LJK/Security Reference Manual

PRCFORCEX

Determine whether enabling of alarms or audits for privileged use of $FORCEX conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	FORCEX security alarms are enabled in violation of policy
ALREQUIRE	FORCEX security alarms are disabled in violation of policy
AUPROHIBIT	FORCEX security audits are enabled in violation of policy
AUREQUIRE	FORCEX security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=FORCEX with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privileged use is made of the $FORCEX system service.

Default policy

Enabling of FORCEX security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of FORCEX security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

This use of privilege is worth noting in most environments.

PRCGETJPI

Determine whether enabling of alarms or audits for privileged use of $GETJPI conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	GETJPI security alarms are enabled in violation of policy
ALREQUIRE	GETJPI security alarms are disabled in violation of policy
AUPROHIBIT	GETJPI security audits are enabled in violation of policy
AUREQUIRE	GETJPI security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=GETJPI with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privileged use is made of the $GETJPI system service.

Default policy

Enabling of GETJPI security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of GETJPI security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

This use of privilege is probably not worth noting in most environments.

PRCGRANT

Determine whether enabling of alarms or audits for privileged use of $GRANTID conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	GRANTID security alarms are enabled in violation of policy
ALREQUIRE	GRANTID security alarms are disabled in violation of policy
AUPROHIBIT	GRANTID security audits are enabled in violation of policy
AUREQUIRE	GRANTID security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=GRANTID with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privilege is used to grant an identifier to a running process.

Default policy

Enabling of GRANTID security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of GRANTID security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

This use of privilege is worth noting in most environments.

PRCPRCAFF

Determine whether enabling of alarms or audits for setting process affinity conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	Process affinity security alarms are enabled in violation of policy
ALREQUIRE	Process affinity security alarms are disabled in violation of policy
AUPROHIBIT	Process affinity security audits are enabled in violation of policy
AUREQUIRE	Process affinity security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=PROCESS_AFFINITY with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when process affinity is changed.

Default policy

Enabling of Process affinity security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of Process affinity security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

Concern about this event is typically only for specialized environments or for troubleshooting.

PRCPRCCAP

Determine whether enabling of alarms or audits for setting process capabilities conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	Process capability security alarms are enabled in violation of policy
ALREQUIRE	Process capability security alarms are disabled in violation of policy
AUPROHIBIT	Process capability security audits are enabled in violation of policy
AUREQUIRE	Process capability security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=PROCESS_CAPABILITIES with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when process capabilities are changed.

Default policy

Enabling of Process capability security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of Process capability security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

Concern about this event is typically only for specialized environments or for troubleshooting.

PRCPRCTRM

Determine whether enabling of alarms or audits for detection of process termination conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	Process termination detection security alarms are enabled in violation of policy
ALREQUIRE	Process termination detection security alarms are disabled in violation of policy
AUPROHIBIT	Process termination detection security audits are enabled in violation of policy
AUREQUIRE	Process termination detection security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=PRCTERM with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when process termination is detected.

Default policy

Enabling of Process termination detection security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of Process termination detection security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

Concern about this event is typically only for specialized environments or for troubleshooting.

PRCRESUME

Determine whether enabling of alarms or audits for privileged use of $RESUME conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	RESUME security alarms are enabled in violation of policy
ALREQUIRE	RESUME security alarms are disabled in violation of policy
AUPROHIBIT	RESUME security audits are enabled in violation of policy
AUREQUIRE	RESUME security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=RESUME with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privileged use is made of the $RESUME system service.

Default policy

Enabling of RESUME security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of RESUME security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

Concern about this event is typically only for specialized environments or for troubleshooting.

PRCREVOKE

Determine whether enabling of alarms or audits for privileged use of $REVOKID conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	REVOKID security alarms are enabled in violation of policy
ALREQUIRE	REVOKID security alarms are disabled in violation of policy
AUPROHIBIT	REVOKID security audits are enabled in violation of policy
AUREQUIRE	REVOKID security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=REVOKID with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privilege is used to revoke an identifier from a running process.

Default policy

Enabling of REVOKID security alarms and audits is neither prohibited nor required

Customizing

Set limits TRUE to establish a general prohibition of or requirement for the enabling of REVOKID security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations

This use of privilege is worth noting in most environments.

Contents

Index