With both an assessment and a policy in place, you are now ready to run. From your own user process you will issue the command, but the actual testing on the master node and transmission of a request to tributary nodes takes place behind the scenes. This frees up your process for doing other work (or for logging out if you are leaving the area).

Use the [up arrow] and [down arrow] keys to highlight Run Assessment on the LJK/Security menu and then use the [Return] or [Enter] key to bring up the Run Assessment menu.

The available assessments will be displayed in a menu.

Use the [up arrow] and [down arrow] keys to highlight the assessment you want on the Run Assessment menu and then use the [Return] or [Enter] key to select that assessment.

4.2.6 Reviewing Assessment Results

Use the [up arrow] and [down arrow] keys to highlight Report Assessment on the LJK/Security menu and then use the [Return] or [Enter] key to bring up the Report Assessment menu.

In the Report Assessment menu you should select:

• full report or status only

Use the [up arrow] and [down arrow] keys to highlight the assessment you want on the Run Assessment menu and then use the [Return] or [Enter] key to select that assessment.

In the next menu you should select:

• whether or not to include LJK/Security test names
• output to screen or disk file

The assessment results will be displayed on the screen. Use the [up arrow] and [down arrow] keys to brows through the assessment results.

When browsing through assessment results the [PF1] key can be used to "fast forward" or "fast reverse" over all violations for a particular test to get to those for the next test. Pressing the [PF1] key, followed by the [up arrow] or [down arrow] key, will add the "fast" attribute to the arrow key action. This is useful when you decide that multiple single violations will be addressed with a single corrective measure (or a single policy change).

This chapter lists the commands available for traditional DCL-style control of LJK/Security.

Although all LJK/Security functions can be controlled through this command interface, a more visually oriented interface is preferable for day-to-day interaction with the software. For the special cases of control from a batch job or command procedure, however, the command interface described in this chapter is necessary.

5.1 Command Summary

• Miscellaneous
  Those which are used for installation and removal of LJK/Security software, as well as the HELP command.
  • HELP
  • KIT_BUILD
  • REMOVE
  • SHUTDOWN
• Operating Commands
  Those which are used for basic operation of LJK/Security such as running assessments and reporting results:
  • CANCEL <name>
  • REPORT <name>
  • RUN <name>
  • STOP <name>
• Customization Commands
  Those used to changes policies and the assessments which govern the application of those policies to particular nodes.
  • CREATE (assessment or policy) <name>
  • MODIFY (assessment or policy) <name>
  • SHOW (assessment or policy) <name>

In a situation where the command interface is to be used, there are two distinct methods for using it.

• DCL Command Format
  Commands are given directly from the DCL prompt ($ by default).
  This format has the advantage of allowing DCL symbol substitution for parameterized execution of rote functions.
• Subsystem Command Format
  The command LJK/SECURITY is given first to get into LJK/Security, where subsequent commands are given in response to the prompt LJKSÑ.
  This format has the performance advantage of only incurring one VMS Image Activation for a whole series of LJK/Security functions.

In the command descriptions shown in the following pages both the DCL Command Format and the Subsystem Command Format are shown.

An additional format is shown for the HELP command, since help information about LJK/Security is stored in the main HELP library and can therefore be accessed by the DCL HELP command.

While LJK/Security returns meaningful status to DCL, the code may have the INHIB_MSG bit set or it may be clear. Those who write command procedures handling the status returned by LJK/Security should always discount that bit before making comparisons.

Policy and assessment names selected by the user can be a maximum of 39 characters long and can contain only valid VMS filename characters (A-Z, a-z, 0-9, $, _, and -). Handing is not case-sensitive; "A" is equivalent to "a".

Node names may be:

• The DECnet node name (six character maximum)
• The DECnet node number (e.g., 2073)
• Some string 39 characters or less which does not match either of the above syntax specifications in cases where no DECnet connection is available to the specified tributary node from the master node

The privileges required to invoke LJK/Security depend on what version of VMS is running. On versions of VMS which do not support facility-specific identifiers (those prior to VAX VMS V6.0), the SECURITY privilege is required to invoke LJK/Security commands.

The SECURITY privilege is also required on versions of VMS which nominally support facility-specific identifiers when a particular system does not contains a VMS Rights Database (RIGHTSLIST.DAT).

5.4.1 Facility-specific identifiers

LJK/Security-specific identifiers are automatically added to the VMS Rights Database on LJK/Security Startup if they are not already present from a previous startup.

• Role-based identifiers
  The simplest control over the use of specific LJK/Security features is to grant authorized individuals the role-based identifiers:
  • LJK$SECURITY_ROLE_REVIEW
    This identifier should be granted to individuals authorized to review the results of LJK/Security assessments with appropriate menu or window functions or the commands:
    • REPORT
    • SHOW ASSESSMENT
    • SHOW POLICY
  • LJK$SECURITY_ROLE_OPERATE
    This identifier should be granted to individuals authorized to control the operation of LJK/Security with appropriate menu or window functions or the commands:
    • CANCEL
    • KIT_BUILD
    • RUN
    • STOP
  • LJK$SECURITY_ROLE_POLICY
    This identifier should be granted to individuals authorized to modify LJK/Security policies with appropriate menu or window functions or the commands:
    • CREATE ASSESSMENT
    • CREATE POLICY
    • MODIFY ASSESSMENT
    • MODIFY POLICY
    • SHOW ASSESSMENT
    • SHOW POLICY
  • LJK$SECURITY_ROLE_STARTUP
    This identifier might be granted to individuals authorized to manipulate LJK/Security in abnormal circumstances. There are generally few situations which require use of this identifier or the commands it governs:
    • REMOTE
    • REMOVE
    • SHUTDOWN
• Command-based identifiers
  In situations where the LJK/Security-specific role-based identifiers listed above do not provide the degree of granularity required, it is possible to grant the command-based identifiers:
  • LJK$SECURITY_CANCEL
  • LJK$SECURITY_CREATE_ASSESSMENT
  • LJK$SECURITY_CREATE_POLICY
  • LJK$SECURITY_KIT_BUILD
  • LJK$SECURITY_MODIFY_ASSESSMENT
  • LJK$SECURITY_MODIFY_POLICY
  • LJK$SECURITY_REMOTE
  • LJK$SECURITY_REMOVE
  • LJK$SECURITY_REPORT
  • LJK$SECURITY_RUN
  • LJK$SECURITY_SHOW_ASSESSMENT
  • LJK$SECURITY_SHOW_NODES
  • LJK$SECURITY_SHOW_POLICY
  • LJK$SECURITY_SHUTDOWN
  • LJK$SECURITY_STOP
  An example of a situation where that increased granularity might be desired is if an individual was authorized to choose the assignment of various policies to nodes within assessments, but not to modify those policies.
• Blanket identifier
  Where no distinction is to be made between the LJK/Security functions which can be invoked by a particular individual, a blanket identifier can be granted.
  • LJK$SECURITY_ALL
    

5.5 Forcing Use of the Command Interface

LJK/SECURITY

which is the same as the command to run LJK/Security using a non-command interface.

Under normal circumstance, LJK/Security will use the most "advanced" interface possible for the current command device. To force the use of another interface, you can disable the selection of particular non-command interfaces through the use of individual qualifiers:

• /INTERFACE=CHARACTER_CELL
  Prevents the use of the Window Interface.
• /NOSMG
  Prevents the use of the Menu Interface.

$ LJKCMD == "LJK/SECURITY /INTERFACE=CHARACTER_CELL/NOSMG"

5.6 Using the Command Interface on a New Installation

5.6.1 Preparing the Default Policy and Default Assessment

1. Log back into the master node under a username which has the facility-specific identifier LJK$SECURITY_ROLE_POLICY or is otherwise authorized as discussed in Section 5.4.
2. Create the default policy with the command:

   $ LJK/SECURITY CREATE POLICY DEFAULT

3. Add an exemption with the command:

   $ LJK/SECURITY MODIFY POLICY DEFAULT/EXEMPTION=(*,SYSTEM) - /TEST=(UAF,PRIVLEVEL,ABSOLUTHI)/VALUE="Category-All"

   Wildcarding a node name for a specific username across all systems typically requires great faith in your organization's mechanism for assigning usernames. In the case of SYSTEM, however, it is not a problem.

4. Create the default assessment with the command:

   $ LJK/SECURITY CREATE ASSESSMENT DEFAULT

5. Modify the default assessment to include each tributary node, using the command:

   $ LJK/SECURITY MODIFY ASSESSMENT DEFAULT/NODE=mynode

   once for each tributary node. Alternatively, you can use the single command:

   $ LJK/SECURITY MODIFY ASSESSMENT DEFAULT/NODE=*

   providing that all the following are true:

   1. your license size is large enough to cover all VMS nodes in your network
   2. you have installed the LJK/Security software on all those nodes
   3. the username under which you are logged in is able to access appropriate DECnet network databases

Tremendous numbers of violation reports can be generated by the DISK facility, so as a brand new user of LJK/Security you will likely have an easier time devising your initial policies if you start with the DISK facility disabled. Enable the DISK facility again after you are happy with results from the rest of your policy.

5.6.2 Running the Default Assessment

17. Start the default assessment running with the command:
    

    $ LJK/SECURITY RUN DEFAULT

18. Check on the status of the default assessment with the command:
    

    $ LJK/SECURITY REPORT DEFAULT/STATUS

    The program will respond with an indication of whether the default assessment has completed running. So long as you have received the VMS prompt (typically a dollar-sign, "$") you can log out and then log in later to check the status.
    Running an assessment will take at least 10 minutes and can be considerably longer depending on how many usernames are authorized for each tributary node and how many files are on disk.

19. Get the results of the default assessment with the command:
    

    $ LJK/SECURITY REPORT DEFAULT

    which produces output of the form:

    Node BIGVAX Username SMITH has maximum queueing priority of 0 which is lower than minimum of 200 Node BIGVAX Username JONES has disable mail notification flag Node BIGVAX Username DBM$REMOTE has disable mail delivery flag

The following pages in this chapter contains full documentation of individual commands available in the Command Interface.

Cancel future collection of security data from remote nodes.

Format

$ LJK/SECURITY CANCEL -

assessment-name

or

LJKSÑ CANCEL -

assessment-name

restrictions

• You must have the facility-specific identifier LJK$SECURITY_ROLE_OPERATE, LJK$SECURITY_CANCEL or LJK$SECURITY_ALL.
• On systems prior to VAX VMS V6.0 or systems which do not have a Rights List database, you must have the SECURITY privilege.

Parameters

assessment-name

Name of the assessment.

Description

Cancel the future scheduled collection of security data from tributary nodes for a particular assessment.

This does not affect any current collection of the specified assessment. That is accomplished with the STOP command.

Qualifiers

None.

Example

$ LJK/SECURITY CANCEL MY_SPECIAL
      

Cancel future collection of assessment MY_SPECIAL from remote nodes.

Create a new assessment.

Format

$ LJK/SECURITY CREATE ASSESSMENT -

assessment-name

or

LJKSÑ CREATE ASSESSMENT -

assessment-name

restrictions

• You must have the facility-specific identifier LJK$SECURITY_ROLE_POLICY, LJK$SECURITY_CREATE_ASSESSMENT or LJK$SECURITY_ALL.
• On systems prior to VAX VMS V6.0 or systems which do not have a Rights List database, you must have the SECURITY privilege.

Parameters

assessment-name

Name of the assessment to be created.

As described in Section H.8, DCL Symbol Processing, DCL symbol substitution may be used for this parameter, even when using the Subsystem Command Format.

Description

Creates a new assessment with initial entries optionally taken from the assessment named DEFAULT (if there is any).

Qualifiers

/AUDIT (D)

/NOAUDIT

Specifies that the contents of assessment records automatically created should be displayed, including audit information.

/DEFAULT (D)

/NODEFAULT

Specifies that the contents of the assessment named DEFAULT are to be used for the initial contents of the assessment being created.

/LOG

/NOLOG (D)

Specifies that the contents of assessment records automatically created should be displayed.

Example

$ LJK/SECURITY CREATE ASSESSMENT MY_ASSESSMENT
      

Create an assessment.

$ LJK/SECURITY CREATE ASSESSMENT MY_ASSESSMENT/NODEFAULT
      

Create an assessment with no copying of the contents of the assessment named DEFAULT.