Updated: 11 December 1998 |
OpenVMS Guide to System Security
Previous | Contents | Index |
B.2.14 Files in SYSMGR
The directory SYSMGR contains the following files:
Directory SYS$SYSDEVICE:[VMS$COMMON.SYSMGR] AGEN$NEW_NODE_DEFAULTS.DAT;1 AGEN$NEW_NODE_DEFAULTS.TEMPLATE;1 AGEN$NEW_SATELLITE_DEFAULTS.DAT;1 AGEN$NEW_SATELLITE_DEFAULTS.TEMPLATE;1 AGENPARAMS.EXE;1 ALFMAINT.COM;1 CLUSTER_CONFIG.COM;1 DBLSTRTUP.COM;1 DECW$DEVICE.COM;1 DECW$DEVICE_GE.COM;1 DECW$DEVICE_GF.COM;1 DECW$DEVICE_GG.COM;1 DECW$PRIVATE_SERVER_SETUP.TEMPLATE;1 DECW$RGB.DAT;1 DECW$STARTSERVER.COM;1 DECW$STARTXTERMINAL.COM;1 DNS$CHANGE_DEF_FILE.COM;1 DNS$CLIENT_STARTUP.COM;1 DNS$CLIENT_STOP.COM;1 EDTINI.TEMPLATE;1 LAT$SYSTARTUP.COM;1 LAT$SYSTARTUP.TEMPLATE;1 LIB$DT_STARTUP.COM;1 LOADNET.COM;1 LOGIN.COM;1 LOGIN.TEMPLATE;1 LPA11STRT.COM;1 LTLOAD.COM;1 MAKEROOT.COM;1 NETCONFIG.COM;1 RTTLOAD.COM;1 SECURITY.AUDIT$JOURNAL;1 SMISERVER.COM;1 SNAPSHOT$CLEANUP.COM;1 SNAPSHOT$NEW_DISK.COM;1 SNAPSHOT$SYCLEANUP.TEMPLATE;1 SNAPSHOT$SYSHUTDOWN.TEMPLATE;1 SNAPSHOT.COM;1 STARTNET.COM;1 SYCONFIG.COM;1 SYCONFIG.TEMPLATE;1 SYLOGICALS.COM;1 SYLOGICALS.TEMPLATE;1 SYLOGIN.COM;1 SYLOGIN.TEMPLATE;1 SYPAGSWPFILES.COM;1 SYPAGSWPFILES.TEMPLATE;1 SYSECURITY.COM;1 SYSECURITY.TEMPLATE;1 SYSHUTDWN.COM;1 SYSHUTDWN.TEMPLATE;1 SYSTARTUP_V5.COM;1 SYSTARTUP_VMS.COM;1 SYSTARTUP_VMS.TEMPLATE;1 TFF$STARTUP.COM;1 UTC$CONFIGURE_TDF.COM;1 VMS$AUDIT_SERVER.DAT;1 VMS$IMAGES_MASTER.DAT;1 VMSIMAGES.DAT;1 WELCOME.TEMPLATE;1 WELCOME.TXT;1 Total of 61 files. |
The directory SYSMSG contains the following files:
Directory SYS$SYSDEVICE:[VMS$COMMON.SYSMSG] ADAMSG.EXE;1 CLIUTLMSG.EXE;1 CXXL$MSG_SHR.EXE;1 DBGTBKMSG.EXE;1 DBLRTLMSG.EXE;1 DECW$TRANSPORTMSG.EXE;1 DNS$MSG.EXE;1 EPC$MSG.EXE;1 FILMNTMSG.EXE;1 LMCP$MSG.EXE;1 LMF_MESSAGE.EXE;1 NETWRKMSG.EXE;1 PASMSG.EXE;1 PLIMSG.EXE;1 PPLMSG.EXE;1 PRGDEVMSG.EXE;1 RPGMSG.EXE;1 SCNMSG.EXE;1 SHRIMGMSG.EXE;1 SORTMSG.EXE;1 SYSMGTMSG.EXE;1 SYSMSG.EXE;1 TECOMSG.EXE;1 TPUMSG.EXE;1 VAXCMSG.EXE;1 VMSINSTAL_LANGUAGE.COM;1 VMSLICENSE_LANGUAGE.COM;1 VVIEFMSG.EXE;1 Total of 28 files. |
The directory SYSTEST contains the following files:
Directory SYS$SYSDEVICE:[VMS$COMMON.SYSTEST] DECDTM_IVP.EXE;1 TCNTRL.CLD;1 UETCDRO00.EXE;1 UETCLIG00.COM;1 UETCLIG00.DAT;1 UETCLIG00.EXE;1 UETCOMS00.EXE;1 UETDISK00.EXE;1 UETDMPF00.EXE;1 UETDNET00.COM;1 UETDNET00.DAT;1 UETDR1W00.EXE;1 UETDR7800.EXE;1 UETFORT01.DAT;1 UETFORT01.EXE;1 UETFORT02.EXE;1 UETFORT03.EXE;1 UETINIT00.EXE;1 UETINIT01.EXE;1 UETLOAD00.DAT;1 UETLOAD02.COM;1 UETLOAD03.COM;1 UETLOAD04.COM;1 UETLOAD05.COM;1 UETLOAD06.COM;1 UETLOAD07.COM;1 UETLOAD08.COM;1 UETLOAD09.COM;1 UETLOAD10.COM;1 UETLOAD11.COM;1 UETLPAK00.EXE;1 UETMA7800.EXE;1 UETMEMY01.EXE;1 UETNETS00.EXE;1 UETP.COM;1 UETPHAS00.EXE;1 UETRSXFOR.EXE;1 UETSUPDEV.DAT;1 UETTAPE00.COM;1 UETTAPE00.EXE;1 UETTTYS00.EXE;1 UETUNAS00.EXE;1 UETVECTOR.COM;1 UETVECTOR.EXE;1 Total of 44 files. |
The directory SYSUPD contains the following files:
Directory SYS$SYSDEVICE:[VMS$COMMON.SYSUPD] AUTOGEN.COM;1 BOOTUPD.COM;1 CONSCOPY.COM;1 CREATE_IDX.EXE;1 DECW$KITBLD.DAT;1 DECW$KITBLD.IDX;1 DECW$MKFONTDIR.COM;1 DECW$OBSOLETE.DAT;1 DECW$OBSOLETE.IDX;1 DECW$TAILOR.EXE;1 DECW$TAILOR_ON.TEMPLATE;1 DXCOPY.COM;1 INSTALLED_PRDS.COM;1 LIBDECOMP.COM;1 NETCONFIG_UPDATE.COM;1 PCSI$CREATE_ACCOUNT.COM;1 PCSI$CREATE_NETWORK_OBJECT.COM;1 PCSI$CREATE_RIGHTS_IDENTIFIER.COM;1 PCSI$DELETE_ACCOUNT.COM;1 PCSI$DELETE_NETWORK_OBJECT.COM;1 PCSI$DELETE_RIGHTS_IDENTIFIER.COM;1 PCSI$REGISTER_PRODUCT.COM;1 REGISTER_PRIVILEGED_IMAGE.COM;1 SETDEFBOO.COM;1 SPKITBLD.COM;1 STABACKIT-TABLE.DAT;1 STABACKIT.COM;1 SWAPFILES.COM;1 TAILOR_ON.TEMPLATE;1 UPDATE_CONSOLE.COM;1 VMS$ROLLING_UPGRADE.COM;1 VMS$SYSTEM_IMAGES.COM;1 VMSINSTAL.COM;1 VMSINSTAL_LMFGROUPS.COM;1 VMSKITBLD.COM;1 VMSKITBLD.DAT;1 VMSKITBLD.IDX;1 VMSLICENSE.COM;1 VMSTAILOR.EXE;1 VMSUPDATE.COM;1 VMS_VERSION_OVERRIDE.DAT;1 VVIEF$DEINSTAL.COM;1 VVIEF$INSTAL.COM;1 Total of 43 files. |
The directory VUE$LIBRARY contains the following files:
Directory SYS$SYSDEVICE:[VMS$COMMON.VUE$LIBRARY] SYSTEM.DIR;1 [SYSTEM] (RWE,RWE,RE,RE) USER.DIR;1 [SYSTEM] (RWE,RWE,RE,RE) Total of 2 files. Directory SYS$SYSDEVICE:[VMS$COMMON.VUE$LIBRARY.SYSTEM] MACRO$DWCI.EXE;1 [SYSTEM] (RWED,RWED,RWED,RE) MACRO$DWCI.UID;1 [SYSTEM] (RWED,RWED,RWED,RE) Total of 2 files. Grand total of 35 directories, 2055 files. |
This appendix describes how to operate an OpenVMS operating system in a C2 environment. C2 is a United States government rating of the security of an operating system; it identifies OpenVMS VAX and OpenVMS Alpha as an operating system that meets the criteria of a Division C, class 2 system, as described in Section C.1.1. Terminology used in this appendix is drawn from the United States government's evaluation criteria.
Those versions of OpenVMS that have been evaluated by the National Computer Security Center (NCSC) are listed in the Evaluated Products List, which is available from the following source:
This information is also available on the World Wide Web site at:
http://www.radium.NCSC.mil/tpep/epl/index.html |
The security protection provided by OpenVMS VAX Version 6.1 and OpenVMS
Alpha Version 6.1 has been evaluated by the National Computer Security
Center (NCSC) against the requirements specified by the "Department of
Defense Trusted Computer System Evaluation Criteria" dated December
1985. OpenVMS VAX Version 6.1 and OpenVMS Alpha Version 6.1 have been
given a C2 rating.
C.1 Introduction to C2 Systems
This section describes the requirements for a C2 system and explains
the documentation that the OpenVMS product provides to support such a
system.
C.1.1 Definition of the C2 Environment
A C2 environment is one that meets the United States Defense Department's criteria for trusted computer systems and that contains only those hardware and software components of the trusted computing base (TCB) that were included in the government's evaluation of the OpenVMS operating system.
The criteria for C2 systems are defined in the Department of Defense Trusted Computer System Evaluation Criteria, published by the Department of Defense Computer Security Center (DOD 5200.28-STD). They include the following:
The trusted facility manual is intended for the system administrator. The C2 trusted facility manual includes the following:
Part 1 and Part 2 of this guide constitute the security
features user's guide and should be made available to all users.
C.2 Trusted Computing Base (TCB) for C2 Systems
The federal government's evaluation of a computer system measures the
trusted computing base (TCB) against the criteria
summarized in Section C.1.1. The TCB is a combination of computer
hardware and an operating system that enforces a security policy.
C.2.1 Hardware in the TCB
The architectural design of VAX processors prevent competing programs from interfering with the data of another program. VAX hardware prevents one program from interfering with the memory of another program.
The security features described in this guide apply to any VAX
processor in the evaluated hardware configurations and to all supported
mass storage and communications devices. The Final Evaluation
Report, Compaq Equipment Corporation, OpenVMS VAX and SEVMS Version
6.1 provides a full listing of the evaluated hardware.
C.2.2 Software in the TCB
In OpenVMS operating systems, the TCB encompasses much of the operating system. It includes the entire executive and file system, all other system components that do not execute in user mode (such as device drivers, RMS, and DCL), most system programs installed with privilege, and a variety of other utilities used by system managers to maintain data relevant to the TCB.
As a convenience to customers, the OpenVMS operating system ships with more than the base operating system. The software package includes save sets and supportive images for layered products typically run on OpenVMS operating systems. Yet only the base operating system was evaluated as a C2 system. Layered products, such as DECwindows software and Display PostScript support, were not part of the evaluation. For this reason, the C2 rating does not extend to OpenVMS VAX systems running the software listed in Table C-1. The exclusion of these software components in no way implies they are insecure; it means only they were not part of the evaluated system. After the introduction of any such software, the base system must be accredited for its particular usage.
Software | Function | Description |
---|---|---|
DECwindows software |
Windowing
interface |
DECwindows is a layered product. Although DECwindows has been designed to meet the C2 requirements, it has not been evaluated. |
DECdns distributed name service | Client support | DECdns software requires server software, which is a layered product. A cluster can make DECnet connections independently of DECdns. |
DECamds software | Monitoring and diagnostics | DECamds software is outside the domain of the evaluated configuration. |
LASTport and LASTport/DISK protocols | Protocol support | Compaq's Infoserver products, which are outside the security domain of a clustered system, depend on these protocols. |
LAT protocol | Protocol support | The LAT protocol is used for connections to DECserver terminal servers, which are outside the domain of the evaluated configuration. |
DECnet/OSI Full Names | Protocol support | Support of the use of DECnet/OSI (Phase V) node names within the OpenVMS operating system. Use of this feature is not in the C2 evaluated configuration. |
HSM (Hierarchial Shelving Manager) | Storage Support | File Shelving is a layered product. Use of the File Shelving facility (HSM) is not supported in the C2 evaluated configuration. |
MME (Media Management Extension) | Client Support | Media Management Extension (MME) allows the use of storage media programs. Use of media management is outside of the domain of the C2 evaluated configuration. |
OpenVMS Management Station | The OpenVMS Management Station provides PC-based system management tools for OpenVMS. The OpenVMS Management Station has not been validated in a C2 evaluated configuration. | |
Access control strings | File access on a remote node | Use proxy accounts instead of access control strings in an evaluated configuration. |
Site-specific additions to the evaulated TCB hardware and software discussed in Section C.2.1 and Section C.2.2 include any of the following:
Typical site additions may include DECwindows software, LOGINOUT callouts, and other privileged Compaq or third-party products.
Before you add layered products, become familiar with the behavior of these products and understand their impact on your existing system. Also study the the SYSMAN database, from which layered products can be started, in the context of a C2 environment.
All site-specific additions to the trusted computing base (TCB) must be
controlled. The C2 rating applies only to the software and hardware
components described in the Final Evaluation Report, Compaq
Equipment Corporation, OpenVMS VAX and SEVMS Version 6.1. If
additional software or hardware is added to the TCB, the new TCB must
go through a system certification to demonstrate its compliance with
the C2 criteria.
C.3 Protecting Objects
The OpenVMS operating system controls access to objects that contain information. Protected objects include ODS-2 disk files, common event flag clusters, devices, all group and system global sections, logical name tables, queues, resource domains, and ODS-2 disk volumes. The capability object and the security class object enjoy full discretionary access protection but they are not objects according to the C2 evaluation criteria.
Chapter 4 and Chapter 5 describe object protection and explain how the operating system provides template profiles so all new objects have UICs, protection codes and, possibly, ACLs. Section 4.4.7, Section 4.5.6, and Section 8.8, in particular, explain how to set default protection for newly created objects.
The default protections assigned to global section and mailbox objects are less restrictive than those assigned to other objects. This is due to the fact that certain software products assume that mailbox and global section objects are created, by default, with the less restrictive protections. You can modify the template profiles for these objects so they have more stringent protection, but do keep in mind that some software products may be adversely affected.
To change the default protection, you need to modify both the template profile for the object and any existing object. For example, the following command modifies the MAILBOX template for the device class:
$ SET SECURITY/CLASS=SECURITY_CLASS/PROFILE=TEMPLATE=MAILBOX - _$ /PROTECTION=(S:RWPL,O:RWPL,G,W) DEVICE |
The operating system applies this value to all new mailboxes. The protection on each existing mailbox still has to be made more restrictive using the SET SECURITY command. For example:
$ SET SECURITY/CLASS=DEVICE - _$ /PROTECTION=(S:RWPL,O:RWPL,G,W) mailbox_name |
The default object protections specified in security templates survive
system shutdown and reboot, so rebooting the system automatically
ensures that all objects created after the reboot are created with the
new default protections unless an object's creator specifies an
alternate protection.
C.4 Protecting the TCB
The code and data that make up the OpenVMS TCB reside in files and, in part, in the address space of the running operating system. They are protected by the use of file access controls and memory page protection. Memory page protection is set up by the operating system as it executes and is normally not of concern to the system manager.
Previous | Next | Contents | Index |
Copyright © Compaq Computer Corporation 1998. All rights reserved. Legal |
6346PRO_037.HTML
|