| Previous | Contents | Index |
Ensure all command procedures are valid.
| Constraint | Nature of the violation |
|---|---|
| CHECKSUM | Some command procedure not checksummed in violation of policy |
Exemptions within the (DISK, CHECKSUM) element specify checksum values for particular files on disk. The test for the CHECKSUM constraint within this facility determines whether such an exemption has been established for all files on the system with a file type of .COM.Default policy All policy requirements are null. Customizing Setting the (DISK, ALLCOM, CHECKSUM) limit TRUE is only appropriate for production environments with highly constrained configurations. selector
| Constraint | Value | Default |
|---|---|---|
| CHECKSUM | FALSE or TRUE | FALSE |
| Constraint | Value | Parameters |
|---|---|---|
| CHECKSUM | FALSE or TRUE | <node>,<filespec> |
Ensure all program images are valid.
| Constraint | Nature of the violation |
|---|---|
| CHECKSUM | Some image not checksummed in violation of policy |
Exemptions within the (DISK, CHECKSUM) element specify checksum values for particular files on disk. The test for the CHECKSUM constraint within this facility determines whether such an exemption has been established for all files on the system with a file type of .EXE.Default policy Installation of images as protected is not prohibited. Customizing Setting the (DISK, ALLEXE, CHECKSUM) limit TRUE is only appropriate for production environments where no software development is allowed. selector
| Constraint | Value | Default |
|---|---|---|
| CHECKSUM | FALSE or TRUE | FALSE |
| Constraint | Value | Parameters |
|---|---|---|
| CHECKSUM | FALSE or TRUE | <node>,<filespec> |
Ensure that scanning for non-VMS malware is done.
| Constraint | Nature of the violation |
|---|---|
| MISSING | Antivirus definition files are missing |
| NOTRUNNING | Antivirus scanning is not running |
| NOTUNIQUE | Antivirus definition files exist in multiple locations |
| OUTOFDATE | Antivirus definition files are out of date |
While there is no pattern of existing VMS viruses and malware for which one would scan, some disciplines require VMS servers to scan for viruses and malware aimed at lesser operating systems.Default policy There is no requirement for antivirus scanning. Customizing Enable these tests if you require antivirus scanning. Leave them disabled for a pure-VMS environment. selectorCurrently these tests look for the Sophos Antivirus Scanner.
| Constraint | Value | Default |
|---|---|---|
| MISSING | FALSE or TRUE | FALSE |
| NOTRUNNING | FALSE or TRUE | FALSE |
| NOTUNIQUE | FALSE or TRUE | FALSE |
| OUTOFDATE | delta-time | +00:00:00.00 |
| Constraint | Value | Parameters |
|---|---|---|
| MISSING | FALSE or TRUE | <node>, <device-name> or <filespec> |
| NOTRUNNING | FALSE or TRUE | <node>, <device-name> or <filespec> |
| NOTUNIQUE | FALSE or TRUE | <node>, <device-name> or <filespec> |
| OUTOFDATE | delta-time | <node>, <device-name> or <filespec> |
Ensure that session lock controls conform to policy.
| Constraint | Nature of the violation |
|---|---|
| DECWINDOWS | Workstation screen lock inactivity timeout period is too long |
The test for constraint DECWINDOWS within this element looks at DECwindows control files to see the limit on inactive time before automatic session locking is invoked.Default policy Identifiers in ACLs must not be UIC identifiers. Customizing Adjust the time allowed if you have particular operational requirements in that regard. selector
| Constraint | Value | Default |
|---|---|---|
| DECWINDOWS | 0-n (minutes) | 900 |
| Constraint | Value | Parameters |
|---|---|---|
| DECWINDOWS | 0-n (minutes) | <node>, <device-name> or <filespec> |
Ensure that backups are performed on all disks often enough to meet policy requirements.
| Constraint | Nature of the violation |
|---|---|
| ABSOLUTHI | Time since last backup exceeds the policy maximum. |
| MODIFIEDHI | Time since last backup exceeds the policy maximum and file has been modified since backup. |
Backups are a necessary part of most security plans, and this test ensures that they happen at least as frequently as the local policy requires.Default policy The maximum time between backups for a disk is 30 days. Customizing The limit for this test is set by a number, which is the maximum number of days between backups.Violations DISK, BACKUP, ABSOLUTHI and MODIFIEDHI are not reported for files which were created since the beginning of the period during which a backup was required.
Violations DISK, BACKUP, ABSOLUTHI and MODIFIEDHI are not reported for files on CDROM disks, since even if backup were done on CDROM disks, it could not be recorded.
There are three backup-related elements within the DISK facility:
- BACKUP element
for constraints applicable to all disk files- BACKUPDATA element
for constraints applicable to disk files not in SYS$SYSROOT:[*...]- BACKUPSYS element
for constraints applicable to disk files in SYS$SYSROOT:[*...]
The practical upper limit for a precise count of days since the last backup of a file is 9999 (about 27 years). Specification of any larger number is considered to be "forever", or since the earliest date which can be represented in the VMS time format.
If you are only concerned that files get backed up once (as compared with ensuring they are backed up on a regular basis to ensure that entire disk volumes can be restored), raise the limit or add exemptions for ABSOLUTHI).
A limit or exemption with a value of zero means there is no value which is considered unacceptable. selector
| Constraint | Value | Default |
|---|---|---|
| ABSOLUTHI | 0---n | 30 |
| MODIFIEDHI | 0---n | 30 |
| Constraint | Value | Parameters |
|---|---|---|
| ABSOLUTHI | 0---n | <node>, <volume-name> |
| MODIFIEDHI | 0---n | <node>, <volume-name> |
Testing performed for this element is based entirely on the backup date maintained by VMS. The VMS Backup program will only modify that date when the /RECORD qualifier is specified. Some sites use the /RECORD qualifier only for weekly full backups, while other sites use it for incremental backups as well. In order to fully understand the significance of backup dates it is necessary to consult with the system management staff for a particular machine to learn their procedures in this regard.
Ensure that backups are performed on data disk files often enough to meet policy requirements.
| Constraint | Nature of the violation |
|---|---|
| ABSOLUTHI | Time since last data disk backup exceeds the policy maximum. |
| MODIFIEDHI | Time since last data disk backup exceeds the policy maximum and at least one file has been modified since last backup. |
Backups are a necessary part of most security plans, and this test ensures that they happen at least as frequently as the local policy requires.Default policy The maximum time between backups for data files is 30 days. Customizing The limit for this test is set by a number, which is the maximum number of days between backups.Violations DISK, BACKUPDATA, ABSOLUTHI and MODIFIEDHI are not reported for files which were created since the beginning of the period during which a BACKUPDATA was required.
Violations DISK, BACKUPDATA, ABSOLUTHI and MODIFIEDHI are not reported for files on CDROM disks, since even if BACKUPDATA were done on CDROM disks, it could not be recorded.
There are three backup-related elements within the DISK facility:
- BACKUP element
for constraints applicable to all disk files- BACKUPDATA element
for constraints applicable to disk files not in SYS$SYSROOT:[*...]- BACKUPSYS element
for constraints applicable to disk files in SYS$SYSROOT:[*...]
The practical upper limit for a precise count of days since the last backup of a file is 9999 (about 27 years). Specification of any larger number is considered to be "forever", or since the earliest date which can be represented in the VMS time format.
If you are only concerned that files get backed up once (as compared with ensuring they are backed up on a regular basis to ensure that entire disk volumes can be restored), raise the limit or add exemptions for ABSOLUTHI).
A limit or exemption with a value of zero means there is no value which is considered unacceptable. selector
| Constraint | Value | Default |
|---|---|---|
| ABSOLUTHI | 0---n | 0 |
| MODIFIEDHI | 0---n | 0 |
| Constraint | Value | Parameters |
|---|---|---|
| ABSOLUTHI | 0---n | <node>, <volume-name> |
| MODIFIEDHI | 0---n | <node>, <volume-name> |
Testing performed for this element is based entirely on the backup date maintained by VMS. The VMS backup program will only modify that date when the /RECORD qualifier is specified. Some sites use the /RECORD qualifier only for weekly full backups, while other sites use it for incremental backups as well. In order to fully understand the significance of backup dates it is necessary to consult with the system management staff for a particular machine to learn their procedures in this regard.
Ensure that backups are performed on system disk data often enough to meet policy requirements.
| Constraint | Nature of the violation |
|---|---|
| ABSOLUTHI | Time since last system disk backup exceeds the policy maximum. |
| MODIFIEDHI | Time since last system disk backup exceeds the policy maximum and at least one file has been modified since last backup. |
Backups are a necessary part of most security plans, and this test ensures that they happen at least as frequently as the local policy requires.Default policy The maximum time between backups of system data is 30 days. Customizing The limit for this test is set by a number, which is the maximum number of days between backups of system data.Violations DISK, BACKUPSYS, ABSOLUTHI and MODIFIEDHI are not reported for files which were created since the beginning of the period during which a BACKUPSYS was required.
Violations DISK, BACKUPSYS, ABSOLUTHI and MODIFIEDHI are not reported for files on CDROM disks, since even if BACKUPSYS were done on CDROM disks, it could not be recorded.
There are three backup-related elements within the DISK facility:
- BACKUP element
for constraints applicable to all disk files- BACKUPDATA element
for constraints applicable to disk files not in SYS$SYSROOT:[*...]- BACKUPSYS element
for constraints applicable to disk files in SYS$SYSROOT:[*...]
The practical upper limit for a precise count of days since the last backup of a file is 9999 (about 27 years). Specification of any larger number is considered to be "forever", or since the earliest date which can be represented in the VMS time format.
If you are only concerned that files get backed up once (as compared with ensuring they are backed up on a regular basis to ensure that entire disk volumes can be restored), raise the limit or add exemptions for ABSOLUTHI).
A limit or exemption with a value of zero means there is no value which is considered unacceptable. selector
| Constraint | Value | Default |
|---|---|---|
| ABSOLUTHI | 0---n | 0 |
| MODIFIEDHI | 0---n | 0 |
| Constraint | Value | Parameters |
|---|---|---|
| ABSOLUTHI | 0---n | <node>, <volume-name> |
| MODIFIEDHI | 0---n | <node>, <volume-name> |
Testing performed for this element is based entirely on the backup date maintained by VMS. The VMS backup program will only modify that date when the /RECORD qualifier is specified. Some sites use the /RECORD qualifier only for weekly full backups, while other sites use it for incremental backups as well. In order to fully understand the significance of backup dates it is necessary to consult with the system management staff for a particular machine to learn their procedures in this regard.
Test the protection of specified files.
| Constraint | Nature of the violation |
|---|---|
| ABSENT | File is absent in violation of policy |
| ABSOLUTLO | Access is narrower than permitted by policy |
| ABSOLUTHI | Access is wider than permitted by policy |
| ACLNOGEN | General identifier used in violation of policy |
| ACLNOSYS | System-defined identifier used in violation of policy |
| ACLNOUIC | UIC identifier used in violation of policy |
| ALFPROHIB | Alarm ACE for failure is present in violation of policy |
| ALFREQUIRE | Alarm ACE for failure is absent in violation of policy |
| ALSPROHIB | Alarm ACE for success is present in violation of policy |
| ALSREQUIRE | Alarm ACE for success is absent in violation of policy |
| AUFPROHIB | Audit ACE for failure is present in violation of policy |
| AUFREQUIRE | Audit ACE for failure is absent in violation of policy |
| AUSPROHIB | Audit ACE for success is present in violation of policy |
| AUSREQUIRE | Audit ACE for success is absent in violation of policy |
| BACKUPABS | Time since last file backup exceeds the policy maximum. |
| BACKUPMOD | Time since last file backup exceeds the policy maximum and the file has been modified since last backup. |
| MODBEFORE | File modification date is later than allowed by policy |
| OWNER | Fewer users can access than permitted by policy |
| PERCENTLO | Fewer users can access than permitted by policy |
| PERCENTHI | More users can access than permitted by policy |
| PRESENT | File is present in violation of policy |
| SUBSYSNO | File is designated as a protected subsystem in violation of policy |
| SUBSYSYES | File is not designated as a protected subsystem in violation of policy |
| VERSIONMAX | File version number is higher than allowed by policy |
This element tests protection of specific files for which you want tighter control than general files on the system. It is also the only element that tests for the presence (or absence) of particular audit or alarm ACEs (access control entries) within an ACL (access control list).There are three types of tests included:
This element uses limits and exemptions in a different fashion than most. Each file to be tested must be specified in an exemption, with the desired value. Limits are ignored for this element.
- Basic file protection tests ABSOLUT%% and PERCENT%%
For certain files you may require tighter protection than your general standards.- Identifier ACE tests ACLNO%%%
Use of UIC identifiers directly in access control lists leads to problems if user responsibilities are changed, since control of the access they have been granted is distributed throughout the system. The purpose of this test is to ensure that identifiers used in Identifier Access Control Entries are of acceptable types.
In addition, for certain files you might want to prohibit all forms of ACL-based access.- Alarm and Audit ACE tests AL* and AU* (for failure and success audits)
Auditing is the only defense against access by highly privileged users (coupled with review of the audit logs). But in some cases even for files that are not tightly protected you might want to audit access to ensure you have a record of how they are used.
Previous Next Contents Index