LJK/Security Reference Manual

NCP

Determine whether enabling of alarms or audits for NCP event conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	NCP security alarms are enabled in violation of policy
ALREQUIRE	NCP security alarms are disabled in violation of policy
AUPROHIBIT	NCP security audits are enabled in violation of policy
AUREQUIRE	NCP security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=NCP with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when an NCP change takes place.

Default policy

Enabling of NCP security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of security alarms or audits on access to the network configuration database using the NCP utility. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

Such access can represent a significant change to system configuration, and audits or alarms are appropriate in most settings where security is taken seriously. If DECnet Phase IV is not in use, it might be worthwhile to detect if anyone enables it.

OBJCREATE

Determine whether enabling of alarms or audits for disk file creation event conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	File creation security alarms are enabled in violation of policy
ALREQUIRE	File creation security alarms are disabled in violation of policy
AUPROHIBIT	File creation security audits are enabled in violation of policy
AUREQUIRE	File creation security audits are disabled in violation of policy

Description

Use of the qualifiers /CLASS=FILE and /ENABLE=CREATE with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when a disk file is created.

Default policy

Enabling of File creation security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of File creation security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

Disk file creation is a frequent event in many environments.

OBJDEACC

Determine whether enabling of alarms or audits for disk file deaccess event conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	File deaccess security alarms are enabled in violation of policy
ALREQUIRE	File deaccess security alarms are disabled in violation of policy
AUPROHIBIT	File deaccess security audits are enabled in violation of policy
AUREQUIRE	File deaccess security audits are disabled in violation of policy

Description

Use of the qualifiers /CLASS=FILE and /ENABLE=DEACCESS with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when a disk file is deaccessed.

Default policy

Enabling of File deaccess security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of File deaccess security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

Disk file deaccess is a frequent event in almost all environments.

OBJDELETE

Determine whether enabling of alarms or audits for disk file deletion event conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	File deletion security alarms are enabled in violation of policy
ALREQUIRE	File deletion security alarms are disabled in violation of policy
AUPROHIBIT	File deletion security audits are enabled in violation of policy
AUREQUIRE	File deletion security audits are disabled in violation of policy

Description

Use of the qualifiers /CLASS=FILE and /ENABLE=DELETE with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when a disk file is deleted.

Default policy

Enabling of File deletion security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of File deletion security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

Disk file deletion is a frequent event in most environments.

PRCCANWAK

Determine whether enabling of alarms or audits for privileged use of $CANWAK conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	CANWAK security alarms are enabled in violation of policy
ALREQUIRE	CANWAK security alarms are disabled in violation of policy
AUPROHIBIT	CANWAK security audits are enabled in violation of policy
AUREQUIRE	CANWAK security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=CANWAK with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privileged use is made of the $CANWAK system service.

Default policy

Enabling of CANWAK security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of CANWAK security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

Concern about this event is typically only for specialized environments or for troubleshooting.

PRCCPUCAP

Determine whether enabling of alarms or audits for change in CPU capabilities conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	CPU Capability security alarms are enabled in violation of policy
ALREQUIRE	CPU Capability security alarms are disabled in violation of policy
AUPROHIBIT	CPU Capability security audits are enabled in violation of policy
AUREQUIRE	CPU Capability security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=SUSPND with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privileged use is made of the $SUSPND system service.

Default policy

Enabling of CPU Capability security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of CPU Capability security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

Concern about this event is typically only for specialized environments or for troubleshooting.

PRCCREPRC

Determine whether enabling of alarms or audits for all use of $CREPRC conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	CREPRC security alarms are enabled in violation of policy
ALREQUIRE	CREPRC security alarms are disabled in violation of policy
AUPROHIBIT	CREPRC security audits are enabled in violation of policy
AUREQUIRE	CREPRC security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=CREPRC with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when any process creation takes place.

Default policy

Enabling of CREPRC security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of CREPRC security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

This type of event is common in most environments.

PRCDELPRC

Determine whether enabling of alarms or audits for all use of $DELPRC conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	DELPRC security alarms are enabled in violation of policy
ALREQUIRE	DELPRC security alarms are disabled in violation of policy
AUPROHIBIT	DELPRC security audits are enabled in violation of policy
AUREQUIRE	DELPRC security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=DELPRC with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when any process deletion takes place.

Default policy

Enabling of DELPRC security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of DELPRC security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

This type of event is common in most environments.

Contents

Index