Hp Integrity NonStop J-Series User Manual

Safeguard User’s GuideAbstractThis manual describes the Safeguard product, the use of the command interpreter SAFECOM, and the basic security tasks pe

ContentsSafeguard User’s Guide — 422089-020vi

Working with PatternsSafeguard User’s Guide — 422089-0209 - 4One-Dimensional SearchBoth of these patterns match files 1 and 2. However, only one prote

Working with PatternsSafeguard User’s Guide — 422089-0209 - 5Safeguard Pattern ConfigurationSafeguard Pattern ConfigurationUse the Safeguard configura

Working with PatternsSafeguard User’s Guide — 422089-0209 - 6Safeguard Pattern ConfigurationThe pattern protection records are stored in a new file in

Working with PatternsSafeguard User’s Guide — 422089-0209 - 7Safeguard Pattern ConfigurationTable 9-2 describes CHECK-DISKFILE-PATTERN settings when i

Working with PatternsSafeguard User’s Guide — 422089-0209 - 8Safeguard Pattern Configurationaccess evaluation based on the Safeguard global configurat

Working with PatternsSafeguard User’s Guide — 422089-0209 - 9Safeguard Pattern Configurationthe Safeguard global configuration attribute COMBINATION-D

Working with PatternsSafeguard User’s Guide — 422089-0209 - 10Safeguard Pattern ConfigurationNM Y N Deny Permit DenyNM Y NR Deny Permit DenyNM Y Y Den

Working with PatternsSafeguard User’s Guide — 422089-0209 - 11SAFECOM Diskfile-Pattern Commands Examples•To set diskfile pattern searches to be perfor

Working with PatternsSafeguard User’s Guide — 422089-0209 - 12ADD DISKFILE-PATTERNsecurity commands, see the Safeguard Reference Manual. Patterns may

Working with PatternsSafeguard User’s Guide — 422089-0209 - 13ALTER DISKFILE-PATTERNALTER DISKFILE-PATTERNALTER DISKFILE-PATTERN Examples•To alter a d

Safeguard User’s Guide — 422089-020viiWhat’s New in This ManualManual InformationSafeguard User’s GuideAbstractThis manual describes the Safeguard pro

Working with PatternsSafeguard User’s Guide — 422089-0209 - 14INFO DISKFILE-PATTERN4. $DATA3.A*.B*INFO DISKFILE-PATTERN $DATA1.A*.* would return patte

Working with PatternsSafeguard User’s Guide — 422089-0209 - 15RESET DISKFILE-PATTERNGROUP TEST R,W,E,P,C GROUP \KONA.TEST R \*.*.*•To display the disk

Working with PatternsSafeguard User’s Guide — 422089-0209 - 16SHOW DISKFILE-PATTERNSHOW DISKFILE-PATTERNSHOW DISKFILE-PATTERN ExampleTo show the curre

Working with PatternsSafeguard User’s Guide — 422089-0209 - 17ADD SAVED-DISKFILE-PATTERNADD SAVED-DISKFILE-PATTERNADD SAVED-DISKFILE-PATTERN Examples1

Working with PatternsSafeguard User’s Guide — 422089-0209 - 18DELETE SAVED-DISKFILE-PATTERN This command alters the saved-diskfile-pattern for al

Working with PatternsSafeguard User’s Guide — 422089-0209 - 19RESET SAVED-DISKFILE-PATTERNGROUP \KONA.TEST R \*.*.* R2. To display the saved

Working with PatternsSafeguard User’s Guide — 422089-0209 - 20SHOW SAVED-DISKFILE-PATTERNSHOW SAVED-DISKFILE-PATTERNSHOW SAVED-DISKFILE-PATTERN Exampl

Safeguard User’s Guide — 422089-020A - 1A Guardian File SecurityThe Guardian environment automatically provides a basic level of security for all disk

Guardian File SecuritySafeguard User’s Guide — 422089-020A - 2Displaying Default SecurityFor example, a security string of AUAU specifies that any loc

Guardian File SecuritySafeguard User’s Guide — 422089-020A - 3Displaying File SecurityDisplaying File SecurityYou can examine the security string for

What’s New in This ManualSafeguard User’s Guide — 422089-020viiiChanges to 422089-019 Manual:Changes to 422089-019 Manual:•Added new example on page 3

Guardian File SecuritySafeguard User’s Guide — 422089-020A - 4Changing the Security String Through FUP1. Use the TACL WHO command to check your curren

Guardian File SecuritySafeguard User’s Guide — 422089-020A - 5Changing the Security String Through FUP1. Create the new files:2. Change the security s

Guardian File SecuritySafeguard User’s Guide — 422089-020A - 6Changing the Security String Through FUP

Safeguard User’s Guide — 422089-020B - 1B Protecting Your TerminalAs a general user, you need to take certain precautions to protect your terminal and

Protecting Your TerminalSafeguard User’s Guide — 422089-020B - 2Logging OffAs a final precaution in logging off, always clear your screen. Usually, TA

Safeguard User’s Guide — 422089-020C - 1C SAFECOM Command SyntaxThis appendix summarizes the syntax of the SAFECOM commands presented in this manual.

SAFECOM Command SyntaxSafeguard User’s Guide — 422089-020C - 2SAFECOM Command Syntaxobject-typecan be any of the following:DISKFILE DISKFILE-PATTE

SAFECOM Command SyntaxSafeguard User’s Guide — 422089-020C - 3SAFECOM Command Syntaxcommand is one of the following DISPLAY commands:[ AS ] COMMANDS [

SAFECOM Command SyntaxSafeguard User’s Guide — 422089-020C - 4SAFECOM Command SyntaxDETAIL SUMMARY option is one of the following:GENERAL DET

SAFECOM Command SyntaxSafeguard User’s Guide — 422089-020C - 5SAFECOM Command Syntaxoption is one of the following:GENERAL DETAIL AUDIT CI OSS REMOTEP

What’s New in This ManualSafeguard User’s Guide — 422089-020ixChanges to the H06.19/J06.08 Manual°DISK-FILE-ATTRIBUTES Table 3-2 on page 3-2.°AUDIT-PR

SAFECOM Command SyntaxSafeguard User’s Guide — 422089-020C - 6SAFECOM Command SyntaxAUDIT-ACCESS-FAIL [audit-spec] AUDIT-MANAGE-PASS [audit-spec] AUDI

SAFECOM Command SyntaxSafeguard User’s Guide — 422089-020C - 7SAFECOM Command SyntaxSYNTAX [ ONLY ] ON | OFFSYSTEM [ \system-name ]THAW object-type

SAFECOM Command SyntaxSafeguard User’s Guide — 422089-020C - 8SAFECOM Command Syntax

Safeguard User’s Guide — 422089-020Glossary - 1Glossaryaccess control list. A list associated with an object that itemizes the subjects authorized to

GlossarySafeguard User’s Guide — 422089-020Glossary - 2primary ownerprimary owner. The owner of a Safeguard protection record whose user ID appears a

Safeguard User’s Guide — 422089-020Index - 1IndexAAbbreviating reserved words 3-2, 7-17ACCESS attribute 1-2ACCESS authoritiesfor disk files 3-7for

IndexSafeguard User’s Guide — 422089-020Index - 2EDETAIL option of INFO DISKFILE command 3-16Direction Diskfile Filename first note 9-8Direction Dis

IndexSafeguard User’s Guide — 422089-020Index - 3MLogging on 2-2Logon dialog 2-2Logon prompt 2-1MManaging a SAFECOM session 7-2OOBEY command 7-2O

IndexSafeguard User’s Guide — 422089-020Index - 4TSafeguard, compared to standard security 1-4Securing disk files 3-1Securing disk subvolumes 4-2Se

IndexSafeguard User’s Guide — 422089-020Index - 5Special Characters= (equal sign)SAFECOM command prompt 7-1? (question mark) commanddisplays a previo

What’s New in This ManualSafeguard User’s Guide — 422089-020xChanges to the H06.19/J06.08 Manual

IndexSafeguard User’s Guide — 422089-020Index - 6Special Characters

Safeguard User’s Guide — 422089-020xiAbout This ManualThis user's guide is intended for all Safeguard users. It is intended especially for the ge

About This ManualSafeguard User’s Guide — 422089-020xiiNotation ConventionsNotation ConventionsHypertext LinksBlue underline is used to indicate a hyp

About This ManualSafeguard User’s Guide — 422089-020xiiiGeneral Syntax Notationeach side of the list, or horizontally, enclosed in a pair of brackets

About This ManualSafeguard User’s Guide — 422089-020xivNotation for MessagesLine Spacing. If the syntax of a command is too long to fit on a single l

About This ManualSafeguard User’s Guide — 422089-020xvNotation for MessagesNonitalic text. Nonitalic letters, numbers, and punctuation indicate text

Document History Part Number Product Version Published422089-013 Safeguard G07, H04 August 2009422089-014 Safeguard G07, H04 November 2009422089-015 S

About This ManualSafeguard User’s Guide — 422089-020xviNotation for Management Programming InterfacesNotation for Management Programming InterfacesThe

Safeguard User’s Guide — 422089-0201 - 11Introduction to the Safeguard SubsystemThe Safeguard subsystem extends the security features of the Guardian

Introduction to the Safeguard SubsystemSafeguard User’s Guide — 422089-0201 - 2User Authenticationadditional control over the authentication process,

Introduction to the Safeguard SubsystemSafeguard User’s Guide — 422089-0201 - 3Object AuthorizationFigure 1-1 shows the Safeguard object databases and

Introduction to the Safeguard SubsystemSafeguard User’s Guide — 422089-0201 - 4AuditingAuditingAt your request, the Safeguard subsystem can create aud

Introduction to the Safeguard SubsystemSafeguard User’s Guide — 422089-0201 - 5The Safeguard Subsystem and Standard Securityand modify an access contr

Introduction to the Safeguard SubsystemSafeguard User’s Guide — 422089-0201 - 6The Safeguard Subsystem and Standard SecuritySimilarly, to achieve the

Introduction to the Safeguard SubsystemSafeguard User’s Guide — 422089-0201 - 7Components of the Safeguard SubsystemThe relationship between the Safeg

Introduction to the Safeguard SubsystemSafeguard User’s Guide — 422089-0201 - 8Who Can Use the Safeguard Subsystem?The security administrator can deci

Safeguard User’s Guide — 422089-0202 - 12 Safeguard Logon DialogThis section explains how to log on and how to change your password on systems where t

Legal Notices© Copyright 2014 Hewlett-Packard Development Company L.P. Confidential computer software. Valid license from HP required for possession,

Safeguard Logon DialogSafeguard User’s Guide — 422089-0202 - 2Using the LOGON CommandYou can also terminate the LOGON command at any time by pressing

Safeguard Logon DialogSafeguard User’s Guide — 422089-0202 - 3Changing Your Password With Blind Passwordsappears only if the password has an expiratio

Safeguard Logon DialogSafeguard User’s Guide — 422089-0202 - 4Logging On With an Expired PasswordLast Logon: 18 DEC 1994, 11:23 Last Unsuccessful Att

Safeguard Logon DialogSafeguard User’s Guide — 422089-0202 - 5Changing Your Password With Displayable Passwordsprocedure. With displayable passwords,

Safeguard Logon DialogSafeguard User’s Guide — 422089-0202 - 6Logging On to a Remote SystemLogging On to a Remote SystemTo access a remote system usin

Safeguard User’s Guide — 422089-0203 - 13 Securing Disk FilesThis section acquaints you with the process of securing disk files with the Safeguard sub

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 2Table 3-2 shows the disk-file security attributes you can control. This section describes t

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 3Getting StartedGetting StartedYou must use SAFECOM, the Safeguard command interpreter, to e

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 4Adding a Disk File to the Safeguard SubsystemSafeguard control by creating an authorization

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 5Controlling Default AttributesOnce again, display the authorization record:=INFO DISKFILE r

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 6Controlling Default AttributesThe display shows the default attributes for a disk file that

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 7Working With Access Control ListsWorking With Access Control ListsYou can define access con

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 8Specifying Access With the ADD DISKFILE CommandParentheses enclose multiple access authorit

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 9Specifying Access With the ALTER DISKFILE CommandTo see the settings for quarter1:=INFO DIS

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 10Specifying Access With the ALTER DISKFILE CommandThe display shows:An entry for user ID 9,

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 11Deleting an Access Control List EntryThe display shows:.A grant of authorities for a speci

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 12Granting or Denying Access to an ACLThe entry for user ID 9, 23 has been removed from the

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 13Using One Authorization Record to Define AnotherExample 1: 040,002 R 040,004

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 14Freezing and Thawing an Access Control ListFor example, suppose you want to use the same a

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 15Specifying Auditing ConditionsFor example, the owner of the disk file (user ID 2,1) can re

Hewlett-Packard Company — 422089-020iSafeguard User’s GuideGlossary Index Figures TablesLegal NoticesWhat’s New in This Manual viiManual Informat

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 16Specifying OwnershipTo display the audit settings for quarter1:=INFO DISKFILE quarter1, DE

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 17Other Disk-File Security FeaturesIn the previous examples in this section, you are the onl

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 18The PERSISTENT AttributeTo set the CLEARONPURGE attribute for the file quarter1, used in t

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 19The LICENSE AttributeTo verify the setting:=INFO DISKFILE quarter1, DETAILThe PERSISTENT a

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 20The PROGID AttributeYou can also use the WHERE LICENSE option with the ALTER, DELETE, FREE

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 21The TRUST AttributeThe TRUST AttributeThe TRUST attribute enables the operating system to

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 22The PRIV-LOGON { ON | OFF} AttributeTo verify the setting:=INFO DISK progfile, DETThe PRIV

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 23Removing a File From Safeguard ControlWhen a file is removed from the Safeguard database,

Securing Disk FilesSafeguard User’s Guide — 422089-0203 - 24Removing a File From Safeguard Control

Safeguard User’s Guide — 422089-0204 - 14 Securing SubvolumesThe Safeguard subsystem allows you to secure disk subvolumes in generally the same manner

ContentsSafeguard User’s Guide — 422089-020ii3. Securing Disk Files (continued)3. Securing Disk Files (continued)Working With Access Control Lists

Securing SubvolumesSafeguard User’s Guide — 422089-0204 - 2Access Authorities for SubvolumesAccess Authorities for SubvolumesBy default, anyone can pr

Safeguard User’s Guide — 422089-0205 - 15Securing Processes and SubprocessesYou secure processes and subprocesses in generally the same manner as disk

Securing Processes and SubprocessesSafeguard User’s Guide — 422089-0205 - 2Protecting ProcessesProtecting ProcessesProcess descriptors contain a seque

Safeguard User’s Guide — 422089-0206 - 16Obtaining User and Alias InformationAs a general user, you can obtain security information about your disk fi

Obtaining User and Alias InformationSafeguard User’s Guide — 422089-0206 - 2Viewing Your User Authentication Record•CREATION-TIME of the user.•Creator

Obtaining User and Alias InformationSafeguard User’s Guide — 422089-0206 - 3Viewing Your User Authentication Record1> SAFECOM INFO USER 8,54, DETAI

Obtaining User and Alias InformationSafeguard User’s Guide — 422089-0206 - 4What the INFO USER Display Tells YouWhat the INFO USER Display Tells YouAs

Obtaining User and Alias InformationSafeguard User’s Guide — 422089-0206 - 5About Alias Authentication Recordsunexpectedly, notify your security admin

Obtaining User and Alias InformationSafeguard User’s Guide — 422089-0206 - 6Viewing an Alias Authentication RecordViewing an Alias Authentication Reco

Obtaining User and Alias InformationSafeguard User’s Guide — 422089-0206 - 7What the INFO ALIAS Display Tells YouWhat the INFO ALIAS Display Tells You

ContentsSafeguard User’s Guide — 422089-020iii7. Working With SAFECOM (continued)7. Working With SAFECOM (continued)Entering More Than One Command

Obtaining User and Alias InformationSafeguard User’s Guide — 422089-0206 - 8What the INFO ALIAS Display Tells You

Safeguard User’s Guide — 422089-0207 - 17 Working With SAFECOMSAFECOM is the Safeguard command interpreter. You can use SAFECOM to enter commands in a

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 2SAFECOM Session-Control Commandsallows you to use the HISTORY, ?, !, and FC session-contro

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 3Checking Your ProgressChecking Your ProgressIn an interactive command session, SAFECOM exe

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 4Continuing Commands From One Line to the NextThe comments "Interactive, OUT = IN"

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 5Redirecting Output for a Single CommandRedirecting Output for a Single CommandUsually, wit

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 6Getting Online HelpTo display a list of the commands at the SAFECOM prompt:=HELPAs the pre

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 7Displaying and Editing Previous CommandsDisplaying and Editing Previous CommandsSAFECOM pr

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 8Displaying and Editing Previous CommandsDisplaying a Specific CommandThe ? command allows

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 9Displaying and Editing Previous CommandsCorrecting Mistakes Using the FC CommandThe FC com

ContentsSafeguard User’s Guide — 422089-020iv9. Working with Patterns (continued)9. Working with Patterns (continued)Multi-Dimensional Search 9-4

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 10Leaving SAFECOM Without Losing Defaults (Using the Break Key)PROGFILE is changed to FILE0

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 11Using SAFECOM in Execute-and-Quit ModeUsing SAFECOM in Execute-and-Quit ModeIf you need t

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 12Placing Comments in a Command Fileexecute the commands in the EDIT file, run SAFECOM and,

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 13Executing a Command File During an Interactive SessionYou can embed comments within a com

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 14Error Handling in Command Fileswhich a batch operation uses the command file $system.mgr.

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 15Using Wild-Card Characters in SAFECOM CommandsUsing Wild-Card Characters in SAFECOM Comma

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 16RestrictionsThe following command displays attributes of all disk files in the current su

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 17Abbreviating SAFECOM Commands•Wild cards in ADD commands for disk files, volumes, and sub

Working With SAFECOMSafeguard User’s Guide — 422089-0207 - 18Checking Command Syntax OnlySAFECOM RUN command are the same as those of the TACL RUN com

Safeguard User’s Guide — 422089-0208 - 18 Changing Display OptionsSAFECOM provides a DISPLAY command that allows you to customize your SAFECOM prompt

ContentsSafeguard User’s Guide — 422089-020vTables (continued)Tables (continued)Table 3-1. Disk-File Commands 3-1Table 3-2. Disk-File Attributes

Changing Display OptionsSafeguard User’s Guide — 422089-0208 - 2Editing Your SAFECOM Prompt To understand the use of DISPLAY PROMPT, consider the fol

Changing Display OptionsSafeguard User’s Guide — 422089-0208 - 3Controlling INFO Report WarningsControlling INFO Report WarningsSAFECOM normally displ

Changing Display OptionsSafeguard User’s Guide — 422089-0208 - 4Controlling INFO Report HeadingsThe INFO command WARNINGS option has three forms:For e

Changing Display OptionsSafeguard User’s Guide — 422089-0208 - 5Controlling the INFO DETAIL Option for a SessionThe display shows:To eliminate the mul

Changing Display OptionsSafeguard User’s Guide — 422089-0208 - 6Displaying User IDs or User NamesDISPLAY DETAIL has three forms:If you use the DISPLAY

Changing Display OptionsSafeguard User’s Guide — 422089-0208 - 7Displaying INFO Output as CommandsBy default, the INFO report identifies users by thei

Changing Display OptionsSafeguard User’s Guide — 422089-0208 - 8Specifying a DISPLAY Command ListThe display shows:By default, the INFO command output

Safeguard User’s Guide — 422089-0209 - 19 Working with PatternsBackgroundThe NonStop operating system groups files into subvolumes and volumes. Safegu

Working with PatternsSafeguard User’s Guide — 422089-0209 - 2How do Patterns Differ From What was Used Before?How do Patterns Differ From What was Use

Working with PatternsSafeguard User’s Guide — 422089-0209 - 3Pattern GeneralityNot a legal pattern protection record because it has wildcards in the v