LJK/Security Reference Manual

PRCGETJPI

Determine whether enabling of alarms or audits for privileged use of $GETJPI conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	GETJPI security alarms are enabled in violation of policy
ALREQUIRE	GETJPI security alarms are disabled in violation of policy
AUPROHIBIT	GETJPI security audits are enabled in violation of policy
AUREQUIRE	GETJPI security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=GETJPI with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privileged use is made of the $GETJPI system service.

Default policy Enabling of GETJPI security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of GETJPI security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations This use of privilege is probably not worth noting in most environments.

PRCGRANT

Determine whether enabling of alarms or audits for privileged use of $GRANTID conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	GRANTID security alarms are enabled in violation of policy
ALREQUIRE	GRANTID security alarms are disabled in violation of policy
AUPROHIBIT	GRANTID security audits are enabled in violation of policy
AUREQUIRE	GRANTID security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=GRANTID with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privilege is used to grant an identifier to a running process.

Default policy Enabling of GRANTID security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of GRANTID security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations This use of privilege is worth noting in most environments.

PRCPRCAFF

Determine whether enabling of alarms or audits for setting process affinity conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	Process affinity security alarms are enabled in violation of policy
ALREQUIRE	Process affinity security alarms are disabled in violation of policy
AUPROHIBIT	Process affinity security audits are enabled in violation of policy
AUREQUIRE	Process affinity security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=PROCESS_AFFINITY with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when process affinity is changed.

Default policy Enabling of Process affinity security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of Process affinity security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations Concern about this event is typically only for specialized environments or for troubleshooting.

PRCPRCCAP

Determine whether enabling of alarms or audits for setting process capabilities conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	Process capability security alarms are enabled in violation of policy
ALREQUIRE	Process capability security alarms are disabled in violation of policy
AUPROHIBIT	Process capability security audits are enabled in violation of policy
AUREQUIRE	Process capability security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=PROCESS_CAPABILITIES with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when process capabilities are changed.

Default policy Enabling of Process capability security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of Process capability security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations Concern about this event is typically only for specialized environments or for troubleshooting.

PRCPRCTRM

Determine whether enabling of alarms or audits for detection of process termination conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	Process termination detection security alarms are enabled in violation of policy
ALREQUIRE	Process termination detection security alarms are disabled in violation of policy
AUPROHIBIT	Process termination detection security audits are enabled in violation of policy
AUREQUIRE	Process termination detection security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=PRCTERM with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when process termination is detected.

Default policy Enabling of Process termination detection security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of Process termination detection security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations Concern about this event is typically only for specialized environments or for troubleshooting.

PRCRESUME

Determine whether enabling of alarms or audits for privileged use of $RESUME conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	RESUME security alarms are enabled in violation of policy
ALREQUIRE	RESUME security alarms are disabled in violation of policy
AUPROHIBIT	RESUME security audits are enabled in violation of policy
AUREQUIRE	RESUME security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=RESUME with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privileged use is made of the $RESUME system service.

Default policy Enabling of RESUME security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of RESUME security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations Concern about this event is typically only for specialized environments or for troubleshooting.

PRCREVOKE

Determine whether enabling of alarms or audits for privileged use of $REVOKID conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	REVOKID security alarms are enabled in violation of policy
ALREQUIRE	REVOKID security alarms are disabled in violation of policy
AUPROHIBIT	REVOKID security audits are enabled in violation of policy
AUREQUIRE	REVOKID security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=REVOKID with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privilege is used to revoke an identifier from a running process.

Default policy Enabling of REVOKID security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of REVOKID security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations This use of privilege is worth noting in most environments.

PRCSCHDWK

Determine whether enabling of alarms or audits for privileged use of $SCHDWK conforms to policy.

Violation reports

Constraint	Nature of the violation
ALPROHIBIT	SCHDWK security alarms are enabled in violation of policy
ALREQUIRE	SCHDWK security alarms are disabled in violation of policy
AUPROHIBIT	SCHDWK security audits are enabled in violation of policy
AUREQUIRE	SCHDWK security audits are disabled in violation of policy

Description

Use of the qualifier /ENABLE=PROCESS=SCHDWK with the SET AUDIT/ALARM or SET AUDIT/AUDIT command causes the corresponding reporting when privileged use is made of the $SCHDWK system service.

Default policy Enabling of SCHDWK security alarms and audits is neither prohibited nor required. Customizing Set limits TRUE to establish a general prohibition of or requirement for the enabling of SCHDWK security alarms or audits. Then establish exemptions for any individual nodes which are not to be subjected to the general rule. selector

Limits

Constraint	Value	Default
ALPROHIBIT	FALSE or TRUE	FALSE
ALREQUIRE	FALSE, TRUE or TRY	FALSE
AUPROHIBIT	FALSE or TRUE	FALSE
AUREQUIRE	FALSE, TRUE or TRY	FALSE

Exemptions

Constraint	Value	Parameters
ALPROHIBIT	FALSE or TRUE	<node>
ALREQUIRE	FALSE, TRUE or TRY	<node>
AUPROHIBIT	FALSE or TRUE	<node>
AUREQUIRE	FALSE, TRUE or TRY	<node>

Practical considerations Concern about this event is typically only for specialized environments or for troubleshooting.

Contents

Index