LJK/Security Reference Manual

OBJCREATE

Determine whether enabling of alarms or audits for disk file creation event conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	File creation security alarms are enabled in violation of policy
ALREQUIRE	File creation security alarms are disabled in violation of policy
AUPROHIBIT	File creation security audits are enabled in violation of policy
AUREQUIRE	File creation security audits are disabled in violation of policy

Description

Use of the qualifiers /CLASS=FILE and /ENABLE=CREATE with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when a disk file is created.

Default policy Enabling of File creation security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of File creation security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations Disk file creation is a frequent event in many environments.

OBJDEACC

Determine whether enabling of alarms or audits for disk file deaccess event conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	File deaccess security alarms are enabled in violation of policy
ALREQUIRE	File deaccess security alarms are disabled in violation of policy
AUPROHIBIT	File deaccess security audits are enabled in violation of policy
AUREQUIRE	File deaccess security audits are disabled in violation of policy

Description

Use of the qualifiers /CLASS=FILE and /ENABLE=DEACCESS with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when a disk file is deaccessed.

Default policy Enabling of File deaccess security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of File deaccess security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations Disk file deaccess is a frequent event in almost all environments.

OBJDELETE

Determine whether enabling of alarms or audits for disk file deletion event conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	File deletion security alarms are enabled in violation of policy
ALREQUIRE	File deletion security alarms are disabled in violation of policy
AUPROHIBIT	File deletion security audits are enabled in violation of policy
AUREQUIRE	File deletion security audits are disabled in violation of policy

Description

Use of the qualifiers /CLASS=FILE and /ENABLE=DELETE with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when a disk file is deleted.

Default policy Enabling of File deletion security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of File deletion security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations Disk file deletion is a frequent event in most environments.

PRCCANWAK

Determine whether enabling of alarms or audits for privileged use of $CANWAK conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	CANWAK security alarms are enabled in violation of policy
ALREQUIRE	CANWAK security alarms are disabled in violation of policy
AUPROHIBIT	CANWAK security audits are enabled in violation of policy
AUREQUIRE	CANWAK security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=CANWAK with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privileged use is made of the $CANWAK system service.

Default policy Enabling of CANWAK security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of CANWAK security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations Concern about this event is typically only for specialized environments or for troubleshooting.

PRCCPUCAP

Determine whether enabling of alarms or audits for change in CPU capabilities conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	CPU Capability security alarms are enabled in violation of policy
ALREQUIRE	CPU Capability security alarms are disabled in violation of policy
AUPROHIBIT	CPU Capability security audits are enabled in violation of policy
AUREQUIRE	CPU Capability security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=SUSPND with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privileged use is made of the $SUSPND system service.

Default policy Enabling of CPU Capability security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of CPU Capability security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations Concern about this event is typically only for specialized environments or for troubleshooting.

PRCCREPRC

Determine whether enabling of alarms or audits for all use of $CREPRC conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	CREPRC security alarms are enabled in violation of policy
ALREQUIRE	CREPRC security alarms are disabled in violation of policy
AUPROHIBIT	CREPRC security audits are enabled in violation of policy
AUREQUIRE	CREPRC security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=CREPRC with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when any process creation takes place.

Default policy Enabling of CREPRC security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of CREPRC security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations This type of event is common in most environments.

PRCDELPRC

Determine whether enabling of alarms or audits for all use of $DELPRC conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	DELPRC security alarms are enabled in violation of policy
ALREQUIRE	DELPRC security alarms are disabled in violation of policy
AUPROHIBIT	DELPRC security audits are enabled in violation of policy
AUREQUIRE	DELPRC security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=DELPRC with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when any process deletion takes place.

Default policy Enabling of DELPRC security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of DELPRC security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations This type of event is common in most environments.

PRCFORCEX

Determine whether enabling of alarms or audits for privileged use of $FORCEX conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	FORCEX security alarms are enabled in violation of policy
ALREQUIRE	FORCEX security alarms are disabled in violation of policy
AUPROHIBIT	FORCEX security audits are enabled in violation of policy
AUREQUIRE	FORCEX security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=FORCEX with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privileged use is made of the $FORCEX system service.

Default policy Enabling of FORCEX security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of FORCEX security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations This use of privilege is worth noting in most environments.

Contents

Index