LJK/Security Reference Manual

Chapter 12

12 Answering Questions for Non-Automated Assessment Methods

     12.1     Finding Questions Assigned to You

         12.1.1         Automatic Notification of Questions Assigned to You

     12.2     Specifying Particular Assessment Methods

     12.3     Specifying a Particular Question Group

     12.4     Answering All Questions Regardless of Assessment Method

     12.5     Confirmation After Answering a Group of Questions

     12.6     Seeing the Questions in Advance

     12.7     Adding Free-Form Remarks to Your Answers

Part

Part Appendices

Appendix A

Appendix A Master Node Installation

Appendix B

Appendix B Tributary Node Installation

Appendix C

Appendix C Moving the Software

     C.1     Removing LJK/Security Software

         C.1.1         Removing from a Tributary Node

         C.1.2         Removing from a Master Node

Appendix D

Appendix D Demonstration

Appendix E

Appendix E Other VMS Security Considerations

Appendix F

Appendix F Files Created by LJK/Security

     F.1     Naming Conventions

     F.2     Standard File Types

     F.3     LJK/Security-specific File Types

Appendix G

Appendix G Bug Reports

     G.1     Isolating the Problem

     G.2     Log Files

     G.3     Getting an Initial Opinion

     G.4     Collecting information for LJK Software

Appendix H

Appendix H Hints and Kinks

     H.1     LJK/Security Version Compatibility

     H.2     Tributary node disk space

         H.2.1         With disk quotas

         H.2.2         Without disk quotas

     H.3     Changing Template Terminal UCB Characteristics

     H.4     Autologin file record length

     H.5     Avoiding PRODUCT INSTALL

     H.6     REPORT output

     H.7     Renaming and Copying Files

     H.8     DCL Symbol Processing

     H.9     Hexadecimal Alarms After Upgrading LJK/Security

     H.10     Analyzing Network Problems

         H.10.1         SS$_LINKEXIT

             H.10.1.1             No such file as NETSERVER.LOG

             H.10.1.2             SS$_STKOVF

     H.11     Analyzing Installation and Licensing Problems

         H.11.1         LJK$_NOMASTER

Appendix I

Appendix I Use of Privilege by LJK/Security

     I.1     Reading and Writing Policy, Assessment Result and Working Files

     I.2     Reading the User Authorization File

     I.3     Getting a List of All Devices

     I.4     Checking Metadata for All Disk Files

     I.5     Checking Disk Quota Values

     I.6     Synchronizing between LJK/Security Processes

     I.7     Setting up LJK/Security DECnet Object Database Entries

     I.8     Reading DECnet Database Entries

     I.9     Creating Detached LJK/Security Processes

     I.10     Reading Files for Kit Building

     I.11     Parsing the User Authorization File Specification

     I.12     Reading Accounting State

     I.13     Reading Audit State

     I.14     Reading Device Access Control Lists

     I.15     Reading Terminal Access Control Lists

     I.16     Reading the System Rights List

     I.17     Reading the list of Installed Images

     I.18     Highwater Marking and Erase-on-Delete

     I.19     Checking Privilege

     I.20     System Owned Locks

     I.21     Creating detached processes running LOGINOUT

     I.22     Calling SYS$IDTOASC

     I.23     Suppression of Detailed Auditing

     I.24     Waking Detached Processes

     I.25     Calling Report Formatting Images

     I.26     Checking File Presence

     I.27     Close Assessment Files

     I.28     Open or Create Assessment Files

     I.29     Close Assessment Files After Defaulting

     I.30     File Creation Date and Time

     I.31     File Modification Date and Time

     I.32     Open and Close Assessment File for Node List

     I.33     Parse the Name of an Assessment File

     I.34     List Assessments

     I.35     Audit Log Sizes

     I.36     Audit Server Configuration

     I.37     Device Lock Name

     I.38     File ID

     I.39     Remote Result Files

     I.40     Final Result Files

     I.41     Define Facility-Specific Identifiers

     I.42     Delete On Close

     I.43     Window Files

     I.44     Node File

     I.45     Node File Close

     I.46     Phase IV Permanent

     I.47     Calling NMLSHR

     I.48     NMLSHR Password Access

     I.49     Mapping Volume Index File

     I.50     Phase V Subprocess

     I.51     Reading Device Characteristics

     I.52     Reading Disk File Metadata

     I.53     Disk Mounted /GROUP

     I.54     Normalized File Name From File ID

     I.55     System-Owned Lock

     I.56     Monitor Locks

     I.57     Read Queues

     I.58     Read Queues

     I.59     Read Usage

     I.60     Read SYS$ANNOUNCE

     I.61     Read SYS$LOGIN directory creation dates

     I.62     Create a Template Policy File

Chapter 12
12	Answering Questions for Non-Automated Assessment Methods
12.1	Finding Questions Assigned to You
12.1.1	Automatic Notification of Questions Assigned to You
12.2	Specifying Particular Assessment Methods
12.3	Specifying a Particular Question Group
12.4	Answering All Questions Regardless of Assessment Method
12.5	Confirmation After Answering a Group of Questions
12.6	Seeing the Questions in Advance
12.7	Adding Free-Form Remarks to Your Answers
Part
Part	Appendices
Appendix A
Appendix A	Master Node Installation
Appendix B
Appendix B	Tributary Node Installation
Appendix C
Appendix C	Moving the Software
C.1	Removing LJK/Security Software
C.1.1	Removing from a Tributary Node
C.1.2	Removing from a Master Node
Appendix D
Appendix D	Demonstration
Appendix E
Appendix E	Other VMS Security Considerations
Appendix F
Appendix F	Files Created by LJK/Security
F.1	Naming Conventions
F.2	Standard File Types
F.3	LJK/Security-specific File Types
Appendix G
Appendix G	Bug Reports
G.1	Isolating the Problem
G.2	Log Files
G.3	Getting an Initial Opinion
G.4	Collecting information for LJK Software
Appendix H
Appendix H	Hints and Kinks
H.1	LJK/Security Version Compatibility
H.2	Tributary node disk space
H.2.1	With disk quotas
H.2.2	Without disk quotas
H.3	Changing Template Terminal UCB Characteristics
H.4	Autologin file record length
H.5	Avoiding PRODUCT INSTALL
H.6	REPORT output
H.7	Renaming and Copying Files
H.8	DCL Symbol Processing
H.9	Hexadecimal Alarms After Upgrading LJK/Security
H.10	Analyzing Network Problems
H.10.1	SS$_LINKEXIT
H.10.1.1	No such file as NETSERVER.LOG
H.10.1.2	SS$_STKOVF
H.11	Analyzing Installation and Licensing Problems
H.11.1	LJK$_NOMASTER
Appendix I
Appendix I	Use of Privilege by LJK/Security
I.1	Reading and Writing Policy, Assessment Result and Working Files
I.2	Reading the User Authorization File
I.3	Getting a List of All Devices
I.4	Checking Metadata for All Disk Files
I.5	Checking Disk Quota Values
I.6	Synchronizing between LJK/Security Processes
I.7	Setting up LJK/Security DECnet Object Database Entries
I.8	Reading DECnet Database Entries
I.9	Creating Detached LJK/Security Processes
I.10	Reading Files for Kit Building
I.11	Parsing the User Authorization File Specification
I.12	Reading Accounting State
I.13	Reading Audit State
I.14	Reading Device Access Control Lists
I.15	Reading Terminal Access Control Lists
I.16	Reading the System Rights List
I.17	Reading the list of Installed Images
I.18	Highwater Marking and Erase-on-Delete
I.19	Checking Privilege
I.20	System Owned Locks
I.21	Creating detached processes running LOGINOUT
I.22	Calling SYS$IDTOASC
I.23	Suppression of Detailed Auditing
I.24	Waking Detached Processes
I.25	Calling Report Formatting Images
I.26	Checking File Presence
I.27	Close Assessment Files
I.28	Open or Create Assessment Files
I.29	Close Assessment Files After Defaulting
I.30	File Creation Date and Time
I.31	File Modification Date and Time
I.32	Open and Close Assessment File for Node List
I.33	Parse the Name of an Assessment File
I.34	List Assessments
I.35	Audit Log Sizes
I.36	Audit Server Configuration
I.37	Device Lock Name
I.38	File ID
I.39	Remote Result Files
I.40	Final Result Files
I.41	Define Facility-Specific Identifiers
I.42	Delete On Close
I.43	Window Files
I.44	Node File
I.45	Node File Close
I.46	Phase IV Permanent
I.47	Calling NMLSHR
I.48	NMLSHR Password Access
I.49	Mapping Volume Index File
I.50	Phase V Subprocess
I.51	Reading Device Characteristics
I.52	Reading Disk File Metadata
I.53	Disk Mounted /GROUP
I.54	Normalized File Name From File ID
I.55	System-Owned Lock
I.56	Monitor Locks
I.57	Read Queues
I.58	Read Queues
I.59	Read Usage
I.60	Read SYS$ANNOUNCE
I.61	Read SYS$LOGIN directory creation dates
I.62	Create a Template Policy File

Contents

Index