LJK/Security Reference Manual

Appendix B
Tributary Node Installation

This appendix shows a sample installation of LJK/Security on a tributary node.

$ COPY SECAXP"jones qxoytrwxfk"::LJK$SECURITY_POLICY_AREA:LJK_SECURITY.% SYS$LOGIN: $ @SYS$UPDATE:VMSINSTAL * SYS$LOGIN: OpenVMS AXP Software Product Installation Procedure V7.3 It is 11-FEB-2005 at 21:21. Enter a question mark (?) at any time for help. %VMSINSTAL-W-NOTSYSTEM, You are not logged in to the SYSTEM account. %VMSINSTAL-W-ACTIVE, The following processes are still active: LJK * Do you want to continue anyway [NO]? YES * Are you satisfied with the backup of your system disk [YES]? YES The following products will be processed: LJK_SECURITY V0.0 Beginning installation of LJK_SECURITY V0.0 at 21:21 %VMSINSTAL-I-RESTORE, Restoring product save set A ... %VMSINSTAL-I-RELMOVED, Product's release notes have been moved to SYS$HELP. Username LJK$SECURITY must be assigned to a unique UIC group on this node (or VAXcluster). The UIC value [n,1] will be assigned, where n is the octal number between 11 and 37776 which you specify. * What UIC group should be used for username LJK$SECURITY: 25 The following files will be added or replaced: SYS$COMMON:[SYSEXE]LJK$SECURITY.COM; SYS$COMMON:[SYSEXE]LJK$SECURITY_AXP.EXE; SYS$COMMON:[SYSMSG]LJK$MESSAGES_AXP.EXE; SYS$COMMON:[SYSHLP]LJK$SECURITY_TRIBUTARY_000.RELEASE_NOTES; SYS$COMMON:[SYSLIB]LJK$SECURITY_SHARE_AXP.EXE; SYS$COMMON:[SYSLIB]LJK$SECURITY_VMS_SHARE_AXP.EXE; SYS$COMMON:[SYSLIB]LJK$SECURITY_VMSV010_SHARE_AXP.EXE; SYS$COMMON:[SYSLIB]LJK$SECURITY_VMSV015_SHARE_AXP.EXE; SYS$COMMON:[SYSLIB]LJK$SECURITY_VMSV061_SHARE_AXP.EXE; SYS$COMMON:[SYSLIB]LJK$SECURITY_VMSV070_SHARE_AXP.EXE; SYS$COMMON:[SYSLIB]LJK$SECURITY_VMSV071_SHARE_AXP.EXE; SYS$COMMON:[SYSLIB]LJK$SECURITY_VMSV072_SHARE_AXP.EXE; SYS$COMMON:[SYSLIB]LJK$SECURITY_VMSV073_SHARE_AXP.EXE; SYS$COMMON:[SYS$STARTUP]LJK$SECURITY_STARTUP.COM; The following files will be modified: SYS$COMMON:[SYS$STARTUP]VMS$LAYERED.DAT; All questions have been asked. %VMSINSTAL-I-RESTORE, Restoring product save set B ... The remainder of the installation will take 5 minutes on a stand-alone MicroVAX-II. %LJK_SECURITY-I-STARTUP, Adding LJK$SECURITY_STARTUP.COM to VMS Startup database %VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named LJK$SECURITY. %UAF-I-MDFYMSG, user record(s) updated %VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named LJK$SECURITY. %UAF-I-MDFYMSG, user record(s) updated %VMSINSTAL-I-MOVEFILES, Files will now be moved to their target directories... %DCL-S-SPAWNED, process USER_1 spawned %DCL-S-ATTACHED, terminal now attached to process USER_1 %LJK-I-CREATEACT, Created detached action process 56C001C4 at 11-FEB-2005 21:23:24.46 %DCL-S-RETURNED, control returned to process USER Installation of LJK_SECURITY V0.0 completed at 21:23 Adding history entry in VMI$ROOT:[SYSUPD]VMSINSTAL.HISTORY Creating installation data file: VMI$ROOT:[SYSUPD]LJK_SECURITY000.VMI_DATA VMSINSTAL procedure done at 21:23

Installing on Shared System Disks

If you install LJK/Security on one system to run it also on other systems that share that system disk, you should issue the following command on each additional system sharing that system disk:

$ MCR SYSMAN STARTUP ADD FILE LJK$SECURITY_STARTUP.COM/MODE=DIRECT/PHASE=END

Appendix C
Moving the Software

This appendix tells how to move the software to a different node.

C.1 Removing LJK/Security Software

Removing LJK/Security from a system can only be done with the Command Interface. There is no corresponding Window Interface or Menu Interface selection, since removing the software is a major action which could have undesirable consequences. You should plan carefully before taking this step.

To remove the software, issue the command:

MCR LJK$SECURITY REMOVE

That command requires full system management privileges (e.g., SETPRV), as well as the identifier LJK$SECURITY_ROLE_STARTUP, LJK$SECURITY_REMOVE or LJK$SECURITY_ALL.

C.1.1 Removing from a Tributary Node

The major purpose for removing the software is to allow installation on a different node, because of changes in your organization's priorities or the purpose for which you are using various machines. (This technique is obviously only necessary when the size of your LJK/Security license covers fewer nodes than the total number of VMS systems you own.)

The terms of the LJK/Security end-user license allow you to move the software from one node to another a maximum of once per month. Depending upon your environment there may also be technical enforcement measures taken by LJK/Security to prevent the software from being moved more often that once per month.

C.1.2 Removing from a Master Node

In addition to the considerations list above for tributary nodes, removing the LJK/Security software from a master node means that software will have to be reinstalled on all tributary nodes, since the copy of LJK/Security software installed on tributary nodes specifies that they are only to respond to requests from a particular master node. This measure is taken to protect against attempts by unauthorized nodes with a copy of the LJK/Security software from learning security vulnerabilities which are supposed to be reported only to the designated master node.

Appendix D
Demonstration

This appendix describes an LJK/Security demonstration license offered at certain Trade Shows.

LJK Software issues short term licenses to demonstrate LJK/Security.

If you have received a CD-ROM disc, with LJK/Security software, you can use the following methods to obtain a one time demonstration license. Since this license is for a limited time period, you should not excercise this option until you know what date you would like your demonstration period to begin.

Once you have selected a date, contact LJK Software using one of the following methods:

Mail
Fill in the information in the list below, mailing a copy of this page to:
- LJK Software
- Attention: LJK/Security Demonstration Offer
- 233 Needham Street, Suite 300
- Newton, MA 02464-1502
Internet Electronic Mail
Fill in the information in the list below and send via internet email to the username Sales in the commercial domain LJK.

Organization Name
Individual Name
Address
City, State ZIP
Country
Telephone
Desired start of 2 week demonstration period

Appendix E
Other VMS Security Considerations

This appendix lists VMS security considerations not amenable to generalized automatic processing by products such as LJK/Security.

The following considerations external to the VMS system itself can have a powerful influence on system security (or lack thereof):

Termination of Employees
In order to ensure that employee accounts are disabled when an individual leaves the organization, it is essential to ensure there is notification of account administrators when employees leave, regardless of whether or not the departure is voluntary. This may be trivial in small organizations, but in larger settings where formal notification is crucial, there may be privacy considerations (particularly regarding involuntary terminations) to be addressed.
With multiple autonomous account administrators handling various nodes in a network, it may not even be obvious to administrators handling employee departures as to which computer administrators need to be notified regarding a particular employee.
Employee Responsibility Changes
Even when employees remain within a large organization, their duties may shift which changes the sets of data for which they should be authorized access. Periodic review by line managers of who has been granted identifiers to access their data is often advised.
Authorization for Usernames, Identifiers and Privileges
Usernames, identifiers and privileges should not be granted on a permanent basis. Periodic review and re-authorization should be required in order to ensure there is a continuing need.

Appendix F
Files Created by LJK/Security

This appendix lists the files created by LJK/Security installation and operation.

As used below, names of the form LJK$SECURITY_*_xxx.EXE stand for both LJK$SECURITY_*_AXP.EXE and LJK$SECURITY_*_VAX.EXE.

F.1 Naming Conventions

All files created by LJK/Security, except for user-specified output files, have the DEC-registered facility name "LJK" at the start of either the file name or file type:

Files of standard types (e.g., ".EXE", ".COM") have a file name which begins with "LJK$SECURITY_".
Files whose types are specific to LJK/Security have a file type which begins with ".LJK$SECURITY_".

Likewise, logical names created by LJK/Security start with "LJK$SECURITY_".

The sequence LJK is also registered as an Organization Name with the MIT X Consortium to form a valid prefix for names stored in DECwindows servers.

F.2 Standard File Types

The files in Table F-1, Files Created, Table F-2, Files modified and Table F-3, DEC AXP Runtime files delivered result from running VMSINSTAL to install LJK/Security:

On the master node, both the AXP and VAX forms of files are always present (so appropriate software can be provided to either form of tributary). On tributary nodes only one form of file is present.

Table F-1 Files Created
File Storage Area

LJK$SECURITY_xxx.EXE SYS$COMMON:[SYSEXE]

LJK_SECURITY_031.RELEASE_NOTES SYS$COMMON:[SYSHLP]

LJK_SECURITY_BUGFIX_031.RELEASE_NOTES SYS$COMMON:[SYSHLP]

LJK$SECURITY_DECWHELP.HLB SYS$COMMON:[SYSHLP]

LJK$SECURITY_DECW_SHARE_xxx.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_SHARE_xxx.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_TEXT_SHARE_xxx.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_VMS_SHARE_xxx.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_VMSV010_SHARE_AXP.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_VMSV061_SHARE_AXP.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_VMSV070_SHARE_AXP.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_VMSV071_SHARE_AXP.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_VMSV071_SHARE_AXP.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_VMSV072_SHARE_AXP.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_VMSV073_SHARE_AXP.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_VMSV040_SHARE_VAX.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_VMSV050_SHARE_VAX.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_VMSV054_SHARE_VAX.EXE SYS$COMMON:[SYSLIB]

LJK$SECURITY_DECW.UID SYS$COMMON:[SYSLIB]

LJK$SECURITY_STARTUP.COM SYS$COMMON:[SYSMGR] (VMS V4.n)

SYS$COMMON:[SYS$STARTUP] (other than VMS V4.n)

LJK$SECURITY_VUE.COM SYS$COMMON:[VUE$LIBRARY.USER]

LJK$SECURITY_WORDS.DAT LJK$SECURITY_POLICY_AREA:

LJK$SECURITY_LJKS-REF-V031.DECW$BOOK LJK$SECURITY_POLICY_AREA:

LIBRARY.DECW$BOOKSHELF LJK$SECURITY_POLICY_AREA:

**Table F-1 Files Created**
File	Storage Area
LJK$SECURITY_xxx.EXE	SYS$COMMON:[SYSEXE]
LJK_SECURITY_031.RELEASE_NOTES	SYS$COMMON:[SYSHLP]
LJK_SECURITY_BUGFIX_031.RELEASE_NOTES	SYS$COMMON:[SYSHLP]
LJK$SECURITY_DECWHELP.HLB	SYS$COMMON:[SYSHLP]
LJK$SECURITY_DECW_SHARE_xxx.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_SHARE_xxx.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_TEXT_SHARE_xxx.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_VMS_SHARE_xxx.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_VMSV010_SHARE_AXP.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_VMSV061_SHARE_AXP.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_VMSV070_SHARE_AXP.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_VMSV071_SHARE_AXP.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_VMSV071_SHARE_AXP.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_VMSV072_SHARE_AXP.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_VMSV073_SHARE_AXP.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_VMSV040_SHARE_VAX.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_VMSV050_SHARE_VAX.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_VMSV054_SHARE_VAX.EXE	SYS$COMMON:[SYSLIB]
LJK$SECURITY_DECW.UID	SYS$COMMON:[SYSLIB]
LJK$SECURITY_STARTUP.COM	SYS$COMMON:[SYSMGR] (VMS V4.n)
	SYS$COMMON:[SYS$STARTUP] (other than VMS V4.n)
LJK$SECURITY_VUE.COM	SYS$COMMON:[VUE$LIBRARY.USER]
LJK$SECURITY_WORDS.DAT	LJK$SECURITY_POLICY_AREA:
LJK$SECURITY_LJKS-REF-V031.DECW$BOOK	LJK$SECURITY_POLICY_AREA:
LIBRARY.DECW$BOOKSHELF	LJK$SECURITY_POLICY_AREA:

Table F-2 Files modified
File Storage Area

HELPLIB.HLB SYS$COMMON:[SYSHLP]

DCLTABLES.EXE SYS$COMMON:[SYSLIB] (new version created)

VMS$LAYERED.DAT SYS$COMMON:[SYS$STARTUP] (not under VMS V4.n)

**Table F-2 Files modified**
File	Storage Area
HELPLIB.HLB	SYS$COMMON:[SYSHLP]
DCLTABLES.EXE	SYS$COMMON:[SYSLIB] (new version created)
VMS$LAYERED.DAT	SYS$COMMON:[SYS$STARTUP] (not under VMS V4.n)

Table F-3 DEC AXP Runtime files delivered
File Storage Area

DEASSIGN_ADA_LOGICALS.COM SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]

DEFINE_ADA_LOGICALS.COM SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]

CMA$RTL.EXE SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]

CMA$TIS_SHR.EXE SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]

ADAMSG.EXE SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]

ADARTL.EXE SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]

**Table F-3 DEC AXP Runtime files delivered**
File	Storage Area
DEASSIGN_ADA_LOGICALS.COM	SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]
DEFINE_ADA_LOGICALS.COM	SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]
CMA$RTL.EXE	SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]
CMA$TIS_SHR.EXE	SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]
ADAMSG.EXE	SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]
ADARTL.EXE	SYS$COMMON:[SYSLIB.LJK$SECURITY_AXP_ADA_EXE]

The RTL files are provided for use on Alpha VMS V1.0 and VMS V1.5 where they are not delivered with the operating system. Thus, they must be stored in the designated areas on master nodes as well, even if they are not needed for operation there.

F.3 LJK/Security-specific File Types

According to the names of policies and assessments you create, the files in Table F-4, LJK/Security-specific File Types are created:

Table F-4 LJK/Security-specific File Types
File Type Storage Area

.LJK$SECURITY_POLICY LJK$SECURITY_POLICY_AREA:

.LJK$SECURITY_ASSESSMENT LJK$SECURITY_POLICY_AREA:

.LJK$SECURITY_RESULT LJK$SECURITY_RESULT_AREA:

.LJK$SECURITY_LOCAL_RESULT LJK$SECURITY_ACTION_AREA: or [000000] of removable magnetic media used for transport

The directory for LJK$SECURITY_POLICY_AREA is created with a default version limit of 2, and the directory for LJK$SECURITY_ACTION_AREA is created with no default version limit, but files more than a day old are periodically purged.

**Table F-4 LJK/Security-specific File Types**
File Type	Storage Area
.LJK$SECURITY_POLICY	LJK$SECURITY_POLICY_AREA:
.LJK$SECURITY_ASSESSMENT	LJK$SECURITY_POLICY_AREA:
.LJK$SECURITY_RESULT	LJK$SECURITY_RESULT_AREA:
.LJK$SECURITY_LOCAL_RESULT	LJK$SECURITY_ACTION_AREA: or [000000] of removable magnetic media used for transport

It may be the case that you would want to increase the limit for LJK$SECURITY_POLICY_AREA using the VMS command SET FILE/VERSION to preserve older assessment results. LJK Software recommends, however, that such preservation be done by having multiple assessments for succeeding assessment cycles.

Contents

Index