LJK/Security Reference Manual
PRCREVOKE
Determine whether enabling of alarms or audits for privileged use of
$REVOKID conforms to policy.
Violation reports
| Constraint |
Nature of the violation |
|
ALPROHIBIT
|
REVOKID security alarms are enabled in violation of policy
|
|
ALREQUIRE
|
REVOKID security alarms are disabled in violation of policy
|
|
AUPROHIBIT
|
REVOKID security audits are enabled in violation of policy
|
|
AUREQUIRE
|
REVOKID security audits are disabled in violation of policy
|
Description
Use of the qualifier /ENABLE=PROCESS=REVOKID with the SET AUDIT/ALARM
or SET AUDIT/AUDIT command causes
the corresponding reporting when privilege is used to revoke an
identifier from a running process.
Default policy Enabling of REVOKID security alarms and audits is
neither prohibited nor required. Customizing Set
limits TRUE to establish a general prohibition of or
requirement for the enabling of REVOKID security alarms or audits. Then
establish exemptions for any individual nodes which
are not to be subjected to the general rule.
selector Limits
| Constraint |
Value |
Default |
|
ALPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
|
AUPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
Exemptions
| Constraint |
Value |
Parameters |
|
ALPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
|
AUPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
Practical considerations This use of privilege is worth noting in most
environments. �
PRCSCHDWK
Determine whether enabling of alarms or audits for privileged use of
$SCHDWK conforms to policy.
Violation reports
| Constraint |
Nature of the violation |
|
ALPROHIBIT
|
SCHDWK security alarms are enabled in violation of policy
|
|
ALREQUIRE
|
SCHDWK security alarms are disabled in violation of policy
|
|
AUPROHIBIT
|
SCHDWK security audits are enabled in violation of policy
|
|
AUREQUIRE
|
SCHDWK security audits are disabled in violation of policy
|
Description
Use of the qualifier /ENABLE=PROCESS=SCHDWK with the SET AUDIT/ALARM
or SET AUDIT/AUDIT command causes
the corresponding reporting when privileged use is made of the $SCHDWK
system service.
Default policy Enabling of SCHDWK security alarms and audits is neither
prohibited nor required. Customizing Set limits TRUE
to establish a general prohibition of or requirement for the enabling
of SCHDWK security alarms or audits. Then establish
exemptions for any individual nodes which are not to
be subjected to the general rule.
selector Limits
| Constraint |
Value |
Default |
|
ALPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
|
AUPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
Exemptions
| Constraint |
Value |
Parameters |
|
ALPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
|
AUPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
Practical considerations Concern about this event is typically only for
specialized environments or for troubleshooting. �
PRCSETPRI
Determine whether enabling of alarms or audits for privileged use of
$SETPRI conforms to policy.
Violation reports
| Constraint |
Nature of the violation |
|
ALPROHIBIT
|
SETPRI security alarms are enabled in violation of policy
|
|
ALREQUIRE
|
SETPRI security alarms are disabled in violation of policy
|
|
AUPROHIBIT
|
SETPRI security audits are enabled in violation of policy
|
|
AUREQUIRE
|
SETPRI security audits are disabled in violation of policy
|
Description
Use of the qualifier /ENABLE=PROCESS=SETPRI with the SET AUDIT/ALARM
or SET AUDIT/AUDIT command causes
the corresponding reporting when privilege is used to set process
priority.
Default policy Enabling of SETPRI security alarms and audits is neither
prohibited nor required. Customizing Set limits TRUE
to establish a general prohibition of or requirement for the enabling
of SETPRI security alarms or audits. Then establish
exemptions for any individual nodes which are not to
be subjected to the general rule.
selector Limits
| Constraint |
Value |
Default |
|
ALPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
|
AUPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
Exemptions
| Constraint |
Value |
Parameters |
|
ALPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
|
AUPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
Practical considerations This use of privilege is worth noting in most
environments. �
PRCSIGPRC
Determine whether enabling of alarms or audits for when a process
signal is issued conforms to policy.
Violation reports
| Constraint |
Nature of the violation |
|
ALPROHIBIT
|
SIGPRC security alarms are enabled in violation of policy
|
|
ALREQUIRE
|
SIGPRC security alarms are disabled in violation of policy
|
|
AUPROHIBIT
|
SIGPRC security audits are enabled in violation of policy
|
|
AUREQUIRE
|
SIGPRC security audits are disabled in violation of policy
|
Description
Use of the qualifier /ENABLE=PROCESS=SIGPRC with the SET AUDIT/ALARM
or SET AUDIT/AUDIT command causes
the corresponding reporting when a process signal is issued.
Default policy Enabling of SIGPRC security alarms and audits is neither
prohibited nor required. Customizing Set limits TRUE
to establish a general prohibition of or requirement for the enabling
of SIGPRC security alarms or audits. Then establish
exemptions for any individual nodes which are not to
be subjected to the general rule.
selector Limits
| Constraint |
Value |
Default |
|
ALPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
|
AUPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
Exemptions
| Constraint |
Value |
Parameters |
|
ALPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
|
AUPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
Practical considerations Concern about this event is typically only for
specialized environments or for troubleshooting. �
PRCSTIMAF
Determine whether enabling of alarms or audits for setting implicit
affinity conforms to policy.
Violation reports
| Constraint |
Nature of the violation |
|
ALPROHIBIT
|
Implicit affinity security alarms are enabled in violation of policy
|
|
ALREQUIRE
|
Implicit affinity security alarms are disabled in violation of policy
|
|
AUPROHIBIT
|
Implicit affinity security audits are enabled in violation of policy
|
|
AUREQUIRE
|
Implicit affinity security audits are disabled in violation of policy
|
Description
Use of the qualifier /ENABLE=PROCESS=SET_IMPLICIT_AFFINITY with the SET
AUDIT/ALARM
or SET AUDIT/AUDIT command causes
the corresponding reporting when implicit affinity is set.
Default policy Enabling of Implicit affinity security alarms and audits
is neither prohibited nor required. Customizing Set
limits TRUE to establish a general prohibition of or
requirement for the enabling of Implicit affinity security alarms or
audits. Then establish exemptions for any individual
nodes which are not to be subjected to the general rule.
selector Limits
| Constraint |
Value |
Default |
|
ALPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
|
AUPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
Exemptions
| Constraint |
Value |
Parameters |
|
ALPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
|
AUPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
Practical considerations Concern about this event is typically only for
specialized environments or for troubleshooting. �
PRCSUSPND
Determine whether enabling of alarms or audits for privileged use of
$SUSPND conforms to policy.
Violation reports
| Constraint |
Nature of the violation |
|
ALPROHIBIT
|
SUSPND security alarms are enabled in violation of policy
|
|
ALREQUIRE
|
SUSPND security alarms are disabled in violation of policy
|
|
AUPROHIBIT
|
SUSPND security audits are enabled in violation of policy
|
|
AUREQUIRE
|
SUSPND security audits are disabled in violation of policy
|
Description
Use of the qualifier /ENABLE=PROCESS=SUSPND with the SET AUDIT/ALARM
or SET AUDIT/AUDIT command causes
the corresponding reporting when privileged use is made of the $SUSPND
system service.
Default policy Enabling of SUSPND security alarms and audits is neither
prohibited nor required. Customizing Set limits TRUE
to establish a general prohibition of or requirement for the enabling
of SUSPND security alarms or audits. Then establish
exemptions for any individual nodes which are not to
be subjected to the general rule.
selector Limits
| Constraint |
Value |
Default |
|
ALPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
|
AUPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
Exemptions
| Constraint |
Value |
Parameters |
|
ALPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
|
AUPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
Practical considerations This use of privilege is worth noting in most
environments. �
PRCWAKE
Determine whether enabling of alarms or audits for privileged use of
$WAKE conforms to policy.
Violation reports
| Constraint |
Nature of the violation |
|
ALPROHIBIT
|
WAKE security alarms are enabled in violation of policy
|
|
ALREQUIRE
|
WAKE security alarms are disabled in violation of policy
|
|
AUPROHIBIT
|
WAKE security audits are enabled in violation of policy
|
|
AUREQUIRE
|
WAKE security audits are disabled in violation of policy
|
Description
Use of the qualifier /ENABLE=PROCESS=WAKE with the SET AUDIT/ALARM
or SET AUDIT/AUDIT command causes
the corresponding reporting when privileged use is made of the $WAKE
system service.
Default policy Enabling of WAKE security alarms and audits is neither
prohibited nor required. Customizing Set limits TRUE
to establish a general prohibition of or requirement for the enabling
of WAKE security alarms or audits. Then establish
exemptions for any individual nodes which are not to
be subjected to the general rule.
selector Limits
| Constraint |
Value |
Default |
|
ALPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
|
AUPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
FALSE
|
Exemptions
| Constraint |
Value |
Parameters |
|
ALPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
ALREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
|
AUPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
AUREQUIRE
|
FALSE, TRUE or TRY
|
<node>
|
Practical considerations This use of privilege is worth noting in most
environments. �
PRVFAIL
Determine whether enabling of alarms or audits for failed use of
privilege conforms to policy.
Violation reports
| Constraint |
Nature of the violation |
|
ALPROHIBIT
|
Failed use of privilege security alarms are enabled in violation of
policy
|
|
ALREQUIRE
|
Failed use of privilege security alarms are disabled in violation of
policy
|
|
AUPROHIBIT
|
Failed use of privilege security audits are enabled in violation of
policy
|
|
AUREQUIRE
|
Failed use of privilege security audits are disabled in violation of
policy
|
Description
Some organizations may require security alarms or audits in cases where
privilege is used or a failure is encountered attempting to use
privilege. Use of the qualifiers /CLASS=FILE and
/ENABLE=ACCESS=FAILURE=(privilege,...) with the SET AUDIT/ALARM
or SET AUDIT/AUDIT command causes
the corresponding reporting when attempted use of privilege fails.
Default policy Alarms or audits for failed use of privilege events is
neither required nor prohibited for any privilege. Customizing Set
limits TRUE to establish a general prohibition of or
requirement for the enabling of failed use of privilege security alarms
or audits. Then establish exemptions for any
individual nodes which are not to be subjected to the general rule.
selector
Limits and exemptions can take a
selector consisting of a privilege name.
Thus, it can be set once for each possible privilege. When using the
Command Interface if you do not specify a selector
when changing the limit or exemptions
your change applies to all privileges.
Limits
| Constraint |
Value |
Default |
|
ALPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
ALREQUIRE
|
FALSE or TRUE
|
FALSE
|
|
AUPROHIBIT
|
FALSE or TRUE
|
FALSE
|
|
AUREQUIRE
|
FALSE or TRUE
|
FALSE
|
Exemptions
| Constraint |
Value |
Parameters |
|
ALPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
ALREQUIRE
|
FALSE or TRUE
|
<node>
|
|
AUPROHIBIT
|
FALSE or TRUE
|
<node>
|
|
AUREQUIRE
|
FALSE or TRUE
|
<node>
|
Practical considerations This use of privilege is worth noting in most
environments, but analysis of failures may show they are due not to
administrative problems but rather to defects in layered products or
even components of VMS itself. For instance, at least up through VMS
V7.3-1, the DECnet Phase IV component command procedure NETSERVER.COM
contains the line "DEFPRV = F$SETPRV("ALL")" which will
result in failed use of privilege when executed for any username that
does not have SETPRV
as a default privilege.
In analyzing audit records for failed use of privilege, keep in mind
that records not specifying an image name are for actions taken by a
Command Language Interpreter (e.g., DCL).
�
PRVSUCC
Determine whether enabling of alarms or audits for successful use of
privilege conforms to policy.
Violation reports
| Constraint |
Nature of the violation |
|
ALPROHIBIT
|
Successful use of privilege security alarms are enabled in violation of
policy
|
|
ALREQUIRE
|
Successful use of privilege security alarms are disabled in violation
of policy
|
|
AUPROHIBIT
|
Successful use of privilege security audits are enabled in violation of
policy
|
|
AUREQUIRE
|
Successful use of privilege security audits are disabled in violation
of policy
|
Description
Some organizations may require security alarms or audits in cases where
privilege is used or a failure is encountered attempting to use
privilege. Use of the qualifiers /CLASS=FILE and
/ENABLE=ACCESS=SUCCESS=(privilege,...) with the SET AUDIT/ALARM
or SET AUDIT/AUDIT command causes
the corresponding reporting when attempted use of privilege succeeds.
Default policy Alarms or audits for successful use of privilege events
is neither required nor prohibited for any privilege. Customizing Set
limits TRUE to establish a general prohibition of or
requirement for the enabling of successful use of privilege security
alarms or audits. Then establish exemptions for any
individual nodes which are not to be subjected to the general rule.
selector
Limits and exemptions can take a
selector consisting of a privilege name.