Discovery Questions Look here:
OPSYS-OWNER-03 Who owns the $SYSTEM.ZSPIEXAM files? Fileinfo
OPSYS-OWNER-03 Who owns the $SYSTEM.ZSPISEGF files? Fileinfo
FILE-SPI-01 Are all files in the $SYSTEM.ZSPIDEF
subvolume secured correctly?
Fileinfo
SAFE-SPI-01 Are all files in the $SYSTEM.ZSPIDEF
subvolume secured with an equivalent Safeguard
SUBVOLUME Protection Record?
Safecom
FILE-SPI-02 Are all files in the $SYSTEM.ZSPIEXAM
subvolume secured correctly?
Fileinfo
SAFE-SPI-02 Are all files in the $SYSTEM.ZSPIEXAM
subvolume secured with an equivalent Safeguard
SUBVOLUME Protection Record?
Safecom
FILE-SPI-03 Are all files in the $SYSTEM.ZSPISEGF
subvolume secured correctly?
Fileinfo
SAFE-SPI-03 Are all files in the $SYSTEM.ZSPISEGF
subvolume secured with an equivalent Safeguard
SUBVOLUME Protection Record?
Safecom
Related Topics
Securing Applications
Spooler Subsystem
The HP NonStop server SpoolerPlus Subsystem is a set of utilities that presents an
interface between users and applications and the print devices of a system. The Spooler
receives output from applications and stores it on disk. This output can be a report in
EDIT format, a compiled listing, or any other data. The data stays on disk and can
reviewed before printing. If directed to a print location, when the designated print
device becomes available, the output is printed.
RISK Printed output is an important way that data is reported. It may also
provide unwanted access to sensitive data and can be easily distributed to non-
authorized personnel.
AP-ADVICE-SPOOLER-01 The Corporate Security Policy should detail pro-
cedures for the physical security of printers and printer output.
432 Spooler Subsystem
Spooler Subsystem Components
The Spooler is made up of the following components (See Figure 6-9):
Collectors
FONT Utility
PERUSE
Print Processes
RP Setup Utility
SPOOLCOM
Supervisors
Spooler Data Files
Spooler Subsystem 433
Part 6
Spooler Subsystem
Spooler
Control
Files
Collector
Data
Supervisor
Spoolcom
Font and
RPSetup
PERUSE
Application
Input/Output
Process
Collector
Print
Process
Figure 6-9
SPOOLER
Subsystem
Components
Collectors
Collector processes accept output from applications and store it on disk. There can be
up to 15 collectors associated with a given Spooler. Collectors are run in non-stop
pairs. The spooler collector object file is $SYSTEM.SYSTEM.CSPOOL. The typical
default collector process name is $S.
Applications direct output to a collector by treating the collector as an OUT file.
TGAL / IN <file>, OUT $S /
An application can open a file to any collector and begin writing its output using
the Guardian file system WRITE[X] procedure. Applications can also use the spooler
interface procedures to spool their output.
FONT
The FONT utility is used to create FONT jobs. Font job descriptions are created in an
EDIT file, called a script file, and then the Font utility is used to configure the selected
spooler locations with the indicated font jobs.
Script Files contain commands that can be sent to a printer to control such features
as character sets, vertical forms-control specifications, or compressed printing. Such
files frequently contain both printable and nonprintable text, but the Font utility
makes it possible to enter all font descriptions in plain text; no nonprintable characters
are used.
PERUSE
PERUSE is an interactive program that enables users to examine jobs and their attrib-
utes while in the spooler subsystem. With PERUSE it is possible to:
View job contents
Display a job while it is being spooled
Monitor changes in job status
Alter job attributes
Redirect jobs to a print location
Copy a job from the spooler queue to an EDIT file or a spooler job file
Copy a spooler job file to the spooler queue
Link/unlink jobs to batches
The internal PERUSE security is as follows:
Users can view and manipulate only their own jobs.
434 Spooler Subsystem
The job creator can always access the job.
A Group Manager can view or manipulate all jobs belonging to that manager’s
group members.
SUPER Group members can view and manipulate all jobs, regardless of
ownership.
RISK Any user with PERUSE access to a job has access to the job output’s
contents.
PERUSE Commands with Security Implications
This section describes only the PERUSE commands which pose security risks.
BATCH
DEV
FORM
JOB
LINK
LIST*
LOC
OPEN
PURGE
REPORT
UNLINK
RISK The LIST command displays or prints the job output. If the output
contains sensitive data, that data is at risk of exposure.
If a third party access control product is used to grant selected users access to
PERUSE running as a SUPER Group member or another privileged userid (such as
the userid that owns application jobs), access to the sensitive commands should only be
granted to the appropriate users and denied to all others.
Print Processes
Print processes retrieve the output stored on disk by a collector and print it to a device.
There are multiple print processes. Each print device in the Spooler Subsystem has a
print process associated with it.
Spooler Subsystem 435
Part 6

Get HP NonStop Server Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.