LJK/Security Reference Manual

Chapter 5
Command Interface

This chapter lists the commands available for traditional DCL-style control of LJK/Security.

Although all LJK/Security functions can be controlled through this command interface, a more visually oriented interface is preferable for day-to-day interaction with the software. For the special cases of control from a batch job or command procedure, however, the command interface described in this chapter is necessary.

5.1 Command Summary

LJK/Security commands can be divided into three basic groups:

Miscellaneous
Those which are used for installation and removal of LJK/Security software, as well as the HELP command.
- HELP
- KIT_BUILD
- REMOVE
- SHUTDOWN
Operating Commands
Those which are used for basic operation of LJK/Security such as running assessments and reporting results:
- CANCEL <name>
- REPORT <name>
- RUN <name>
- STOP <name>
Customization Commands
Those used to changes policies and the assessments which govern the application of those policies to particular nodes.
- CREATE (assessment or policy) <name>
- MODIFY (assessment or policy) <name>
- SHOW (assessment or policy) <name>

5.2 Command Formats

In a situation where the command interface is to be used, there are two distinct methods for using it.

DCL Command Format
Commands are given directly from the DCL prompt ($ by default).
This format has the advantage of allowing DCL symbol substitution for parameterized execution of rote functions.
Subsystem Command Format
The command LJK/SECURITY is given first to get into LJK/Security, where subsequent commands are given in response to the prompt LJKSÑ.
This format has the performance advantage of only incurring one VMS Image Activation for a whole series of LJK/Security functions.

In the command descriptions shown in the following pages both the DCL Command Format and the Subsystem Command Format are shown.

An additional format is shown for the HELP command, since help information about LJK/Security is stored in the main HELP library and can therefore be accessed by the DCL HELP command.

While LJK/Security returns meaningful status to DCL, the code may have the INHIB_MSG bit set or it may be clear. Those who write command procedures handling the status returned by LJK/Security should always discount that bit before making comparisons.

Note

Commands similar to the ones shown in this chapter are used on tributary nodes to activate LJK/Security software, but the command interface documented here is available only on the master node (or as an installation option, on nodes in the same VAXcluster or VMScluster with the master node).

5.3 Name Formats

Policy and assessment names selected by the user can be a maximum of 39 characters long and can contain only valid VMS filename characters (A-Z, a-z, 0-9, $, _, and -). Handing is not case-sensitive; "A" is equivalent to "a".

Note

Although LJK/Security can use ODS-5 disks on Alpha, restrictions on LJK/Security Policy and assessment names are still those for ODS-2 to provide for compatibility between master and tributary nodes regardless of configuration. In addition, those names cannot contain a dollar sign.

Node names may be:

The DECnet node name (six character maximum)
The DECnet node number (e.g., 2073)
Some string 39 characters or less which does not match either of the above syntax specifications in cases where no DECnet connection is available to the specified tributary node from the master node

Use of a DECnet node name to specify a tributary node does not require that DECnet be used for LJK/Security communications to that tributary node from the master node.

Note

Cluster alias node names may not be used to specify node names to LJK/Security. Results are unpredictable if this is done.

5.4 Privileges Required to Invoke Commands

The privileges required to invoke LJK/Security depend on what version of VMS is running. On versions of VMS which do not support facility-specific identifiers (those prior to VAX VMS V6.0), the SECURITY privilege is required to invoke LJK/Security commands.

The SECURITY privilege is also required on versions of VMS which nominally support facility-specific identifiers when a particular system does not contains a Rights Database (RIGHTSLIST.DAT).

5.4.1 Facility-specific identifiers

Through the use of facility-specific identifiers, individual LJK/Security users can be authorized to use specific features of the product but not other features.

LJK/Security-specific identifiers are automatically added to the Rights Database on LJK/Security Startup if they are not already present from a previous startup.

Role-based identifiers
The simplest control over the use of specific LJK/Security features is to grant authorized individuals the role-based identifiers:
- LJK$SECURITY_ROLE_REVIEW
  This identifier should be granted to individuals authorized to review the results of LJK/Security assessments with appropriate menu or window functions or the commands:
  - REPORT
  - SHOW ASSESSMENT
  - SHOW POLICY
- LJK$SECURITY_ROLE_OPERATE
  This identifier should be granted to individuals authorized to control the operation of LJK/Security with appropriate menu or window functions or the commands:
  - CANCEL
  - KIT_BUILD
  - RUN
  - STOP
- LJK$SECURITY_ROLE_POLICY
  This identifier should be granted to individuals authorized to modify LJK/Security policies with appropriate menu or window functions or the commands:
  - CREATE ASSESSMENT
  - CREATE POLICY
  - MODIFY ASSESSMENT
  - MODIFY POLICY
  - SHOW ASSESSMENT
  - SHOW POLICY
- LJK$SECURITY_ROLE_STARTUP
  This identifier might be granted to individuals authorized to manipulate LJK/Security in abnormal circumstances. There are generally few situations which require use of this identifier or the commands it governs:
  - REMOTE
  - REMOVE
  - SHUTDOWN
Command-based identifiers
In situations where the LJK/Security-specific role-based identifiers listed above do not provide the degree of granularity required, it is possible to grant the command-based identifiers:
- LJK$SECURITY_CANCEL
- LJK$SECURITY_CREATE_ASSESSMENT
- LJK$SECURITY_CREATE_POLICY
- LJK$SECURITY_KIT_BUILD
- LJK$SECURITY_MODIFY_ASSESSMENT
- LJK$SECURITY_MODIFY_POLICY
- LJK$SECURITY_REMOTE
- LJK$SECURITY_REMOVE
- LJK$SECURITY_REPORT
- LJK$SECURITY_RUN
- LJK$SECURITY_SHOW_ASSESSMENT
- LJK$SECURITY_SHOW_NODES
- LJK$SECURITY_SHOW_POLICY
- LJK$SECURITY_SHUTDOWN
- LJK$SECURITY_STOP
An example of a situation where that increased granularity might be desired is if an individual was authorized to choose the assignment of various policies to nodes within assessments, but not to modify those policies.
Blanket identifier
Where no distinction is to be made between the LJK/Security functions which can be invoked by a particular individual, a blanket identifier can be granted.
- LJK$SECURITY_ALL

5.5 Forcing Use of the Command Interface

The DCL command to run LJK/Security in Subsystem Command Format is:

LJK/SECURITY

which is the same as the command to run LJK/Security using a non-command interface.

Under normal circumstance, LJK/Security will use the most "advanced" interface possible for the current command device. To force the use of another interface, you can disable the selection of particular non-command interfaces through the use of individual qualifiers:

/INTERFACE=CHARACTER_CELL
Prevents the use of the Window Interface.
/NOSMG
Prevents the use of the Menu Interface.

Specify both of those together if you are on a fully capable DECwindows device and want to use Subsystem Command format. If this is a frequent situation for you, a DCL symbol might be appropriate:

$ LJKCMD == "LJK/SECURITY /INTERFACE=CHARACTER_CELL/NOSMG"

5.6 Using the Command Interface on a New Installation

5.6.1 Preparing the Default Policy and Default Assessment

Log back into the master node under a username which has the facility-specific identifier LJK$SECURITY_ROLE_POLICY or is otherwise authorized as discussed in Section 5.4.
Create the default policy with the command:
$ LJK/SECURITY CREATE POLICY DEFAULT
Add an exemption with the command:
$ LJK/SECURITY MODIFY POLICY DEFAULT/EXEMPTION=(*,SYSTEM) - /TEST=(UAF,PRIVLEVEL,ABSOLUTHI)/VALUE="Category-All"
Wildcarding a node name for a specific username across all systems typically requires great faith in your organization's mechanism for assigning usernames. In the case of SYSTEM, however, it is not a problem.
Create the default assessment with the command:
$ LJK/SECURITY CREATE ASSESSMENT DEFAULT
Modify the default assessment to include each tributary node, using the command:
$ LJK/SECURITY MODIFY ASSESSMENT DEFAULT/NODE=mynode
once for each tributary node. Alternatively, you can use the single command:
$ LJK/SECURITY MODIFY ASSESSMENT DEFAULT/NODE=*
providing that all the following are true:
1. your license size is large enough to cover all VMS nodes in your network
2. you have installed the LJK/Security software on all those nodes
3. the username under which you are logged in is able to access appropriate DECnet network databases

Note

The name DEFAULT used above for policy and assessment names gets special treatment by LJK/Security. The policy named DEFAULT is used as the basis for creating other policies and the assessment named DEFAULT is used as the basis for creating other assessments.

Tremendous numbers of violation reports can be generated by the DISK facility, so as a brand new user of LJK/Security you will likely have an easier time devising your initial policies if you start with the DISK facility disabled. Enable the DISK facility again after you are happy with results from the rest of your policy.

5.6.2 Running the Default Assessment

Start the default assessment running with the command:
$ LJK/SECURITY RUN DEFAULT
Check on the status of the default assessment with the command:
$ LJK/SECURITY REPORT DEFAULT/STATUS
The program will respond with an indication of whether the default assessment has completed running. So long as you have received the VMS prompt (typically a dollar-sign, "$") you can log out and then log in later to check the status.
Running an assessment will take at least 10 minutes and can be considerably longer depending on how many usernames are authorized for each tributary node and how many files are on disk.

Get the results of the default assessment with the command:

$ LJK/SECURITY REPORT DEFAULT

which produces output of the form:

Node BIGVAX Username SMITH has maximum queueing priority of 0 which is lower than minimum of 200 Node BIGVAX Username JONES has disable mail notification flag Node BIGVAX Username DBM$REMOTE has disable mail delivery flag

5.7 Detailed Specification of Individual Commands

The following pages in this chapter contains full documentation of individual commands available in the Command Interface.

CANCEL

Cancel future collection of security data from remote nodes.

Format

$ LJK/SECURITY CANCEL -

assessment-name

or
LJKSÑ CANCEL -

assessment-name

Command Qualifiers	Defaults
None.	None.

restrictions

You must have the facility-specific identifier LJK$SECURITY_ROLE_OPERATE, LJK$SECURITY_CANCEL or LJK$SECURITY_ALL.
On systems prior to VAX VMS V6.0 or systems which do not have a Rights Database (RIGHTSLIST.DAT), you must have the SECURITY privilege.

Parameters

assessment-name
Name of the assessment.

Description

Cancel the future scheduled collection of security data from tributary nodes for a particular assessment.
This does not affect any current collection of the specified assessment. That is accomplished with the STOP command.

Qualifiers

None.

Example


$ LJK/SECURITY CANCEL MY_SPECIAL

Cancel future collection of assessment MY_SPECIAL from remote nodes.

CREATE ASSESSMENT

Create a new assessment.

Format

$ LJK/SECURITY CREATE ASSESSMENT -

assessment-name

or
LJKSÑ CREATE ASSESSMENT -

assessment-name

Command Qualifiers	Defaults
/[NO]AUDIT	/NOAUDIT
/[NO]DEFAULT	/DEFAULT
/[NO]LOG	/NOLOG

restrictions

You must have the facility-specific identifier LJK$SECURITY_ROLE_POLICY, LJK$SECURITY_CREATE_ASSESSMENT or LJK$SECURITY_ALL.
On systems prior to VAX VMS V6.0 or systems which do not have a Rights Database (RIGHTSLIST.DAT), you must have the SECURITY privilege.

Parameters

assessment-name
Name of the assessment to be created.
As described in Section H.8, DCL Symbol Processing, DCL symbol substitution may be used for this parameter, even when using the Subsystem Command Format.

Description

Creates a new assessment with initial entries optionally taken from the assessment named DEFAULT (if there is any).

Qualifiers

/AUDIT (D)

/NOAUDIT
Specifies that the contents of assessment records automatically created should be displayed, including audit information.
/DEFAULT (D)

/NODEFAULT
Specifies that the contents of the assessment named DEFAULT are to be used for the initial contents of the assessment being created.
/LOG

/NOLOG (D)
Specifies that the contents of assessment records automatically created should be displayed.

Example


$ LJK/SECURITY CREATE ASSESSMENT MY_ASSESSMENT

Create an assessment.


$ LJK/SECURITY CREATE ASSESSMENT MY_ASSESSMENT/NODEFAULT

Create an assessment with no copying of the contents of the assessment named DEFAULT.

CREATE POLICY

Create a new policy with default limits and possibly default disables and exemptions.

Format

$ LJK/SECURITY CREATE POLICY -

policy-name

or
LJKSÑ CREATE POLICY -

policy-name

Command Qualifiers	Defaults
/[NO]AUDIT	/NOAUDIT
/[NO]DEFAULT	/DEFAULT
/[NO]DISABLE	/NODISABLE
/[NO]EXEMPTIONS	/NOEXEMPTIONS
/[NO]LOG	/NOLOG

restrictions

You must have the facility-specific identifier LJK$SECURITY_ROLE_POLICY, LJK$SECURITY_CREATE_POLICY or LJK$SECURITY_ALL.
On systems prior to VAX VMS V6.0 or systems which do not have a Rights Database (RIGHTSLIST.DAT), you must have the SECURITY privilege.

Parameters

policy-name
Name of the policy to be created.
As described in Section H.8, DCL Symbol Processing, DCL symbol substitution may be used for this parameter, even when using the Subsystem Command Format.

Description

Creates a new policy with limits and exemptions taken:

Optionally from the policy named DEFAULT (if there is one) or else:
from program defaults for LJK/Security listed in Chapter 6,LJK/Security Tests.

Qualifiers

/AUDIT (D)

/NOAUDIT
Specifies that the contents of policy records automatically created should be displayed, including audit information.
/DEFAULT (D)

/NODEFAULT
Specifies that the contents of the policy named DEFAULT are to be used for the initial contents of the policy being created.
/DISABLES

/NODISABLES (D)
Specifies that any disables in the policy named DEFAULT be copied to the policy being created. By default, disables are not copied.
/EXEMPTIONS

/NOEXEMPTIONS (D)
Specifies that any exemptions in the policy named DEFAULT be copied to the policy being created. By default, exemptions are not copied.
/LOG

/NOLOG (D)
Specifies that the contents of policy records automatically created should be displayed.

Example


$ LJK/SECURITY CREATE POLICY MY_POLICY

Create a policy with no exemptions.


$ LJK/SECURITY CREATE POLICY MY_POLICY/EXEMPTIONS

Create a policy with exemptions.

Contents

Index

LJK/Security Reference Manual

Chapter 5Command Interface

5.1 Command Summary

5.2 Command Formats

5.3 Name Formats

5.4 Privileges Required to Invoke Commands

5.4.1 Facility-specific identifiers

5.5 Forcing Use of the Command Interface

5.6 Using the Command Interface on a New Installation

5.6.1 Preparing the Default Policy and Default Assessment

5.6.2 Running the Default Assessment

5.7 Detailed Specification of Individual Commands

CANCEL

Format

$ LJK/SECURITY CANCEL -

assessment-name

LJKSÑ CANCEL -

assessment-name

restrictions

Parameters

assessment-name

Description

Qualifiers

Example

CREATE ASSESSMENT

Format

$ LJK/SECURITY CREATE ASSESSMENT -

assessment-name

LJKSÑ CREATE ASSESSMENT -

assessment-name

restrictions

Parameters

assessment-name

Description

Qualifiers

/AUDIT (D)

/NOAUDIT

/DEFAULT (D)

/NODEFAULT

/LOG

/NOLOG (D)

Example

CREATE POLICY

Format

$ LJK/SECURITY CREATE POLICY -

policy-name

LJKSÑ CREATE POLICY -

policy-name

restrictions

Parameters

policy-name

Description

Qualifiers

/AUDIT (D)

/NOAUDIT

/DEFAULT (D)

/NODEFAULT

/DISABLES

/NODISABLES (D)

/EXEMPTIONS

/NOEXEMPTIONS (D)

/LOG

/NOLOG (D)

Example

Chapter 5
Command Interface