This chapter lists the commands available for traditional DCL-style control of LJK/Security.

Although all LJK/Security functions can be controlled through this command interface, a more visually oriented interface is preferable for day-to-day interaction with the software. For the special cases of control from a batch job or command procedure, however, the command interface described in this chapter is necessary.

5.1 Command Summary

• Miscellaneous
  Those which are used for installation and removal of LJK/Security software, as well as the HELP command.
  • EXIT
  • HELP
  • KIT_BUILD
  • REMOVE
  • SHUTDOWN
• Operating Commands
  Those which are used for basic operation of LJK/Security such as running assessments and reporting results:
  • CANCEL <name>
  • REPORT <name>
  • RUN <name>
  • STOP <name>
• Customization Commands
  Those used to changes policies and the assessments which govern the application of those policies to particular nodes.
  • CREATE (assessment or policy) <name>
  • MODIFY (assessment or policy) <name>
  • SHOW (assessment or policy) <name>

In a situation where the command interface is to be used, there are two distinct methods for using it.

• DCL Command Format
  Commands are given directly from the DCL prompt ($ by default).
  This format has the advantage of allowing DCL symbol substitution for parameterized execution of rote functions.
• Subsystem Command Format
  The command LJK/SECURITY is given first to get into LJK/Security, where subsequent commands are given in response to the prompt LJKS„.
  This format has the performance advantage of only incurring one VMS Image Activation for a whole series of LJK/Security functions.

In the command descriptions shown in the following pages both the DCL Command Format and the Subsystem Command Format are shown.

An additional format is shown for the HELP command, since help information about LJK/Security is stored in the main HELP library and can therefore be accessed by the DCL HELP command.

While LJK/Security returns meaningful status to DCL, the code may have the INHIB_MSG bit set or it may be clear. Those who write command procedures handling the status returned by LJK/Security should always discount that bit before making comparisons.

Policy and assessment names selected by the user can be a maximum of 39 characters long and can contain only valid VMS filename characters (A-Z, a-z, 0-9, $, _, and -). Handling is not case-sensitive; "A" is equivalent to "a".

Node names may be:

• The DECnet node name (six character maximum)
• The DECnet node number (e.g., 2073)
• Some string 39 characters or less which does not match either of the above syntax specifications in cases where no DECnet connection is available to the specified tributary node from the master node

The privileges required to invoke LJK/Security depend on what version of VMS is running. On versions of VMS which do not support facility-specific identifiers (those prior to VAX VMS V6.0), the SECURITY privilege is required to invoke LJK/Security commands.

The SECURITY privilege is also required on versions of VMS which nominally support facility-specific identifiers when a particular system does not contains a Rights Database (RIGHTSLIST.DAT).

5.4.1 Facility-specific identifiers

LJK/Security-specific identifiers are automatically added to the Rights Database on LJK/Security Startup if they are not already present from a previous startup.

• Role-based identifiers
  The simplest control over the use of specific LJK/Security features is to grant authorized individuals the role-based identifiers:
  • LJK$SECURITY_ROLE_REVIEW
    This identifier should be granted to individuals authorized to review the results of LJK/Security assessments with appropriate menu or window functions or the commands:
    • REPORT
    • SHOW ASSESSMENT
    • SHOW POLICY
  • LJK$SECURITY_ROLE_OPERATE
    This identifier should be granted to individuals authorized to control the operation of LJK/Security with appropriate menu or window functions or the commands:
    • CANCEL
    • KIT_BUILD
    • RUN
    • STOP
  • LJK$SECURITY_ROLE_POLICY
    This identifier should be granted to individuals authorized to modify LJK/Security policies with appropriate menu or window functions or the commands:
    • CREATE ASSESSMENT
    • CREATE POLICY
    • MODIFY ASSESSMENT
    • MODIFY POLICY
    • SHOW ASSESSMENT
    • SHOW POLICY
  • LJK$SECURITY_ROLE_STARTUP
    This identifier might be granted to individuals authorized to manipulate LJK/Security in abnormal circumstances. There are generally few situations which require use of this identifier or the commands it governs:
    • REMOTE
    • REMOVE
    • SHUTDOWN
• Command-based identifiers
  In situations where the LJK/Security-specific role-based identifiers listed above do not provide the degree of granularity required, it is possible to grant the command-based identifiers:
  • LJK$SECURITY_CANCEL
  • LJK$SECURITY_CREATE_ASSESSMENT
  • LJK$SECURITY_CREATE_POLICY
  • LJK$SECURITY_KIT_BUILD
  • LJK$SECURITY_MODIFY_ASSESSMENT
  • LJK$SECURITY_MODIFY_POLICY
  • LJK$SECURITY_REMOTE
  • LJK$SECURITY_REMOVE
  • LJK$SECURITY_REPORT
  • LJK$SECURITY_RUN
  • LJK$SECURITY_SHOW_ASSESSMENT
  • LJK$SECURITY_SHOW_NODES
  • LJK$SECURITY_SHOW_POLICY
  • LJK$SECURITY_SHUTDOWN
  • LJK$SECURITY_STOP
  An example of a situation where that increased granularity might be desired is if an individual was authorized to choose the assignment of various policies to nodes within assessments, but not to modify those policies.
• Blanket identifier
  Where no distinction is to be made between the LJK/Security functions which can be invoked by a particular individual, a blanket identifier can be granted.
  • LJK$SECURITY_ALL
    

5.5 Forcing Use of the Command Interface

LJK/SECURITY

which is the same as the command to run LJK/Security using a non-command interface.

Under normal circumstance, LJK/Security will use the most "advanced" interface possible for the current command device. To force the use of another interface, you can disable the selection of particular non-command interfaces through the use of individual qualifiers:

• /INTERFACE=CHARACTER_CELL
  Prevents the use of the Window Interface.
• /NOSMG
  Prevents the use of the Menu Interface.

$ LJKCMD == "LJK/SECURITY /INTERFACE=CHARACTER_CELL/NOSMG"

5.6 Using the Command Interface on a New Installation

5.6.1 Preparing the Default Policy and Default Assessment

1. Log back into the master node under a username which has the facility-specific identifier LJK$SECURITY_ROLE_POLICY or is otherwise authorized as discussed in Section 5.4.
2. Create the default policy with the command:

   $ LJK/SECURITY CREATE POLICY DEFAULT

3. Add an exemption with the command:

   $ LJK/SECURITY MODIFY POLICY DEFAULT/EXEMPTION=(*,SYSTEM) - /TEST=(UAF,PRIVLEVEL,ABSOLUTHI)/VALUE="Category-All"

   Wildcarding a node name for a specific username across all systems typically requires great faith in your organization's mechanism for assigning usernames. In the case of SYSTEM, however, it is not a problem.

4. Create the default assessment with the command:

   $ LJK/SECURITY CREATE ASSESSMENT DEFAULT

5. Modify the default assessment to include each tributary node, using the command:

   $ LJK/SECURITY MODIFY ASSESSMENT DEFAULT/NODE=mynode

   once for each tributary node. Alternatively, you can use the single command:

   $ LJK/SECURITY MODIFY ASSESSMENT DEFAULT/NODE=*

   providing that all the following are true:

   1. your license size is large enough to cover all VMS nodes in your network
   2. you are running DECnet Phase IV
   3. you have installed the LJK/Security software on all those nodes
   4. the username under which you are logged in is able to access appropriate DECnet network databases

Tremendous numbers of violation reports can be generated by the DISK and USAGE facilities, so as a brand new user of LJK/Security you will likely have an easier time devising your initial policies if you start by running your assessments without those facilities. You can do that by specifying the QUICK method with either of the following commands:

$ LJK/SECURITY MODIFY <assessment-name>/NODE=<node-name>/METHOD=QUICK $ LJK/SECURITY RUN <assessment-name>/METHOD=QUICK

Use the /METHOD=AUTOMATIC or /METHOD=ALL qualifier after you are happy with results from the rest of your policy.

5.6.2 Running the Default Assessment

17. Start the default assessment running with the command:
    

    $ LJK/SECURITY RUN DEFAULT

18. Check on the status of the default assessment with the command:
    

    $ LJK/SECURITY REPORT DEFAULT/STATUS

    The program will respond with an indication of whether the default assessment has completed running. So long as you have received the VMS prompt (typically a dollar-sign, "$") you can log out and then log in later to check the status.
    Running an assessment will take at least 10 minutes and can be considerably longer depending on how many usernames are authorized for each tributary node and how many files are on disk.

19. Get the results of the default assessment with the command:
    

    $ LJK/SECURITY REPORT DEFAULT

    which produces output of the form:

    Node BIGVAX Username SMITH has maximum queueing priority of 0 which is lower than minimum of 200 Node BIGVAX Username JONES has disable mail notification flag Node BIGVAX Username DBM$REMOTE has disable mail delivery flag

The following pages in this chapter contains full documentation of individual commands available in the Command Interface. 

Answer questions for non-automatic methods from a node.

Format

$ MCR LJK$SECURITY ANSWER -

assessment-name

restrictions

• You must have the VMS privilege TMPMBX.
• The group of questions you specify within the method must have been assigned to your node and Username.

Parameters

None.

Description

Answer questions for non-automatic methods from a node.

The command MCR LJK$SECURITY ANSWER takes a different form from most commands because it is also supported on tributary nodes, where the command form LJK/SECURITY is not available. In fact it is quite common to assign a group of questions within a method to a username on a tributary node where the information to answer the questions can be gathered.

For that reason, and because the MCR LJK$SECURITY ANSWER command is typically issued by someone who is not familiar with using product, the Command Interface is the only interface available. There is no Window Interface or Menu Interface method of performing this function.

After you are asked each group of questions, you will be asked to Confirm that your answers are correct before they are shipped back to the master node.

If you are unsure of what groups within what methods have been assigned to your Username on a given node , issue the command MCR LJK$SECURITY ANSWER with no qualifiers (but possibly with an assessment name). A list of possible commands will be displayed to you.

A more complete discussion of using the MCR LJK$SECURITY ANSWER is available at Chapter 12, Answering Questions for Non-Automated Assessment Methods. Compared to this formal command specification, that chapter is intended to be better for those with limited VMS experience.

Peeking Ahead If you want to see in advance what questions will be asked for a particular group use the /PREVIEW qualifier.

Giving Feedback If you want to comment about the nature or applicability of a particular question, end your answer with the string "/REMARK" and you will be prompted for your comments. If you know in advance that you will want to make a remark for all (or most) questions, you can use the /REMARK qualifier on the MCR LJK$SECURITY ANSWER command.

Qualifiers

/ALL

Specifies that all groups of questions within all methods assigned to this Username are to be answered. This is primarily of interest to individuals who do not have many groups of questions assigned to them.

/GROUP=group-name

Indicates the name of the group from which you want to answer questions.

Wildcard characters ("*" and "%") can be used in the group-name for the /GROUP= qualifier. Not specifying the /GROUP= qualifier is equivalent to specifying all groups as would be done with /GROUP=*.

If you do not specify a method (using one of the qualifiers /MANUAL_EXAMINATION, /INTERVIEW or /INVASIVE_TESTING) when you iuse the /GROUP= qualifier, a list of possible commands will appear on the screen.

/INTERVIEW

Indicates that you want questions from Interview groups.

/INVASIVE_TESTING

Indicates that you want questions from Invasive Testing groups.

/MANUAL_EXAMINATION

Indicates that you want questions from Manual Examination groups.

/PREVIEW

Indicates that you are not planning on answering questions but just want to see what the questions will be.

This can be useful if you want to determine in advance whether you have all the information that will be needed to answer the questions.

/REMARKS

Indicates that you want an opportunity to make a remark about the nature of each question you answer.

This opportunity can be afforded on a question-by-question basis (and with an on-the-fly decision) by ending any answer with the string "/REMARK".

/SILENCE_IS_GOLDEN

Indicates that you want no output from the command MCR LJK$SECURITY ANSWER with no qualifiers if there are no outstanding groups assigned to your Username. The /SILENCE_IS_GOLDEN qualifier is intended for use within LOGIN.COM command procedures, providing a user information if and only if there is work pending for them.