OpenVMS Guide to System Security

Document revision date: 19 July 1999

OpenVMS Guide to System Security

Contents

Index

Chapter 8

8 Controlling Access to System Data and Resources

     8.1     Designing User Groups

         8.1.1         Example of UIC Group Design

         8.1.2         Limitations to UIC Group Design

     8.2     Naming Individual Users in ACLs

     8.3     Defining Sharing of Rights

     8.4     Conditionalizing Identifiers for Different Users

     8.5     Designing ACLs

     8.6     Populating the Rights Database

         8.6.1         Displaying the Database

         8.6.2         Adding Identifiers

         8.6.3         Restoring the Rights Database

         8.6.4         Assigning Identifiers to Users

         8.6.5         Removing Holder Records

         8.6.6         Removing Identifiers

         8.6.7         Customizing Identifiers

             8.6.7.1             Dynamic Attribute

             8.6.7.2             Holder Hidden Attribute

             8.6.7.3             Name Hidden Attribute

             8.6.7.4             No Access Attribute

             8.6.7.5             Resource Attribute

             8.6.7.6             Subsystem Attribute

         8.6.8         Modifying a System or Process Rights List

     8.7     Giving Users Privileges

         8.7.1         Categories of Privilege

         8.7.2         Suggested Privilege Allocations

         8.7.3         Limiting User Privileges

         8.7.4         Installing Images with Privilege

         8.7.5         Restricting Command Output

     8.8     Setting Default Protection and Ownership

         8.8.1         Controlling File Access

             8.8.1.1             Adjusting Protection Defaults

             8.8.1.2             Setting Defaults for a Directory Owned by a Resource Identifier

                 8.8.1.2.1                 Setting Up the Resource Identifier

                 8.8.1.2.2                 Setting Up the Directory of a Resource Identifier

                 8.8.1.2.3                 Setting Up the ACL

         8.8.2         Setting Defaults for Objects Other Than Files

             8.8.2.1             Displaying Class Defaults

             8.8.2.2             Modifying Class Templates

     8.9     Added Protection for System Data and Resources

         8.9.1         Precautions to Take when Installing New Software

             8.9.1.1             Potentially Harmful Programs

             8.9.1.2             Installing Programs with Privilege

         8.9.2         Protecting System Files

         8.9.3         Restricting DCL Command Usage

         8.9.4         Encrypting Files

         8.9.5         Protecting Disks

             8.9.5.1             Erasing Techniques

             8.9.5.2             Prevention Through High-water Marking

             8.9.5.3             Summary of Prevention Techniques

         8.9.6         Protecting Backup Media

             8.9.6.1             Backing Up Disks

             8.9.6.2             Protecting a Backup Save Set

             8.9.6.3             Retrieving Files from Backup Save Sets

         8.9.7         Protecting Terminals

             8.9.7.1             Restricting Terminal Use

             8.9.7.2             Restricting Applications Terminals and Miscellaneous Devices

             8.9.7.3             Configuring Terminal Lines for Modems

Chapter 9

9 Security Auditing

     9.1     Overview of the Auditing Process

     9.2     Reporting Security-Relevant Events

         9.2.1         Ways to Generate Audit Information

             9.2.1.1             Auditing Categories of Activity

             9.2.1.2             Attaching a Security-Auditing ACE

             9.2.1.3             Modifying a User Authorization Record

         9.2.2         Kinds of System Activity the Operating System Can Report

             9.2.2.1             Suppression of Certain Privilege Audits

             9.2.2.2             Suppression of Certain Process Control Audits

         9.2.3         Sources of Event Information

     9.3     Developing an Auditing Plan

         9.3.1         Assessing Your Auditing Requirements

         9.3.2         Selecting a Destination for the Event Message

         9.3.3         Considering the Performance Impact

     9.4     Methods of Capturing Event Messages

         9.4.1         Using an Audit Log File

             9.4.1.1             Maintaining the File

             9.4.1.2             Moving the File from the System Disk

         9.4.2         Enabling a Terminal to Receive Alarms

         9.4.3         Secondary Destinations for Event Messages

             9.4.3.1             Using a Remote Log File

             9.4.3.2             Using a Listener Mailbox

     9.5     Analyzing a Log File

         9.5.1         Recommended Procedure

         9.5.2         Invoking the Audit Analysis Utility

         9.5.3         Providing Report Specifications

         9.5.4         Using the Audit Analysis Utility Interactively

         9.5.5         Examining the Report

     9.6     Managing the Auditing Subsystem

         9.6.1         Tasks Performed by the Audit Server

         9.6.2         Disabling and Reenabling Startup of the Audit Server

         9.6.3         Changing the Point in Startup When the Operating System Initiates Auditing

         9.6.4         Choosing the Number of Outstanding Messages That Trigger Process Suspension

             9.6.4.1             Controlling Message Flow

             9.6.4.2             Preventing Process Suspension

         9.6.5         Reacting to Insufficient Memory

         9.6.6         Maintaining the Accuracy of Message Time-Stamping

         9.6.7         Adjusting the Transfer of Messages to Disk

         9.6.8         Allocating Disk Space for the Audit Log File

         9.6.9         Error Handling in the Auditing Facility

             9.6.9.1             Disabling Disk Monitoring

             9.6.9.2             Losing the Link to a Remote Log File

Chapter 8
8	Controlling Access to System Data and Resources
8.1	Designing User Groups
8.1.1	Example of UIC Group Design
8.1.2	Limitations to UIC Group Design
8.2	Naming Individual Users in ACLs
8.3	Defining Sharing of Rights
8.4	Conditionalizing Identifiers for Different Users
8.5	Designing ACLs
8.6	Populating the Rights Database
8.6.1	Displaying the Database
8.6.2	Adding Identifiers
8.6.3	Restoring the Rights Database
8.6.4	Assigning Identifiers to Users
8.6.5	Removing Holder Records
8.6.6	Removing Identifiers
8.6.7	Customizing Identifiers
8.6.7.1	Dynamic Attribute
8.6.7.2	Holder Hidden Attribute
8.6.7.3	Name Hidden Attribute
8.6.7.4	No Access Attribute
8.6.7.5	Resource Attribute
8.6.7.6	Subsystem Attribute
8.6.8	Modifying a System or Process Rights List
8.7	Giving Users Privileges
8.7.1	Categories of Privilege
8.7.2	Suggested Privilege Allocations
8.7.3	Limiting User Privileges
8.7.4	Installing Images with Privilege
8.7.5	Restricting Command Output
8.8	Setting Default Protection and Ownership
8.8.1	Controlling File Access
8.8.1.1	Adjusting Protection Defaults
8.8.1.2	Setting Defaults for a Directory Owned by a Resource Identifier
8.8.1.2.1	Setting Up the Resource Identifier
8.8.1.2.2	Setting Up the Directory of a Resource Identifier
8.8.1.2.3	Setting Up the ACL
8.8.2	Setting Defaults for Objects Other Than Files
8.8.2.1	Displaying Class Defaults
8.8.2.2	Modifying Class Templates
8.9	Added Protection for System Data and Resources
8.9.1	Precautions to Take when Installing New Software
8.9.1.1	Potentially Harmful Programs
8.9.1.2	Installing Programs with Privilege
8.9.2	Protecting System Files
8.9.3	Restricting DCL Command Usage
8.9.4	Encrypting Files
8.9.5	Protecting Disks
8.9.5.1	Erasing Techniques
8.9.5.2	Prevention Through High-water Marking
8.9.5.3	Summary of Prevention Techniques
8.9.6	Protecting Backup Media
8.9.6.1	Backing Up Disks
8.9.6.2	Protecting a Backup Save Set
8.9.6.3	Retrieving Files from Backup Save Sets
8.9.7	Protecting Terminals
8.9.7.1	Restricting Terminal Use
8.9.7.2	Restricting Applications Terminals and Miscellaneous Devices
8.9.7.3	Configuring Terminal Lines for Modems
Chapter 9
9	Security Auditing
9.1	Overview of the Auditing Process
9.2	Reporting Security-Relevant Events
9.2.1	Ways to Generate Audit Information
9.2.1.1	Auditing Categories of Activity
9.2.1.2	Attaching a Security-Auditing ACE
9.2.1.3	Modifying a User Authorization Record
9.2.2	Kinds of System Activity the Operating System Can Report
9.2.2.1	Suppression of Certain Privilege Audits
9.2.2.2	Suppression of Certain Process Control Audits
9.2.3	Sources of Event Information
9.3	Developing an Auditing Plan
9.3.1	Assessing Your Auditing Requirements
9.3.2	Selecting a Destination for the Event Message
9.3.3	Considering the Performance Impact
9.4	Methods of Capturing Event Messages
9.4.1	Using an Audit Log File
9.4.1.1	Maintaining the File
9.4.1.2	Moving the File from the System Disk
9.4.2	Enabling a Terminal to Receive Alarms
9.4.3	Secondary Destinations for Event Messages
9.4.3.1	Using a Remote Log File
9.4.3.2	Using a Listener Mailbox
9.5	Analyzing a Log File
9.5.1	Recommended Procedure
9.5.2	Invoking the Audit Analysis Utility
9.5.3	Providing Report Specifications
9.5.4	Using the Audit Analysis Utility Interactively
9.5.5	Examining the Report
9.6	Managing the Auditing Subsystem
9.6.1	Tasks Performed by the Audit Server
9.6.2	Disabling and Reenabling Startup of the Audit Server
9.6.3	Changing the Point in Startup When the Operating System Initiates Auditing
9.6.4	Choosing the Number of Outstanding Messages That Trigger Process Suspension
9.6.4.1	Controlling Message Flow
9.6.4.2	Preventing Process Suspension
9.6.5	Reacting to Insufficient Memory
9.6.6	Maintaining the Accuracy of Message Time-Stamping
9.6.7	Adjusting the Transfer of Messages to Disk
9.6.8	Allocating Disk Space for the Audit Log File
9.6.9	Error Handling in the Auditing Facility
9.6.9.1	Disabling Disk Monitoring
9.6.9.2	Losing the Link to a Remote Log File

Contents

Index

privacy and legal statement

6346PRO_CONTENTS_002.HTML