LJK/Security Reference Manual
9.2.2.2 Unanswered Entrypoints (optional)
- INTERVIEW_UNANSWERED This entrypoint provides details regarding
groups of unanswered Interview questions, including who is responsible
for answering them.
- INVASIVE_TESTING_UNANSWERED This entrypoint provides details
regarding groups of unanswered Invasive Testing questions, including
who is responsible for answering them.
- MANUAL_EXAMINATION_UNANSWERED This entrypoint provides details
regarding groups of unanswered Manual Examination questions, including
who is responsible for answering them.
9.2.2.3 Detail Entrypoints (optional)
- AUTOMATIC_DETAIL This entrypoint provides detailed information for
Automatic tests including whether they have been
- Completed
- Asked
- Satisfied
- COMPENSATING_CONTROL_DETAIL This entrypoint provides detailed
information for Compensating Controls including whether they have been
- Completed
- Asked
- Satisfied (always equal to Completed for Compensating Controls)
- COVERAGE This entrypoint provides statistics regarding the number
of objects of various types which were subjected to automatic testing.
- INTERVIEW_DETAIL This entrypoint provides detailed information for
Interview questions including whether they have been
- Completed
- Asked
- Satisfied
- INVASIVE_TESTING_DETAIL This entrypoint provides detailed
information for Invasive Testing questions including whether they have
been
- Completed
- Asked
- Satisfied
- MANUAL_EXAMINATION_DETAIL This entrypoint provides detailed
information for Manual Examination questions including whether they
have been
- Completed
- Asked
- Satisfied
- NODE_DETAIL This entrypoint provides detailed information regarding
the testing status for various nodes in the
assessment.
9.2.3 Report Formatting Parameters
There are a limited number of datatypes used for the various arguments
that will be passed to your Report Formatting entrypoints:
- String passed by string descriptor
- Boolean single byte passed by reference
- Number unsigned longword passed by reference
- Date/Time unsigned quadword passed by reference
There are some common parameters passed to multiple Report Formatting
entrypoints:
- POLICY_NUMBER This index number can be used by your POLICY_TERMS
entrypoint to store terms according to policy and used
by other entrypoints later to retrieve those terms.
- COMMENT_INSTANCE This string is created from /COMMENT strings in
your LJK/Security policies. If there are no commas in
the /COMMENT string it is provided intact. If there are commas in the
/COMMENT string, the first comma-separated substring is combined
successively with each of the others, calling your entrypoint once for
each external rule covered by a particular LJK/Security test
(automated or otherwise). This implements the encoding of multiple
reasons for a single test.
9.2.4 Building a Report Formatting Module
Your Report Formatting Module should be linked as a shareable image,
with each entrypoint a universal symbol that the LJK/Security
subprocess can locate with LIB$FIND_IMAGE_SYMBOL. Example link commands
are:
For AXP:
$ LINK/NOTRACE/SHAREABLE=LJK$SECURITY_REPORT_AXP.EXE -
MY_CODE,SYS$INPUT:/OPTION
SYMBOL_VECTOR=(
INITIALIZE=PROCEDURE-
,NODE_TOTAL=PROCEDURE-
,INVASIVE_TESTING_UNANSWERED=PROCEDURE-
,MANUAL_EXAMINATION_UNANSWERED=PROCEDURE-
,INTERVIEW_UNANSWERED=PROCEDURE-
,AUTOMATIC_TOTAL=PROCEDURE-
,MANUAL_EXAMINATION_TOTAL=PROCEDURE-
,INTERVIEW_TOTAL=PROCEDURE-
,INVASIVE_TESTING_TOTAL=PROCEDURE-
,COMPENSATING_CONTROL_TOTAL=PROCEDURE-
,NODE_DETAIL=PROCEDURE-
,COVERAGE=PROCEDURE-
,AUTOMATIC_DETAIL=PROCEDURE-
,MANUAL_EXAMINATION_DETAIL=PROCEDURE-
,INTERVIEW_DETAIL=PROCEDURE-
,INVASIVE_TESTING_DETAIL=PROCEDURE-
,COMPENSATING_CONTROL_DETAIL=PROCEDURE-
,FINALIZE=PROCEDURE-
,POLICY_TERMS=PROCEDURE-
,POLICY_RULE_TEXT=PROCEDURE-
)
|
For VAX:
$ LINK/NOTRACE/SHAREABLE=LJK$SECURITY_REPORT_VAX.EXE -
MY_CODE,SYS$INPUT:/OPTION
UNIVERSAL=INITIALIZE
UNIVERSAL=NODE_TOTAL
UNIVERSAL=INVASIVE_TESTING_UNANSWERED
UNIVERSAL=MANUAL_EXAMINATION_UNANSWERED
UNIVERSAL=INTERVIEW_UNANSWERED
UNIVERSAL=AUTOMATIC_TOTAL
UNIVERSAL=MANUAL_EXAMINATION_TOTAL
UNIVERSAL=INTERVIEW_TOTAL
UNIVERSAL=INVASIVE_TESTING_TOTAL
UNIVERSAL=COMPENSATING_CONTROL_TOTAL
UNIVERSAL=NODE_DETAIL
UNIVERSAL=COVERAGE
UNIVERSAL=AUTOMATIC_DETAIL
UNIVERSAL=MANUAL_EXAMINATION_DETAIL
UNIVERSAL=INTERVIEW_DETAIL
UNIVERSAL=INVASIVE_TESTING_DETAIL
UNIVERSAL=COMPENSATING_CONTROL_DETAIL
UNIVERSAL=FINALIZE
UNIVERSAL=POLICY_TERMS
UNIVERSAL=POLICY_RULE_TEXT
|
9.2.5 Running a Report Formatting Module
The filespec of a custom Report Formatting Module can be specified in
either of two fashions:
- Use the /PROCESSOR= qualifier to the LJK/SECURITY REPORT command.
- Define the logical name LJK$SECURITY_REPORT.
The logical name can be in any mode and table visible to the process
from which the LJK/SECURITY REPORT command is run.
As part of starting up, LJK/Security defines the system-wide logical
name LJK$SECURITY_REPORT to be LJK$SECURITY_REPORT_xxx, where
"xxx" indicates the architecture. So you could define logical
name LJK$SECURITY_REPORT_xxx if you wanted to have images for each
architecture.
9.2.6 Debugging a Report Formatting Module
If you use the /DEBUG qualifier to the LJK/SECURITY REPORT command,
the Debugger will be invoked stopping just after calling your
INITIALIZE entrypoint. Your Report Formatting module will be running in
a subprocess while LJK/Security is in the parent process waiting for a
response from the subprocess.
If you have a debugger initialization command procedure (defined by the
logical name DBG$INIT), that will be executed before the attempt to
stop at your INITIALIZE entrypoint.
9.2.7 Detailed Report Formatting Entrypoint Descriptions
The following pages contain full descriptions of each Report Formatting
entrypoint.
AUTOMATIC_DETAIL
Accept detailed automatic testing information for report formatting.
Format
AUTOMATIC_DETAIL
POLICY_NUMBER, POLICY_NAME, NODE_NAME, FACILITY, ELEMENT,
CONSTRAINT, PARENTHESIZED_TEST, SELECTOR, SEQUENCE, OBJECT,
RESPONSIBILITY_CODE, REMEDIATION_DAYS, COMMENT_INSTANCE, VIOLATION,
REMEDIATION_TEXT, COMPLETED, ASKED, SATISFIED
RETURNS
|
VMS usage:
|
boolean
|
|
type:
|
byte (unsigned)
|
|
access:
|
write only
|
|
mechanism:
|
by value
|
Arguments
POLICY_NUMBER
|
VMS usage:
|
longword_unsigned
|
|
type:
|
unsigned longword
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Number that can be used as an index into an array of
policies used in the assessment whose
results are being reported.
POLICY_NAME
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 39)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
Name of the LJK/Security policy against which this
violation was detected.
NODE_NAME
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 39)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
Name of the node on which this violation was detected.
FACILITY
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 6)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
LJK/Security facility for this violation.
ELEMENT
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 10)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
LJK/Security element for this violation.
CONSTRAINT
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 10)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
LJK/Security constraint for this violation.
PARENTHESIZED_TEST
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 32)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
The facility, element and
constraint above expressed as a comma-separated
triplet inside parentheses.
SELECTOR
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 80)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
LJK/Security selector for this violation.
SEQUENCE
|
VMS usage:
|
longword_unsigned
|
|
type:
|
unsigned longword
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Unique identifier of an automatic detail within a node.
OBJECT
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 255)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
The particular object for which which this violation was detected.
RESPONSIBILITY_CODE
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 10)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
The name (not the content) of the (VMS, REPORT, <name>) limit
indicating responsibility for remediation.
REMEDIATION_DAYS
|
VMS usage:
|
longword_unsigned
|
|
type:
|
unsigned longword
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Number of days for full remediation of this violation.
COMMENT_INSTANCE
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 80)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
The particular external rule which is the subject of this entrypoint
call.
VIOLATION
|
VMS usage:
|
char_string
|
|
type:
|
character string
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
The text describing the details of this violation.
REMEDIATION_TEXT
|
VMS usage:
|
char_string
|
|
type:
|
character string
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
The string to be used in remediation reports. This string may contain
one or more of the following placeholders for customized handling by
your Report Formatting module.
- \DATE=(<remediate-constraint>,...)
- \EACH_DEVICE
- \EACH_DISK
- \EACH_EVENT
- \EACH_FILE
- \EACH_JOB
- \EACH_QUEUE
- \EACH_TERMINAL
- \EACH_USERNAME
- \INDENT0
- \INDENT1
- \xxxSTAFF
The \DATE=" placeholder is to be replaced with a date based on the
duration days in each of the named remediate-constraints, from the
values provided to entrypoint POLICY_TERMS.
The "\EACH_*" placeholders, for instance, might have a link
to the list of objects being reported.
The "\INDENT0" placeholder is for a contextual break.
The "\INDENT1" placeholder is for a bullet entry.
The "\xxxSTAFF" placeholder is for the string values provided
to entrypoint POLICY_TERMS.
COMPLETED
|
VMS usage:
|
boolean
|
|
type:
|
byte (unsigned)
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Testing of this item has been processed.
ASKED
|
VMS usage:
|
boolean
|
|
type:
|
byte (unsigned)
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Testing of this item was conducted.
SATISFIED
|
VMS usage:
|
boolean
|
|
type:
|
byte (unsigned)
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Testing of this item was violation-free.
Description
This entrypoint provides detailed information for Automatic tests
including whether they have been
- Completed
- Asked
- Satisfied
A Boolean value returned by this entrypoint indicates whether
processing of this report should continue. A value of FALSE will
terminate processing.
AUTOMATIC_TOTAL
Accept total automatic testing information for report formatting.
Format
AUTOMATIC_TOTAL
POLICY_NUMBER, POLICY_NAME, FACILITY, ELEMENT, CONSTRAINT,
PARENTHESIZED_TEST, SELECTOR, RESPONSIBILITY_CODE, REMEDIATION_DAYS,
COMMENT_INSTANCE, INSTANCE_COUNT, COMPLETED_COUNT, VIOLATION_COUNT
RETURNS
|
VMS usage:
|
boolean
|
|
type:
|
byte (unsigned)
|
|
access:
|
write only
|
|
mechanism:
|
by value
|
Arguments
POLICY_NUMBER
|
VMS usage:
|
longword_unsigned
|
|
type:
|
unsigned longword
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Number that can be used as an index into an array of
policies used in the assessment whose
results are being reported.
POLICY_NAME
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 39)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
Name of the LJK/Security policy to which these totals
apply.
FACILITY
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 6)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
LJK/Security facility for these totals.
ELEMENT
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 10)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
LJK/Security element for these totals.
CONSTRAINT
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 10)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
LJK/Security constraint for these totals.
PARENTHESIZED_TEST
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 32)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
The facility, element and
constraint above expressed as a comma-separated
triplet inside parentheses.
SELECTOR
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 80)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
LJK/Security selector for these totals (possibly
null).
RESPONSIBILITY_CODE
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 10)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
The name (not the content) of the (VMS, REPORT, <name>) limit
indicating responsibility for remediation.
REMEDIATION_DAYS
|
VMS usage:
|
longword_unsigned
|
|
type:
|
unsigned longword
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Number of days for full remediation of this violation.
COMMENT_INSTANCE
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 80)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
The particular external rule which is the subject of this entrypoint
call.
INSTANCE_COUNT
|
VMS usage:
|
longword_unsigned
|
|
type:
|
unsigned longword
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Number of nodes to which this combination of Automatic Test and comment
instance applies.
COMPLETED_COUNT
|
VMS usage:
|
longword_unsigned
|
|
type:
|
unsigned longword
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Number of nodes on which this combination of Automatic Test and comment
instance has been completed.
VIOLATION_COUNT
|
VMS usage:
|
longword_unsigned
|
|
type:
|
unsigned longword
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Number of violations found for this combination of Automatic Test and
comment instance.
The number 2147483647 (hexadecimal 7FFFFFFF) means "2147483647 or more"
since particularly on VAX many languages cannot handle 64 bit numbers.
Description
This entrypoint provides total numbers of the following for the
Automatic Tests method:
- Instances Number of nodes to which this call
pertains.
- Completed Number of nodes on which this test was
completed.
- Violations Number of violations found by this testing.
with each call to the entrypoint summarizing the results for a single
grouping (by Test, Comment Instance, Comment Instance then Test,
Remediation Responsibility or Remediation Completion Date).
A Boolean value returned by this entrypoint indicates whether
processing of this report should continue. A value of FALSE will
terminate processing.
COMPENSATING_CONTROL_DETAIL
Accept detailed compensating control information for report formatting.
Format
COMPENSATING_CONTROL_DETAIL
POLICY_NUMBER, POLICY_NAME, NODE_NAME, GROUP_NAME,
COMPENSATING_CONTROL_NAME, COMMENT_INSTANCE, COMPLETED, ASKED,
SATISFIED
RETURNS
|
VMS usage:
|
boolean
|
|
type:
|
byte (unsigned)
|
|
access:
|
write only
|
|
mechanism:
|
by value
|
Arguments
POLICY_NUMBER
|
VMS usage:
|
longword_unsigned
|
|
type:
|
unsigned longword
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Number that can be used as an index into an array of
policies used in the assessment whose
results are being reported.
POLICY_NAME
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 39)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
Name of the LJK/Security policy to which this detail
applies.
NODE_NAME
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 39)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
Name of the node to which this Compensating Control
applies.
GROUP_NAME
|
VMS usage:
|
char_string
|
|
type:
|
character string
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
Name of the Compensating Control group under which this item is
classified.
COMPENSATING_CONTROL_NAME
|
VMS usage:
|
char_string
|
|
type:
|
character string
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
Name of the Compensating Control to which this call applies.
COMMENT_INSTANCE
|
VMS usage:
|
char_string
|
|
type:
|
character string (maximum length 80)
|
|
access:
|
read only
|
|
mechanism:
|
by descriptor
|
The particular external rule which is the subject of this entrypoint
call.
COMPLETED
|
VMS usage:
|
boolean
|
|
type:
|
byte (unsigned)
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Testing of this item has been processed.
ASKED
|
VMS usage:
|
boolean
|
|
type:
|
byte (unsigned)
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Testing of this item was conducted.
SATISFIED
|
VMS usage:
|
boolean
|
|
type:
|
byte (unsigned)
|
|
access:
|
read only
|
|
mechanism:
|
by reference
|
Testing of this item was violation-free.
Description
This entrypoint provides detailed information for Compensating Controls
including whether they have been
- Completed
- Asked
- Satisfied (always equal to Completed for Compensating Controls)