CONTENTS

  Title Page

  Copyright Page

  Preface

  1      Overview
    1.1 POLYCENTER Security CM Family of Products
    1.2 POLYCENTER Security CM Interfaces
    1.3 Menu System Overview
    1.4 POLYCENTER Security CM Components
      1.4.1      Test Collections
      1.4.2      Inspection Domains
      1.4.3      Policy Files and Parameters
      1.4.4      Required Inspector
      1.4.5      Customized Inspectors
      1.4.6      Reports
      1.4.7      Lockdown Files
      1.4.8      Tokens
      1.4.9      Tools
    1.5 How POLYCENTER Security CM Works
      1.5.1      POLYCENTER Security CM Processes
      1.5.2      Scheduling Inspectors
    1.6 Security Administrator Checks
      1.6.1      Top-Level User Directories
      1.6.2      Open Accounts
    1.7 When to Use POLYCENTER Security CM
    1.8 System Resources

  2      Getting Started with the Menu Interface
    2.1 Getting Help
    2.2 Using the POLYCENTER Security CM Menu Interface
    2.3 Exiting POLYCENTER Security CM
      2.3.1      Exiting and Saving Changes
      2.3.2      Exiting and Canceling Changes
      2.3.3      Using POLYCENTER Security CM Function Keys
      2.3.4      Using the POLYCENTER Security CM Main Menu
      2.3.5      POLYCENTER Security CM Main Menu Command Options
    2.4 Dealing with System Messages
    2.5 Accessing POLYCENTER Security ID
    2.6 Registering System and Security Managers
    2.7 Shutting Down POLYCENTER Security CM

  3      Creating and Running Inspectors
    3.1 Viewing Inspectors
    3.2 Creating Customized Inspectors
    3.3 Deleting Inspectors
    3.4 Modifying Inspectors
      3.4.1      Changing the Starting Time of an Inspector
      3.4.2      Resetting Lockdown and Parallel Execution Options
      3.4.3      Selecting Tests
      3.4.4      Specifying Nodes to Test
      3.4.5      Modifying Parameters and Customized Test Collections
      3.4.6      Editing the Report Distribution List
    3.5 Starting an Instant Inspection
    3.6 Viewing Results of POLYCENTER Security CM Tests
    3.7 Running a Required Inspector
      3.7.1      Starting Time
      3.7.2      Instant Inspection
      3.7.3      Reports
      3.7.4      Running a Test Version of the Required Inspector

  4      Assigning Parameters
    4.1 Overview
    4.2 How Parameters Work
    4.3 Using the Interface to Examine Parameters
    4.4 Printing a List of Parameter Values
    4.5 Modifying Parameters
    4.6 Restoring Parameters
    4.7 Parameter List

  5      Customizing File Security
    5.1 Overview of Custom File Security
    5.2 Designing Custom File Security Tests
    5.3 Adding or Modifying Custom File Security
    5.4 Viewing the File Security Specification
    5.5 Deleting a Custom File Security Test

  6      Customizing Account Security
    6.1 Adding or Modifying Custom Account Security
    6.2 Viewing Custom Account Security Entries
    6.3 Deleting Custom Account Security Entries

  7      Creating User-Defined Test Collections
    7.1 Writing User-Defined Test Collections
      7.1.1      Interacting with the Executor
      7.1.2      Reporting Results
      7.1.3      Reporting Lockdown Code
      7.1.4      Returning Status on Test Completion
        7.1.4.1      Using the SYS$EXIT Service
        7.1.4.2      Using the DCL EXIT Command
      7.1.5      Summary of Use of Protocols
      7.1.6      Sample User-Defined Tests
    7.2 Including User-Defined Test Collections
    7.3 Securing User-Defined Test Programs

  8      Reporting of Results
    8.1 Displaying a Summary of Results
      8.1.1      Most Recent Results Display Format
        8.1.1.1      Interpreting Results of Tests
        8.1.1.2      Determining Token Status
      8.1.2      Displaying Results by Node
    8.2 Using the Mailed Report
      8.2.1      Inspection Summary Results
      8.2.2      Summary by Test Collection
      8.2.3      Detailed Inspection Report
    8.3 Modifying the Report Distribution List
    8.4 Enabling Automatic Deletion of Reports

  9      Lockdown Command Procedure
    9.1 Overview of Lockdown Command Procedures
    9.2 Creating a Lockdown Command Procedure
    9.3 Locating a Lockdown Command Procedure
    9.4 Editing a Lockdown Command Procedure
    9.5 Executing a Lockdown Command Procedure
    9.6 Sample Lockdown Command Procedure
    9.7 Enabling Automatic Deletion of Lockdown Command Procedures

  10     Using the DCL Command Interface
    10.1 Overview of the DCL Command Interface
    10.2 Running POLYCENTER Security CM at the DCL Interface
    10.3 Specifying the Subsystems to Test
    10.4 Sending Mail
    10.5 Creating a Lockdown File

  A Creating and Distributing a Required Inspector
    A.1 Creating the First Required Inspector
    A.2 Customizing a Required Inspector for Redistribution
    A.3 Reporting the Policy File ID

  B DCL Command Dictionary

  INSPECT/[NO]LOCKDOWN

  INSPECT/[NO]MAIL

  INSPECT/MONITOR

  INSPECT/TEST[ =(subsystem-list) ]

  C System Messages

  D Troubleshooting
    D.1 Viewing POLYCENTER Security CM Processes
    D.2 Inspectors Do Not Run After System Startup
    D.3 Accessing Menus
    D.4 Using Log Files
    D.5 Restarting POLYCENTER Security CM
    D.6 Testing Receipt of Tokens
    D.7 Verifying Privileges and Resources

  E Tokens
    E.1 Purpose of a Token
    E.2 Contents of a Token
    E.3 Token Status Memo
    E.4 Cluster and Node Status Memo
    E.5 Missing Tokens Memo

  F POLYCENTER Security CM Logicals
    F.1 Logicals that Specify File Locations
    F.2 Logicals that Control POLYCENTER Security CM

  Glossary