![[Compaq]](../../images/hp.gif)
![[Go to the documentation home page]](../../images/buttons/hp_bn_site_home.gif)
![[How to order documentation]](../../images/buttons/hp_bn_order_docs.gif)
![[Help on this site]](../../images/buttons/hp_bn_site_help.gif)
![[How to contact us]](../../images/buttons/hp_bn_comments.gif)
![[OpenVMS documentation]](../../images/hp_ovmsdoc_sec_head.gif)
| Document revision date: 15 July 2002 | |
|
|
|
|
|
|
| Previous | Contents | Index |
BACKUP has several qualifiers for further ensuring the integrity of
your backups. Compaq recommends using these qualifiers if you want to
achieve maximum data integrity. This section describes some of the ways
you can increase data integrity with BACKUP. For more information about
these qualifiers, refer to the OpenVMS System Management Utilities Reference Manual.
11.18.1 /CRC Qualifier
The /CRC qualifier enables the software cyclic redundancy check (CRC). The default is /CRC; you must specify /NOCRC to disable checking. Disabling checking reduces processing time, but increases the risk of data error.
As an output save-set qualifier, /CRC writes the CRC checking code into the blocks of the output save set.
As an input save-set qualifier, /CRC checks the CRC information in the input save set.
Compaq recommends that you use the CRC. Although it increases
processing time, it also improves data integrity.
11.18.2 /GROUP_SIZE Qualifier
This output save-set qualifier causes BACKUP to write redundant data to the output save set. This allows BACKUP to attempt to correct read errors during the backup restore operation. Use the /GROUP_SIZE qualifier to define the number of blocks in each group of redundant information. For example:
$ BACKUP/IMAGE/RECORD _From: DKA100: _To: MKB100:BACKUP.SAV/LABEL=WKY101/GROUP_SIZE=20 |
This command adds a recovery block after every 20 blocks of saved data. This allows BACKUP to recover a corrupted data block for every 20 blocks of saved data. The value of the /GROUP_SIZE qualifier defaults to 10.
Although using this qualifier increases the size of the save set and
the processing time for the operation, Compaq recommends using the
/GROUP_SIZE qualifier to increase data integrity.
11.18.3 /IGNORE Qualifier
Compaq recommends that you back up your system when no interactive users are logged in. This is because if BACKUP encounters an open file during a save operation, it issues an error message and does not copy the file.
You can instruct the backup procedure to save open files by using the /IGNORE=INTERLOCK qualifier on the BACKUP command. When you use the /IGNORE=INTERLOCK qualifier, the contents of the file at the moment of the backup are saved.
The /IGNORE=INTERLOCK qualifier is useful for files that are constantly open (and would therefore not otherwise be saved). However, you must recognize that you might be saving inconsistent data, depending on the applications that are writing to the open files (for example, open application transactions or file data cached in memory). Also, because of the way BACKUP scans directories, any activity in a directory (such as creating or deleting files) can cause files to be excluded from the backup. In general, it is best to back up your system when a minimum number of files are open.
Also, because of the way the file system works, using the
/IGNORE=INTERLOCK qualifier to back up open files affects subsequent
incremental backups. For example, you can back up an open file with the
BACKUP/IMAGE/RECORD/IGNORE=INTERLOCK command. However, the backup date
field of the file is not updated until you close the file. If the file
remains open during subsequent incremental backups, it is not included
in those backups because its backup date field is not as recent as the
last image backup.
11.18.4 /LOG Qualifier
Use the /LOG qualifier to the BACKUP command to display the file specification of the files that BACKUP processes during a backup operation. For example, if you are copying files in a directory, you can use the /LOG qualifier to display the file specification of each file copied:
$ BACKUP/LOG _From: WORK3:[OCONNELL]*.* _To: WORK1:[OCONNELL.SCRATCH]*.* %BACKUP-S-CREDIR, created WORK1:[OCONNELL.SCRATCH.COM] %BACKUP-S-CREATED, created WORK1:[OCONNELL.SCRATCH]DECW$MAIL.DAT;2 %BACKUP-S-CREATED, created WORK1:[OCONNELL.SCRATCH]DECW$SM.LOG;42 %BACKUP-S-CREATED, created WORK1:[OCONNELL.SCRATCH]DECW$SM.LOG;41 . . . |
Use the /VERIFY qualifier to cause BACKUP to compare the contents of the input and output specifiers after a save, restore, or copy operation. When BACKUP is executing the verification pass, it displays the following message:
%BACKUP-I-STARTVERIFY, starting verification pass |
If BACKUP finds differences between the input and output files, it issues an error message.
Compaq recommends that you use the /VERIFY qualifier. Although it increases processing time, it also improves data integrity.
Backing Up a Save Set Twice Using /VERIFY Qualifier
The problem described in this section applies to TZ87 and TZ88 tape drives and to TZ89 tape drives. If you mount a tape /FOREIGN and then back up files to a save set twice, the second save set reports errors under the following conditions:
| For BACKUP /BLOCKSIZE= | The Files Must Total at Least |
|---|---|
| 4000 | 6300 1 blocks |
| 3580 | 5400 1 blocks |
Error messages similar to the following ones are displayed:
%BACKUP-I-STARTVERIFY, starting verification pass %BACKUP-E-READERR, error reading MKB300:[]SET.SAV; -SYSTEM-W-DATAOVERUN, data overrun %BACKUP-E-INVBLKSIZE, invalid block size in save set %BACKUP-E-INVRECSIZ, invalid record size in save set %BACKUP-F-READERRS, excessive error rate reading MKB300:[]SET.SAV; -SYSTEM-W-DATAOVERUN, data overrun |
This section describes some common BACKUP errors and how to recover
from them.
11.19.1 BACKUP Fatal Error Options
If, in the course of a backup operation, the Backup utility or standalone BACKUP encounters fatal hardware- or media-related errors or encounters more media errors than considered reasonable for data reliability, BACKUP generates the following informational message and prompt:
%BACKUP-I-SPECIFY, specify option (CONTINUE, RESTART, QUIT) BACKUP> |
If BACKUP is running interactively and you used the command qualifier /NOASSIST, you can enter an option in response to the BACKUP> prompt. If BACKUP is executing as a batch job or you specified the command qualifier /ASSIST, the operator must use the DCL command REPLY to enter an option. |
The option you choose depends on several factors, as explained in Table 11-9.
| Option | Restrictions | Result |
|---|---|---|
| CONTINUE | May compromise data reliability. Use only if the position of the tape has not changed since the original error and if the error does not imply that data has already been lost. | If possible, BACKUP ignores the error and continues processing. |
| RESTART | Not valid if the output volume is the first volume in the backup operation. | BACKUP unloads the current tape from the drive and prompts for another volume. After you load another tape, BACKUP restarts the save operation from the point at which the original tape was mounted. |
| QUIT | None. | BACKUP terminates the operation and you can reenter the command. |
The following example illustrates the sequence of events that occurs when BACKUP encounters an excessive rate of media errors on VOL3 and you choose the RESTART option:
%BACKUP-F-WRITEERRS, excessive error rate writing VOL3 %BACKUP-I-SPECIFY, specify option (CONTINUE, RESTART, QUIT) BACKUP> |
When you instruct BACKUP to use a tape that has a label other than the one you specified, BACKUP issues the following message:
%MOUNT-I-MOUNTED, DKA0 mounted on _SODAK$MUA0: %BACKUP-W-MOUNTERR, volume 1 on _SODAK$MUA0 was not mounted because its label does not match the one requested %BACKUP-W-EXLABEER, volume label processing failed because volume TAPE4 is out of order, Volume label TAPE1 was expected specify option (QUIT, NEW tape, OVERWRITE tape, USE loaded tape) BACKUP> |
Depending on the option you specify, you can quit the backup operation (QUIT), dismount the old tape and mount a new one (NEW), overwrite the data on the tape (OVERWRITE), or USE the loaded tape.
If you use blank tapes or tapes that you intend to overwrite, use the /IGNORE=LABEL_PROCESSING qualifier. This suppresses the previous BACKUP message, which normally occurs if BACKUP encounters a non-ANSI-labeled tape during a save operation.
This chapter outlines the security features available with the OpenVMS operating system and suggests procedures to reduce the threat of a break-in on your system or cluster. It also tells how to use the access control list editor (ACL editor) to create and modify access control list entries (ACEs) on protected objects. For a more detailed description of security management, refer to the OpenVMS Guide to System Security.
Information Provided in This Chapter
This chapter describes the following tasks:
| Task | Section |
|---|---|
| Managing passwords | Section 12.2 |
| Adding to the system password dictionary | Section 12.2.1 |
| Setting up intrusion detection | Section 12.3 |
| Interpreting a user identification code (UIC) | Section 12.4.1 |
| Parsing a protection code | Section 12.4.2 |
| Creating access control lists (ACLs) | Section 12.6 |
| Using the access control list editor (ACL editor) | Section 12.8 |
| Auditing security-relevant events | Section 12.9.1 |
This chapter explains the following concepts:
| Concept | Section |
|---|---|
| What security management involves | Section 12.1 |
| Aspects of password management | Section 12.2 |
| Ways to protect objects | Section 12.4 |
| Construction of access control lists (ACLs) | Section 12.6 |
| Audit log file analysis | Section 12.10 |
For full descriptions of all these tasks and concepts, refer to the
OpenVMS Guide to System Security.
12.1 Understanding Security Management
As the person responsible for the day-to-day system management, you play an important role in ensuring the security of your system. Therefore, you should familiarize yourself with the security features available with the OpenVMS operating system and implement the features needed to protect systems, users, and files from damage caused by tampering. Effective operating system security measures help prevent unauthorized access and theft of proprietary software, software plans, and computer time. These measures can also protect equipment, software, and files from damage caused by tampering.
Security problems on most systems are generally caused by irresponsibility, probing, or penetration. The tolerance that your site might have to a breach of security depends on the type of work that takes place at your site.
A secure system environment is a key to system security. Compaq strongly encourages you to stress environmental considerations when reviewing site security.
In the OpenVMS operating system, managing system security is concerned with three major areas:
The following sections describe measures to control access to your
system and its resources.
12.2 Managing Passwords
A site needing average security protection always requires the use of passwords. Sites with more security needs frequently require generated passwords and system passwords. Highly secure sites sometimes choose to use secondary passwords to control network access.
This section describes basic elements of the standard OpenVMS password
policy and how to manage them. For information about how to manage
extensions to the standard password policy (also known as
external authentication), refer to the chapter
Managing System Access in the OpenVMS Guide to System Security.
12.2.1 Initial Passwords
When you open an account for a new user with the Authorize utility, you must give the user a user name and an initial password. When you assign temporary initial passwords, observe all guidelines recommended in Section 12.2.5. You should consider using the automatic password generator. Avoid any obvious pattern when assigning passwords.
Using the Automatic Password Generator
To use the automatic password generator while using the Authorize utility to open an account, add the /GENERATE_PASSWORD qualifier to either the ADD or the COPY command. The system responds by offering you a list of automatically generated password choices. Select one of these passwords, and continue setting up the account.
Using the System Dictionary and the Password History List
The OpenVMS operating system automatically compares new passwords with a system dictionary to ensure that a password is not a native language word. It also maintains a password history list of a user's last 60 passwords. The operating system compares each new password with entries in the password history list to ensure that an old password is not reused.
The system dictionary is located in SYS$LIBRARY. You can enable or disable the dictionary search by specifying the DISPWDDIC or NODISPWDDIC option with the /FLAGS qualifier in AUTHORIZE. The password history list is located in SYS$SYSTEM. To enable or disable the history search, specify the DISPWDHIS or NODISPWDHIS option to the /FLAGS qualifier.
Adding to the System Password Dictionary
You can modify the system password dictionary to include words of significance to your site. The following procedure allows you to add words to the system dictionary. The procedure also allows you to retain a file of the passwords that you consider unacceptable.
$ CREATE LOCAL_PASSWORD_DICTIONARY.DATA somefamous localheroes [Ctrl/Z] |
$ SET PROCESS/PRIVILEGE=SYSPRV $ CONVERT/MERGE/PAD LOCAL_PASSWORD_DICTIONARY.DATA - _$ SYS$LIBRARY:VMS$PASSWORD_DICTIONARY.DATA |
When you add a new user to the UAF, you might want to define that user's password as having expired previously using the AUTHORIZE qualifier /PWDEXPIRED. This forces the user to change the initial password when first logging in.
Preexpired passwords are conspicuous in the UAF record listing. The entry for the date of the last password change carries the following notation:
|
(pre-expired) |
By default, the OpenVMS operating system forces new users to change
their passwords the first time they log in. Encourage your site to use
a training program for its users that includes information about
changing passwords.
12.2.2 System Passwords
System passwords control access to terminals that might be targets for unauthorized use, as follows:
Implementing system passwords is a two-stage operation involving the
DCL commands SET TERMINAL and SET PASSWORD. First, you must decide
which terminals require system passwords. Then, for each terminal, you
enter the DCL command SET TERMINAL/SYSPASSWORD/PERMANENT. To enable
system passwords for all terminals, set the appropriate bit in the
system parameter TTY$DEFCHAR2.
12.2.3 Primary and Secondary Passwords
The use of dual passwords is cumbersome and mainly needed at sites with high-level security concerns. The effectiveness of a secondary passwords depends entirely on the trustworthiness of the supervisor who supplies it. A supervisor can easily give out the password or worse yet, change it to a null string.
The main advantage of a second password is that it prevents accounts from being accessed through DECnet for OpenVMS using simple access control.
Another advantage of a second password is that it can serve as a
detection tool when a site has unexplained break-ins after the password
has been changed and the use of the password generator has been
enforced. Select problem accounts, and make them a temporary target of
this restriction. If the problem goes away when you institute personal
verification through the secondary password, you know you have a
personnel problem. Most likely, the authorized user is revealing the
password for the account to one or more other users who are abusing the
account. Refer to the OpenVMS Guide to System Security for an explanation of how to add
secondary passwords.
12.2.4 Enforcing Minimum Password Standards
Security managers can use AUTHORIZE to impose minimum password standards for individual users. Specifically, qualifiers and login flags provided by AUTHORIZE control the minimum password length, how soon passwords expire, and whether the user is forced to change passwords at expiration.
With the AUTHORIZE qualifier /PWDLIFETIME, you can establish the maximum length of time that can elapse between password changes before the user will be forced to change the password or lose access to the account.
The use of a password lifetime forces the user to change the password regularly. The lifetime can be different for different users. Users who have access to critical files generally should have the shortest password lifetimes.
Forcing Expired Password Changes
By default, users are forced to change expired passwords when logging in. Users whose passwords have expired are prompted for new passwords at login. A password is valid for 90 days unless a site modifies the value with the /PWDLIFETIME qualifier.
With the AUTHORIZE qualifier /PWDMINIMUM, you can direct that all password choices must be a minimum number of characters in length. Users can still specify passwords up to the maximum length of 32 characters.
Requiring the Password Generator
The /FLAGS=GENPWD qualifier in AUTHORIZE allows you to force the use of the automatic password generator when a user changes a password. At some sites, all accounts are created with this qualifier. At other sites, the security manager can be more selective.
| Previous | Next | Contents | Index |
|
|
| privacy and legal statement | ||
| 6017PRO_053.HTML | ||