With Safeguard software:
If Safeguard software is installed on the system, REMOTE PASSWORDS should
be managed through Safeguard software and only users granted the privilege of
managing USER Protection Records will be able to configure or modify
REMOTEPASSWORDS.
BP-FILE-RPASSWRD-01 RPASSWRD should be secured “----”.
Securing RPASSWRD
BP-OPSYS-LICENSE-01 RPASSWRD must be LICENSED.
BP-OPSYS-OWNER-01 RPASSWRD should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 RPASSWRD must reside in $SYSTEM.SYSnn.
If available, use Safeguard software or a third party object security product to grant
access to RPASSWRD only to users who require it in order to perform their jobs.
BP-SAFE-RPASSWRD-01 Add a Safeguard Protection Record granting
appropriate access to the RPASSWRD object file.
Discovery Questions Look here:
OPSYS-OWNER-01 Who owns the RPASSWRD object file? Fileinfo
OPSYS-LICENSE-01 Is RPASSWRD licensed? Fileinfo
FILE-POLICY Who is allowed to change remote passwords
on the system?
Policy
FILE-RPASSWRD-01
SAFE-RPASSWRD-01
Is the RPASSWRD object file correctly
secured with the Guardian or Safeguard
system?
Fileinfo
Safecom
Related Topics
User Administration
Password
Safeguard software
Safeguard Subsystem
This section is concerned with securing the Safeguard subsystem itself. See Part 2,
Configuring the Safeguard Subsystem for information on using Safeguard to secure
the system.
408 Safeguard Subsystem
Security Considerations of Safeguard Software Installation
There are two methods of installing Safeguard . The method determines how Safe-
guard software can be started and stopped once it is installed.
1. Safeguard is manually started after the system is loaded and can be stopped
without stopping the system. This method requires that Safeguard software be
configured only in the CONFTEXT file for the current operating system.
Because the Safeguard subsystem is not included in the OSIMAGE file, the SMP
must be manually started.
RISK Because Safeguard software is not automatically loaded, it is possible for
the system to execute without the security rules being enforced.
2. Safeguard software is started automatically and runs continuously from the
time the system is loaded until the time it is stopped. This method requires that
Safeguard software be configured in the CONFTEXT file and SYSGEN run to
include it in the OSIMAGE file.
RISK If the Safeguard subsystem is included in the OSIMAGE file, it is
started automatically when the system is loaded and it cannot be stopped with-
out stopping the system.
If Safeguard software is included in the OSIMAGE file or Safeguard is started as
part of the CIIN file, the following precautions must be taken:
AP-SAFE-CONFIG-01 To recover from an inadvertent security lockout
without performing a tape load, keep a ‘backup’ OSIMAGE file in a backup
SYSnn subvolume on $SYSTEM. This backup OSIMAGE file must not include
either Safeguard software or a CIIN file.
RISK If Safeguard software is included with system generation and AUDIT
SERVICE is configured to DENY GRANTS, auditing might be suspended dur-
ing the cold load and Safeguard software will deny all access attempts.
AP-SAFE-CONFIG-02 To prevent auditing from being suspended during a
system load, before shutting the system down, ensure that the current audit pool
resides on a disk that is connected to the same CPU as the $SYSTEM disk
before shutting down the system. Once the Cold Load is complete, reconfigure
Safeguard software to use the correct audit pool.
Please refer to the section in the section on Configuring AUDIT SERVICE
RECOVERY Mode.
Safeguard Subsystem 409
Part 6
Safeguard Subsystem Components
The Safeguard Subsystem is made up of:
Safeguard Audit files
Safeguard Configuration Files
Safeguard Object Files
Safeguard Audit Files
Safeguard audit files reside in audit pools (subvolumes). These audit pools are man-
aged using the Safeguard AUDIT POOL commands. The filecode of Safeguard audit
files is 541.
The Safeguard audit file naming convention is Annnnnnn, where n is an incre-
menting number between 0 and 999999.
RISK If users have
WRITE or PURGE access to Safeguard audit files, they could
potentially alter or delete the files to hide malicious activities.
Safeguard Configuration Files
The Safeguard configuration files are:
File Filecode Contents
CONFIG 545 Safeguard global settings
CONFIGA 546 Safeguard global settings, alternate key file
GUARD 542 VOLUME, SUBVOLUME and DISKFILE ACLs
LUSERID 540 Safeguard User File for Aliases
LUSERIDG 540 Safeguard User File for Aliases, alternate key file
USERID 540 User Records, for both Safeguard and non-Safeguard
environments, located on $SYSTEM.SYSTEM.
USERIDAK 540 User Records, for both Safeguard and non-Safeguard
environments, located on $SYSTEM.SYSTEM.
OTHER 542 Protection Records for all objecttypes other than VOLUME,
SUBVOLUME, and DISKFILE
RISK Safeguard software and only Safeguard software maintains its configura-
tion files. If other users can alter these files, they can override company security
settings.
410 Safeguard Subsystem
Get HP NonStop Server Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
