
Summary
6 Controlling User's Special Abilities with Capabilities.
Capabilities
Listing Capabilities
Listing Capabilities Assigned to an Account
Listing Capabilities Assigned to a Group
Listing Capabilities Assigned to Users
Assigning Capabilities
To assign capabilities to accounts, groups, users, and programs
To alter capabilities
Capabilities Table
Account Librarian (AL)
Account Manager (AM)
Batch Access (BA)
Use Communications Software (CS)
Diagnostician (DI)
Extra Data Segments (DS)
Group Librarian (GL)
Interactive Access (IA)
Multiple RIN (MR)
Network Administrator (NA)
Node Manager (NM)
Use Nonshareable Devices (ND)
Use Mountable Volume Sets (UV)
Privileged Mode (PM)
Process Handling (PH)
Programmatic Sessions (PS)
Save User Files Permanently (SF)
System Manager (SM)
System Supervisor (OP)
Use User Logging Facility (LG)
Create Mountable Volume Sets (CV)
7 Auditing System Use
Using System Logging
The LOG configurator
Entering the LOG Configurator
Using the LOG Configurator Help Facility
Showing Current LOG Values
Logging System Events
Logging User Events
Clearing Log Configuration Changes
Holding and Saving Configuration Changes
Entering an MPE Command from the LOG Configurator
Exiting the LOG Configurator
Printing a Log File
Printing a subset of a log file
Accessing Log Files from Programs
Creating and naming log files
Log file commands
File security
Log file structure
Console messages for log files
File error handling
LOGTOOL
Using the LOGTOOL Utility
COMMAND SUMMARY
Logging Formats
Format 1## system log record header
Format 1## system log audit trailer
Format 2## system log record header
Log Record Types
System Log Record Formats
Log failure record, type 100
System up record, type 101
Job initiation record, type 102
Job termination record, type 103
Process termination record, type 104
NM File close record, type 105
NM File close record, type 205
Shutdown record, type 106
Power failure record, type 107
I/O error record, type 111
Physical mount/dismount record, type 112
Logical mount/dismount record, type 113
Tape labels record, type 114
Console log record, type 115
Program file event record, type 116
NMS spoolfile done log record, type 120 (input)
NMS spoolfile done log record, type 120 (output)
Processor launch information log record, type 131
Password changes log record, type 134
System logging configuration record, type 135
Restore log record, type 136
Restore log record, type 236
Printer access failure log record, type 137
ACD changes log record, type 138
Type 238
Job stream initiation log record, type 139
User logging record, type 140
Process creation log record, type 141
Internal Data Structure, type 242
Change group record, type 143
File open record, type 144*
File open record, type 244
Configurable Command Logging
Maintenance Request Record Format, type 146
Diagnostic information records, type 150
Diagnostic system information record, type 150
High-priority machine check, type 151
Low-priority machine check, type 152
CM file close record, type 160
8 Using the Security Configurator (SECCONF)
Overview
Running the Security Configurator (SECCONF)
Global Security Options
Device Password Configuration
Commands Logging and Access
User Security Options
List Current Security Configuration
Reset Security Configuration
A The Security Maintenance Checklist
B Error Messages
General Error Messages
Error Messages
Index

List of Figures

2-1 Account Relationships
2-2 An Individual Account
2-3 Groups, Users, and Files
2-4 MPE/iX File System Example
3-1 Password Aging Life Cycle
5-1 Lockwords and Passwords
7-1 Log File Format

List of Tables

2-1 Where Accounts, Groups, Directories, and Files Can Be Located
2-2 Maximum Lengths of Account, Group, Directory, and File Names
2-3 Syntax Summary
2-4 Synopsis of Possible Security Threats and Defenses
4-1 User Categories
5-1 File Access Modes
5-2 User Types
5-3 Default File Access Restrictions
6-1 Capabilities
6-2 Default Capabilities
6-3 Capability Assignments
7-1 Log File Errors
7-2 LOGTOOL Commands
7-3 System Log Record Header
7-4 System Log Audit Trailer
7-5 Format 2## System Log Record Content
7-6 Log Record Types
7-7 Log Record Heading Format
7-8 System Up Record Format
7-9 ISL Data for Last Boot (128 bytes)
7-10 MPE/iX Operating System System-Dependent Data (128 bytes)
7-11 Job Initiation Record Format
7-12 Job Termination Record Format
7-13 Process Termination Record Format
7-14 File Close Record Format
7-15 Record Type 205
7-16 Shutdown Record Format
7-17 Power Failure Record Format
7-18 I/O Error Record Format
7-19 Physical Mount/Dismount Format
7-20 Logical Mount/Dismount Record Format
7-21 Tape Labels Record Format
7-22 Console Log Record Format
7-23 Program File Event Record Format
7-24 Spoolfile Done Log Record Format (Input)
7-25 Spoolfile Done Log Record Format (Output)
7-26 Processor Launch Information Log Record Format
7-27 Password Changes Log Record Format
7-28 System Logging Configuration Record Format
7-29 Restore Log Record Format
7-30 Record Type 236
7-31 Printer Access Failure Log Record Format
7-32 ACD Changes Log Record Format
7-33 Record Type 238
7-34 Stream Initiation Log Record Format
7-35 User Logging Record Format
7-36 Process Creation Record Format
7-37 Internal Data Structure
7-38 Change Group Record Format
7-39 File Open Record Format
7-40 Record Type 244
7-41 Record Type 245
7-42 Maintenance Request Record Format
7-43 Auto-Diagnostic Record Format
7-44 Diagnostic System Information Record Format
7-45 High-Priority Machine Check Record Format
7-46 Low-Priority Machine Check Record Format
7-47 CM File Close Record Format

List of Examples

7-1 Example 6-1. Activating the LOG Configurator
7-2 Example 6-2. LOG Configurator Help
7-3 LOG Configurator HELP ALL
7-4 Showing User Logging Processes
   


Preface  
Feedback to webmaster