Security Considerations of Safeguard Software Installation
There are two methods of installing Safeguard . The method determines how Safe-
guard software can be started and stopped once it is installed.
1. Safeguard is manually started after the system is loaded and can be stopped
without stopping the system. This method requires that Safeguard software be
configured only in the CONFTEXT file for the current operating system.
Because the Safeguard subsystem is not included in the OSIMAGE file, the SMP
must be manually started.
RISK Because Safeguard software is not automatically loaded, it is possible for
the system to execute without the security rules being enforced.
2. Safeguard software is started automatically and runs continuously from the
time the system is loaded until the time it is stopped. This method requires that
Safeguard software be configured in the CONFTEXT file and SYSGEN run to
include it in the OSIMAGE file.
RISK If the Safeguard subsystem is included in the OSIMAGE file, it is
started automatically when the system is loaded and it cannot be stopped with-
out stopping the system.
If Safeguard software is included in the OSIMAGE file or Safeguard is started as
part of the CIIN file, the following precautions must be taken:
AP-SAFE-CONFIG-01 To recover from an inadvertent security lockout
without performing a tape load, keep a ‘backup’ OSIMAGE file in a backup
SYSnn subvolume on $SYSTEM. This backup OSIMAGE file must not include
either Safeguard software or a CIIN file.
RISK If Safeguard software is included with system generation and AUDIT
SERVICE is configured to DENY GRANTS, auditing might be suspended dur-
ing the cold load and Safeguard software will deny all access attempts.
AP-SAFE-CONFIG-02 To prevent auditing from being suspended during a
system load, before shutting the system down, ensure that the current audit pool
resides on a disk that is connected to the same CPU as the $SYSTEM disk
before shutting down the system. Once the Cold Load is complete, reconfigure
Safeguard software to use the correct audit pool.
Please refer to the section in the section on Configuring AUDIT SERVICE
Safeguard Subsystem 409