POLYCENTER Security Compliance Manager for OpenVMS Installation Guide ____________________________________________________ Order Number: AA-PGBYD-TE January 1999 This guide describes how to install POLYCENTER Security Compliance Manager on the OpenVMS VAX operating system and on the OpenVMS Alpha operating system. Revision/Update Information: This is a revision of the V3.0 manual. Operating Systems: OpenVMS VAX Version 6.2 or higher, OpenVMS Alpha Version 6.2 or higher. Software Version: POLYCENTER Security Compliance Manager for OpenVMS, Version 3.1 ________________________________________________________________ January 1999 The information in this document is subject to change without notice and should not be construed as a commitment by Digital Equipment Corporation. Digital Equipment Corporation assumes no responsibility for any errors that may appear in this document. Possession, use, duplication, or dissemination of the software described in this documentation is authorized only pursuant to a valid written license from Digital or the third-party owner of the software copyright. No responsibility is assumed for the use or reliability of software or equipment that is not supplied by Digital Equipment Corporation. Digital Equipment Corporation makes no representations that the interconnection of its products in the manner described in this document will not infringe existing or future patent rights, nor do the descriptions contained in this document imply the granting of licenses to make, use, or sell equipment or software in accordance with the description. The product described in this document is intended to assist customers in maintaining an appropriately secure systems environment when used in conjunction with customer's vigilant operational security practices. Digital does not guarantee or warrant that the use of this product will provide complete security protection for customers' systems. Copyright @1992, 1999 Digital Equipment Corporation. All Rights Reserved. Copyright @1999 Touch Technologies, Inc. All Rights Reserved. The following are trademarks of Digital Equipment Corporation: AXP, DEC, DECforms, DECinspect, DECnet, Digital, OpenVMS, POLYCENTER, VAX, VMScluster, VMS, and the DIGITAL logo. Microsoft and Windows are registered trademarks of Microsoft Corporation. OSF and OSF/1 are registered trademarks of the Open Software Foundation, Inc. MultiNet is a registered trademark of TGV, Inc. UNIX is a registered trademark in the United States and other countries licensed exclusively through X/Open Company Ltd. All other trademarks and registered trademarks are the property of their respective holders. This document is available on CD-ROM. _________________________________________________________________ Contents Preface................................................... vii 1 Preparing for the Installation 1.1 Checking the Media Software Distribution Kit........................................... 1-1 1.2 Accessing the Online Release Notes............ 1-1 1.3 Required Operating System Components.......... 1-2 1.4 Registering the Software License.............. 1-2 1.5 VMScluster System Considerations.............. 1-3 1.6 Installation Procedure Requirements........... 1-4 1.7 Installing POLYCENTER Security CM from a Spawned Process............................... 1-5 1.8 VMSINSTAL Requirements........................ 1-5 2 Installing POLYCENTER Security CM for OpenVMS 2.1 Invoking the VMSINSTAL Utility................ 2-1 2.2 Aborting the Installation..................... 2-2 2.3 Step-by-Step Installation of POLYCENTER Security CM................................... 2-2 3 After the Installation 3.1 Completing the Installation................... 3-1 3.2 Modifying the System Startup Command Procedure..................................... 3-2 3.3 Running Inspectors After System Reboot........ 3-2 3.4 Granting an Identifier........................ 3-3 3.5 Verifying Privileges and Resources............ 3-3 3.6 Invoking POLYCENTER Security CM on a VMScluster System............................. 3-4 3.7 Verifying the Installation.................... 3-5 iii 3.8 Configuring the Passthru Server............... 3-6 3.9 Preparing System-Specific Root Directories for Passthru Servers.............................. 3-7 3.10 Error Conditions.............................. 3-7 3.11 Maintenance Updates........................... 3-8 3.12 Reporting Problems............................ 3-9 A Sample Installation B POLYCENTER Security CM for OpenVMS Files C POLYCENTER Security CM Logicals C.1 POLYCENTER Security CM Logicals............... C-1 Index Tables B-1 Files Placed in INSPECT$ROOT:[IMAGES]..... B-1 B-2 Files Placed in INSPECT$ROOT:[IMAGES.system].............. B-3 B-3 Files Placed in INSPECT$ROOT:[DATABASE]... B-6 B-4 Files Placed in INSPECT$ROOT:[DICTIONARY]................. B-7 B-5 Files Placed in INSPECT$ROOT:[EXAMPLES]... B-7 B-6 Files Placed in INSPECT$ROOT:[EXAMPLES.system] .......................................... B-7 C-1 POLYCENTER Security CM Logicals........... C-1 iv _________________________________________________________________ Preface This guide describes how to install POLYCENTER[TM] Security Compliance Manager (POLYCENTER Security CM) for OpenVMS[TM] VAX[TM] and POLYCENTER Security CM for OpenVMS Alpha. Audience This guide is intended for system managers who manage OpenVMS VAX and OpenVMS Alpha systems. Structure of This Guide This guide is divided into three chapters, three appendixes, and an index: o Chapter 1 describes prerequisites for installing POLYCENTER Security CM for OpenVMS. o Chapter 2 describes the installation procedure. o Chapter 3 describes postinstallation tasks. o Appendix A contains sample listings of POLYCENTER Security CM for OpenVMS installations. o Appendix B describes the files that the POLYCENTER Security CM for OpenVMS installation procedure installs on the system. o Appendix C describes POLYCENTER Security CM logicals. vii Associated Documents For more information on the topics covered in this manual, refer to: o POLYCENTER Security Compliance Manager for OpenVMS User's Guide o POLYCENTER Security Console for Microsoft Windows Installation and User's Guide o OpenVMS License Management Utility Manual o OpenVMS System Manager's Manual o OpenVMS System Management Utilities Reference Manual o OpenVMS Guide to System Security Conventions In this manual, every use of OpenVMS Alpha means the OpenVMS Alpha operating system, every use of OpenVMS VAX means the OpenVMS VAX operating system, and every use of OpenVMS means both the OpenVMS Alpha operating system and the OpenVMS VAX operating system. The following conventions are also used in this manual: ___________________________________________________________ Convention_______Description_______________________________ A key name enclosed in a box indicates that you press that key. Ctrl/x Ctrl/x indicates that you hold down the Ctrl key while you press another key or mouse button (indicated here by x). boldface type Boldface type in examples indicates user input. italic type Italic type emphasizes important information, indicates variables, and indicates complete titles of manuals. viii ___________________________________________________________ Convention_______Description_______________________________ [] In format descriptions, brackets indicate optional elements. (Brackets are not optional, however, in the syntax of a directory name in an OpenVMS file specification.) UPPERCASE Words in uppercase indicate a command, the name of a file, the name of a file protection code, or an abbreviation for a system privilege. . . . A horizontal ellipsis indicates additional parameters, values, or information that you can enter. Vertical ellipsis points indicate the . omission of information from an example or . command format. The information is omitted . because it is not important to the topic _________________being_discussed.__________________________ ix 1 _________________________________________________________________ Preparing for the Installation This chapter describes the preparations and requirements necessary for installing POLYCENTER Security CM software. 1.1 Checking the Media Software Distribution Kit The installation kit includes the following items: o POLYCENTER Security CM software o Online release notes Your Bill of Materials specifies the number and contents of your media. Be sure to check the contents of your kit against the Bill of Materials. If your kit is damaged, or if you find that parts are missing, call your Digital[TM] representative. 1.2 Accessing the Online Release Notes The POLYCENTER Security CM installation kit provides online release notes that you can display or print during the installation procedure. ________________________ Note ________________________ The prompt to display or print the release notes appears in the installation procedure only when you invoke VMSINSTAL with the N option. ______________________________________________________ Preparing for the Installation 1-1 Preparing for the Installation 1.2 Accessing the Online Release Notes To read the release notes before you install the POLYCENTER Security CM software, follow the installation procedure up to step 4 in Section 2.3. At that point, you can choose to read or print the release notes. You can then choose to discontinue the installation procedure. The release notes file, installed by VMSINSTAL, shows a unique name for each maintenance update. Do not delete previous versions of the file. You may want to refer to these later. To read the release notes after the installation, display or print the file SYS$HELP:INSPECT$031.RELEASE_NOTES. 1.3 Required Operating System Components The OpenVMS operating system comes with a variety of support options, or classes. Classes include such features as networking and RMS journaling. POLYCENTER Security CM Version 3.1 requires OpenVMS VAX Version 6.2 or higher or OpenVMS Alpha Version 6.2 or higher including the following classes: o OpenVMS required saveset o Network support: Remote Task Loading o Utilities: Mail The Software Product Description (SPD) also lists the required classes. 1.4 Registering the Software License If you are installing POLYCENTER Security CM on a newly licensed node or on a VMScluster system, you must first register a License Product Authorization Key (License PAK) using the License Management Facility (LMF). The License PAK may be shipped along with the kit if you ordered the license and media together; otherwise, it is shipped separately to a location based on your license order. 1-2 Preparing for the Installation Preparing for the Installation 1.4 Registering the Software License If you are installing the POLYCENTER Security CM software on a node or on a VMScluster system already licensed for this software, you have already completed the license PAK registration requirements. You must register and load the appropriate license for POLYCENTER Security CM before you start the installation in order to run the Installation Verification Procedure (IVP) and use the software. To register a license on OpenVMS systems, log in to the system manager's account, SYSTEM and do either of the following: o Invoke the SYS$UPDATE:VMSLICENSE.COM procedure. When it prompts you for information, respond with data from your License PAK. o At the DCL prompt, enter the LICENSE REGISTER command with the qualifiers that correspond to the License PAK information. If you plan to use the POLYCENTER Security CM software on more than one node in a cluster, you must perform a license load on the other nodes after you complete this installation. See Section 3.6 for more information on using POLYCENTER Security CM on a cluster. For complete information on using LMF, see the OpenVMS License Management Utility Manual. 1.5 VMScluster System Considerations In general, you must install POLYCENTER Security CM on only one node in a VMScluster system. However, if the cluster has more than one system disk, repeat the installation procedure on each system disk. See Section 3.6 for more information on installing POLYCENTER Security CM on a cluster. Preparing for the Installation 1-3 Preparing for the Installation 1.6 Installation Procedure Requirements 1.6 Installation Procedure Requirements Before you can install the POLYCENTER Security CM software, you must have the following resources and privileges: o Operating system-OpenVMS VAX Version 6.2 or higher or OpenVMS Alpha Version 6.2 or higher. o One of the following if you want to communicate with POLYCENTER Security Console and with POLYCENTER Security Reporting Facility (SRF): - DECnet[TM]/OSI - DECnet for OpenVMS VAX and Alpha - DEC TCP/IP Services for OpenVMS - MultiNet[R] o The SETPRV and OPER privileges (note that VMSINSTAL turns off BYPASS privilege at the start of the installation). o A SYSTEM identifier with a User Identification Code (UIC) value of [1,4]. o Time - 5 to 40 minutes. o Disk space POLYCENTER Security CM requires the following disk space during installation: - 20 000 free blocks, if you are installing POLYCENTER Security CM for OpenVMS Alpha. - 23 500 free blocks, if you are installing POLYCENTER Security CM for OpenVMS VAX. See Section 3.5 for disk space requirements after installation. To determine the number of free disk blocks on the disk, enter the following command at the DCL prompt: $ SHOW DEVICE disk_name o A backup copy of your system disk 1-4 Preparing for the Installation Preparing for the Installation 1.6 Installation Procedure Requirements Digital recommends that you back up your system disk before installing any software. Use the backup procedures established at your site. For details on performing a system disk backup, see the OpenVMS System Manager's Manual. ________________________ Note ________________________ If you are installing POLYCENTER Security CM on a VMScluster system, all systems in the cluster must meet all these requirements except disk space. ______________________________________________________ 1.7 Installing POLYCENTER Security CM from a Spawned Process The VMSINSTAL utility deletes or changes entries in the process symbol tables during an installation procedure. To prevent deletion or changes, you can spawn a process and invoke VMSINSTAL from this process. Log out of the spawned process after the installation completes to ensure that symbols are still defined correctly. 1.8 VMSINSTAL Requirements Before you invoke VMSINSTAL, you must complete the following steps: 1. Log in to a privileged account. 2. Set your default device and directory to SYS$UPDATE. 3. Ensure the system has adequate quotas for installation. Note that to use VMSINSTAL the account in which you are installing the product must have a minimum of the following quotas: o ASTLM=24 o BIOLM=18 o BYTLM=18,000 o DIOLM=18 o ENQLM=30 Preparing for the Installation 1-5 Preparing for the Installation 1.8 VMSINSTAL Requirements o FILLM=20 1-6 Preparing for the Installation 2 _________________________________________________________________ Installing POLYCENTER Security CM for OpenVMS This chapter describes how to install POLYCENTER Security CM for OpenVMS. It provides information on the following: o Invoking the VMSINSTAL utility o Aborting the installation o Step-by-step installation of POLYCENTER Security CM 2.1 Invoking the VMSINSTAL Utility To start the installation, invoke the VMSINSTAL utility from a privileged account, such as the SYSTEM account. Enter the following command: $ @SYS$UPDATE:VMSINSTAL INSPECT031 device-name OPTIONS N where: o device-name is the name of the device that contains the distribution media. For example, MKA0: is the device name for tape drive 0. o OPTIONS N is an optional parameter that indicates that you want to be prompted to display or print the release notes. Digital strongly recommends that you include the OPTIONS N parameter and read the release notes before proceeding with the installation. The VMSINSTAL utility has several other options; for more information, see the OpenVMS System Management Utilities Reference Manual. Note that the VMSINSTAL utility presents slightly different messages, depending on the version of OpenVMS that you are running. When you invoke the VMSINSTAL utility, it checks whether: o You are logged in to the SYSTEM account. Installing POLYCENTER Security CM for OpenVMS 2-1 Installing POLYCENTER Security CM for OpenVMS 2.1 Invoking the VMSINSTAL Utility o You have adequate quotas for installation. o There are any users logged in to the system. If the VMSINSTAL utility detects any of these conditions, a prompt is displayed so that you can decide whether to continue. To stop the installation, press Return. 2.2 Aborting the Installation To abort the installation procedure, press Ctrl/Y. When you press Ctrl/Y, the installation procedure deletes all the files it has created up to that point and exits. You can then start the installation again. 2.3 Step-by-Step Installation of POLYCENTER Security CM This section contains excerpts from the POLYCENTER Security CM installation procedure as it appears on the screen, and provides explanatory text. Appendix A shows a sample installation procedure. Here are the installation steps: 1. Log in to the system account. Username: SYSTEM Password: 2. Invoke the VMSINSTAL utility. $ @SYS$UPDATE:VMSINSTAL INSPECT031 MKA0: OPTIONS N OpenVMS Alpha Software Product Installation Procedure V6.2 It is dd-mmm-yyyy at hh:mm. Enter a question mark (?) at any time for help. * Are you satisfied with the backup of your system disk [YES]? Ensure that you have a recent backup of your system disk. 2-2 Installing POLYCENTER Security CM for OpenVMS Installing POLYCENTER Security CM for OpenVMS 2.3 Step-by-Step Installation of POLYCENTER Security CM 3. Begin installation of the kit. After you invoke the VMSINSTAL utility in Step 2, the software begins the installation. The following products will be processed: INSPECT V3.1 Beginning installation of INSPECT V3.1 at hh:mm %VMSINSTAL-I-RESTORE, Restoring product save set A ... %VMSINSTAL-I-RELMOVED, Product's release notes have been moved to SYS$HELP. Copyright (c) Digital Equipment Corporation, 1992-1995 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, duplication or dissemination of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. 4. Select a release notes option. This step applies only if you specified OPTIONS N in step 2. Release notes included in this kit are always copied to SYS$HELP. Additional Release Notes Options: 1. Display release notes 2. Print release notes 3. Both 1 and 2 4. None of the above * Select option [2]: Installing POLYCENTER Security CM for OpenVMS 2-3 Installing POLYCENTER Security CM for OpenVMS 2.3 Step-by-Step Installation of POLYCENTER Security CM The meaning of each Additional Release Notes option is as follows: o If you select option 1, the VMSINSTAL utility displays the release notes on your screen immediately. o If you select option 2 (the default), the VMSINSTAL utility prompts you for a print queue name: * Queue name [SYS$PRINT]: Job INSPECT031 (queue SYS$PRINT, entry 123) started on SYS$PRINT Either press Return to accept the default output print device, SYS$PRINT, or type a queue name and press Return. o If you select option 3, the installation procedure prints and then displays the release notes. o If you select option 4, the VMSINSTAL utility copies the release notes to the directory SYS$HELP. The VMSINSTAL utility displays the following prompt: Do you want to continue the installation [NO]?: Yes If you type Yes and press Return, the installation procedure continues. 5. Select the purge option. The files in INSPECT$ROOT and SYS$HELP that contain previous releases of POLYCENTER Security CM are replaced during the installation with the new release, but the old release is not automatically purged. Purging is recommended. In response to the purge prompt, either press Return to purge the files or type No to keep them. * Do you want to purge files replaced by this installation [YES]? You see the following information on the screen: Product: INSPECT Producer: DEC Version: 3.1 Release Date: dd-mmm-yyyy 6. Affirm existence of the PAK. 2-4 Installing POLYCENTER Security CM for OpenVMS Installing POLYCENTER Security CM for OpenVMS 2.3 Step-by-Step Installation of POLYCENTER Security CM The PAK must be registered and loaded for the Installation Verification Procedure (IVP) to run. * Does this product have an authorization key registered and loaded? Yes 7. Choose the IVP option. The installation procedure now asks if you want to run the IVP. It is recommended that you run the IVP, which checks whether the installation was successful. * Do you want to run the IVP after the installation [YES]? 8. Read the Lockdown Warning. The installation procedure generates a Lockdown Warning. You must respond to the warning to continue the installation procedure. LOCKDOWN WARNING The POLYCENTER Security software generates a lockdown command procedure. This procedure contains suggested solutions for each security violation stated in the the report. Blindly executing the lockdown procedure may have side effects that cripple your system or layered products. It is YOUR responsibility to examine the lockdown procedure to ensure that it is compatible with your configuration. If the lockdown procedure is not satisfactory, you are still responsible for correcting the security violations stated in the report. Feel free to extract and use the sections of the lockdown procedure that are compatible with your configuration. At the prompt, please type "I UNDERSTAND" to state your understanding of the preceding two paragraphs. This is required for the installation to continue. * State that you understand the LOCKDOWN WARNING: I Understand 9. Specify the location of POLYCENTER Security CM directories. You must indicate a location for POLYCENTER Security CM directories. Do not locate POLYCENTER Security CM directories in the system directory tree. Installing POLYCENTER Security CM for OpenVMS 2-5 Installing POLYCENTER Security CM for OpenVMS 2.3 Step-by-Step Installation of POLYCENTER Security CM The POLYCENTER Security CM software depends upon a specific subdirectory structure for its operation. In response to the following question, enter a location where these directories should reside. All files used or created while running the POLYCENTER Security CM software will reside in subdirectories of the location you specify. *** NOTE *** It is recommended that these directories should *NOT* be placed within the system directory tree (that is, SYS$SYSROOT:[*...]). * Where should the directories be placed [SYS$SYSDEVICE:[INSPECT31]: %VMSINSTAL-I-SYSDIR, This product creates system disk directory SYS$SYSDEVICE:[INSPECT31]. %INSPECT-I-ROOT_DIR, INSPECT$ROOT will be defined as: -INSPECT-I-ROOT_DIR, SYS$SYSDEVICE:[INSPECT31.] The installation now attempts to shut down POLYCENTER Security CM if it is currently running on any node in the cluster. It displays informational and error messages while performing this task. 10.Verification of Sample Inspector. You must choose to keep or abandon inspectors from previous installations of the compliance manager. This kit provides a sample inspector database. The sample database will overwrite any existing database. Customised inspectors from installations prior to V3.0 are NOT compatible with this release. * Do you wish to keep your existing inspector database [YES]? y 11.Specify the name of the VMScluster system. If the node on which you are installing POLYCENTER Security CM is a member of a VMScluster system, the installation procedure prompts you for the VMScluster alias. This node is a cluster member. For token-reporting purposes, you must specify a name for this cluster system. Normally, the cluster alias, if you have one, is used for this purpose. If you do not have a cluster alias, you should use the name of one of the cluster members. * Enter a name for this cluster [CLSTER]: 2-6 Installing POLYCENTER Security CM for OpenVMS Installing POLYCENTER Security CM for OpenVMS 2.3 Step-by-Step Installation of POLYCENTER Security CM 12.Wait for the installation to finish. The installation procedure asks no other questions but provides an important command that you must issue, after the installation completes, to activate POLYCENTER Security CM after each system boot. %INSPECT-I-IMAGES, loading images The remainder of this installation will be completed without further questions. This will take between 5 and 40 minutes depending on your processor type. %VMSINSTAL-I-RESTORE, Restoring product save set B ... %VMSINSTAL-I-SYSDIR, This product creates directory INSPECT$ROOT:[DATABASE]. %VMSINSTAL-I-SYSDIR, This product creates directory INSPECT$ROOT:[IMAGES]. %VMSINSTAL-I-SYSDIR, This product creates directory INSPECT$ROOT:[EXAMPLES]. %VMSINSTAL-I-SYSDIR, This product creates directory INSPECT$ROOT:[IMAGES.AXP]. %VMSINSTAL-I-SYSDIR, This product creates directory INSPECT$ROOT:[EXAMPLES.AXP]. %VMSINSTAL-I-SYSDIR, This product creates directory INSPECT$ROOT:[LOGS]. %VMSINSTAL-I-SYSDIR, This product creates directory INSPECT$ROOT:[REPORTS]. %VMSINSTAL-I-SYSDIR, This product creates directory INSPECT$ROOT:[LOCKDOWNS]. %VMSINSTAL-I-SYSDIR, This product creates directory INSPECT$ROOT:[SCRATCH]. %VMSINSTAL-I-SYSDIR, This product creates directory INSPECT$ROOT:[DICTIONARY]. To have your POLYCENTER Security CM environment defined after each system boot, please add the following line to your system startup procedure, SYS$STARTUP:SYSTARTUP_VMS.COM. $ @ SYS$STARTUP:INSPECT$STARTUP In order for the POLYCENTER Security CM software to be fully operational across this VMScluster system, you must perform the following steps after installation completes: $ RUN SYS$SYSTEM:SYSMAN SYSMAN> SET ENVIRONMENT /CLUSTER SYSMAN> SET PROFILE/PRIV=ALL SYSMAN> DO INSTALL REPLACE SYS$SHARE:DCLTABLES.EXE/OPEN/HEADER/SHARE SYSMAN> DO @SYS$STARTUP:INSPECT$STARTUP.COM %VMSINSTAL-I-MOVEFILES, Files will now be moved to their target directories... %RUN-S-PROC_ID, identification of created process is 00060C5F %RUN-S-PROC_ID, identification of created process is 0006BCA0 %INSPECT-I-IVP, Starting Installation Verification Procedure Installing POLYCENTER Security CM for OpenVMS 2-7 Installing POLYCENTER Security CM for OpenVMS 2.3 Step-by-Step Installation of POLYCENTER Security CM Copyright (c) Digital Equipment Corporation, 1992-1995 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, duplication or dissemination of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Installation of POLYCENTER Security CM V3.1 software successful. POLYCENTER Security CM V3.1 Installation Verification Procedure completed. Installation of INSPECT V3.1 completed at hh:mm Adding history entry in VMI$ROOT:[SYSUPD]VMSINSTAL.HISTORY Creating installation data file: VMI$ROOT:[SYSUPD]INSPECT031.VMI_DATA VMSINSTAL procedure done at hh:mm 13.Log out. The VMSINSTAL utility either deletes or changes entries in the process symbol tables during the installation. Therefore, if you are going to continue using the system account, and you want to restore those symbols, it is recommended that you log out and log in again. To prevent deletion or changes, you can spawn a process and invoke the VMSINSTAL utility from this process. Log out of this process after the installation, so that your symbols are still defined correctly. $ LOGOUT SYSTEM logged out at dd-mmm-yyyy hh:mm:ss.ss You have now finished running the VMSINSTAL utility. See Chapter 3 for information on how to complete the installation procedure. 2-8 Installing POLYCENTER Security CM for OpenVMS 3 _________________________________________________________________ After the Installation This chapter describes the tasks that you must perform to complete the installation of POLYCENTER Security CM for OpenVMS. It provides information on the following: o Completing the installation o Modifying the system startup command procedure o Running inspectors after system reboot o Granting an identifier o Verifying privileges and resources o Invoking POLYCENTER Security CM on a VMScluster system o Verifying the installation o Configuring the passthru server o Preparing system-specific root directories for passthru servers o Error conditions o Maintenance updates o Reporting problems 3.1 Completing the Installation After VMSINSTAL finishes running the POLYCENTER Security CM installation procedure, you must perform several tasks to ensure that POLYCENTER Security CM runs correctly: o Modify the system startup command procedure o Grant the INSPECT$SECURITY_MANAGER identifier o Verify privileges and resources After the Installation 3-1 After the Installation 3.1 Completing the Installation o Use the System Management Utility to invoke the startup procedure on other nodes in a VMScluster system o Verify a successful installation 3.2 Modifying the System Startup Command Procedure To ensure that the POLYCENTER Security CM environment is defined after each system boot, modify the system startup command procedure so that the POLYCENTER Security CM software starts after the DECnet[TM] software starts. This procedure is in the SYS$STARTUP:SYSTARTUP_VMS.COM file. Add the following line to the file: @SYS$STARTUP:INSPECT$STARTUP 3.3 Running Inspectors After System Reboot When the POLYCENTER Security CM software starts, the executor remains in a paused state for 40 minutes following system start up, during which time no inspections occur. After 40 minutes of operation, the executor process starts to function. The delay allows lengthy startup processes, such as rebooting several satellites in a VMScluster system or loading a large network database, to complete before allowing an inspection to take place. ________________________ Note ________________________ This startup delay is configurable using the command line interface (CLI). See the POLYCENTER Security Compliance Manager User's Guide for more information on using the CLI. ______________________________________________________ 3-2 After the Installation After the Installation 3.4 Granting an Identifier 3.4 Granting an Identifier The INSPECT$SECURITY_MANAGER identifier allows you to run POLYCENTER Security CM. Use the GRANT/IDENTIFIER command in the AUTHORIZE utility to grant this identifier to users, such as the security manager, who can create customized inspections and edit the report distribution list. Identified users can invoke POLYCENTER Security CM with the INSPECT command: $ INSPECT 3.5 Verifying Privileges and Resources In addition to the INSPECT$SECURITY_MANAGER identifier, each security manager's account must have the following privileges and resources: o The TMPMBX and NETMBX privileges o Enqueue quota (ENQLM): 256 o Paging file quota (PGFLQUO): 10 000 pages If your account does not have these privileges and resources, create them as follows: 1. Invoke the OpenVMS AUTHORIZE utility with the following command: $ RUN SYS$SYSTEM:AUTHORIZE 2. Create the privileges with the following commands: $ UAF> MODIFY user/PRIV=(TMPMBX,NETMBX)/DEFPRIV=(TMPMBX,NETMBX) $ UAF> MODIFY user/ENQLM=256/PGFLQUO=10000 The MAXBUF parameter is a dynamic parameter that must be set to 2100. This is the parameter that determines the maximum number of bytes that can be transferred in one buffered Input/Output request. If this parameter is not set to 2100, the POLYCENTER Security CM user interface cannot run. To set the MAXBUF parameter, follow these steps: 1. Invoke the OpenVMS SYSGEN utility with the following command: $ RUN SYS$SYSTEM:SYSGEN After the Installation 3-3 After the Installation 3.5 Verifying Privileges and Resources 2. Set the MAXBUF parameter with the following commands: $ SYSGEN> SET MAXBUF 2100 $ SYSGEN> WRITE ACTIVE $ SYSGEN> WRITE CURRENT $ SYSGEN> EXIT POLYCENTER Security CM requires the following disk space after installation: o 15 000 blocks for POLYCENTER Security CM for OpenVMS VAX or for POLYCENTER Security CM for OpenVMS Alpha ________________________ Note ________________________ This is the minimum number of blocks required to run POLYCENTER Security CM. You also need available disk space to store inspection results. ______________________________________________________ 3.6 Invoking POLYCENTER Security CM on a VMScluster System After installation, you must issue commands to make POLYCENTER Security CM operational across a cluster. Follow these steps: 1. Invoke the System Management Utility (SYSMAN) with the following command: $ RUN SYS$SYSTEM:SYSMAN SYSMAN> 2. Enter the following commands to: o Reinstall the DCLTABLES o Load the POLYCENTER Security CM PAK on each node in the cluster o Invoke the startup procedure on the cluster nodes SYSMAN> SET ENVIRONMENT/CLUSTER SYSMAN> SET PROFILE/PRIV=ALL SYSMAN> DO INSTALL REPLACE SYS$SHARE:DCLTABLES.EXE /OPEN/HEAD/SHARE SYSMAN> DO @SYS$STARTUP:INSPECT$STARTUP.COM 3-4 After the Installation After the Installation 3.6 Invoking POLYCENTER Security CM on a VMScluster System If you installed POLYCENTER Security CM on a mixed cluster, containing VAX systems and Alpha systems, you must install system-specific files. Enter the following command to invoke a utility that allows you to install these files: $ @INSPECT$IMAGES:INSPECT$CONFIG.COM ________________________ Note ________________________ If you carried out the installation on a VAX system, you must issue this command from an Alpha system. Likewise, if you installed on an Alpha system, you must issue this command from a VAX system. ______________________________________________________ POLYCENTER Security CM displays the Main Menu of the utility. o Enter 3 at the Your Choice on the Main Menu. o Reply to the prompts displayed by the postinstallation procedure. The available tasks include: o Updating the DCL Tables with the INSPECT command. o Updating the Help library with the POLYCENTER Security CM DCL Help. o Updating the rights list with the INSPECT$SECURITY_ MANAGER definition. o Copying the Release Notes to SYS$HELP. 3.7 Verifying the Installation To verify an installation, run the Installation Verification Procedure (IVP). You usually run the IVP during installation. However, you might want to run the IVP separately, for instance, if you changed your system or cluster configuration and want to be sure that the POLYCENTER Security CM software is running. After the Installation 3-5 After the Installation 3.7 Verifying the Installation To run the IVP separately, issue the following command: $ @SYS$TEST:INSPECT$IVP.COM 3.8 Configuring the Passthru Server The passthru server is used to allow nodes in a hidden area to send tokens to POLYCENTER SRF. Tokens are sent to the POLYCENTER SRF node name that you specify using the command line interface (CLI). You must ensure that this node name is correctly specified before you configure the passthru server. See the POLYCENTER Security Compliance Manager for OpenVMS User's Guide for information on using the CLI. When you install POLYCENTER Security CM on a VMScluster system, one randomly selected node in the cluster sends the tokens for all the nodes in the cluster. All nodes in the cluster send the same result: the result is the logical AND of the results from each node in the cluster. To configure the passthru server, enter the following command at the DCL prompt: @INSPECT$IMAGES:INSPECT$CONFIG.COM POLYCENTER Security CM displays the Main Menu of the utility that you can use to configure the passthru server. 1. Enter 1 at the Your Choice on the Main Menu. 2. Enter 1 at the Your Choice on the Passthru Server Menu. 3. Reply to the prompts displayed by the configuration procedure. The procedure creates an account for the passthru server. The account is used exclusively for network processes handling POLYCENTER Security CM passthru traffic. You are prompted to specify an unused UIC to be assigned for this account. You may want to place it in the same UIC group as other network servers on your system. Specify the UIC in [GROUP,MEMBER] format. ________________________ Note ________________________ Log files are created in the passthru server directory whenever it is invoked by a remote node. To limit the 3-6 After the Installation After the Installation 3.8 Configuring the Passthru Server number of log files, you can set a version limit on the directory containing the log files. For example, the following command limits log file storage to the most recent ten versions on a system whose passthru server directory is SYS$SYSROOT:[INSPECT$SERV]: $ SET FILE SYS$SYSROOT:[000000]INSPECT$SERV.DIR/VERSION_LIMIT=10 ______________________________________________________ 3.9 Preparing System-Specific Root Directories for Passthru Servers To specify a second node in the same VMScluster system as a passthru server, you must create a system-specific root directory on that node. In the following command, the UIC is [131,1]. These numbers serve as an example, only. The numbers you use must be identical to the ones you specified for the passthru server account during the installation procedure. When you enter the command, specify the UIC in [GROUP,MEMBER] format. Using a privileged account, issue the following command on each node designated as a passthru server: $ CREATE/DIRECTORY SYS$SPECIFIC:[INSPECT$SERV]/OWNER=[131,1] -/PROTECTION=(O:RWE,G,W) 3.10 Error Conditions Error conditions may cause a POLYCENTER Security CM installation to fail. If a failure occurs, VMSINSTAL displays the following message: %VMSINSTAL-E-INSFAIL, The installation of INSPECT V3.1 has failed. This message is preceded by one or more OpenVMS error messages, which may be generated by any of the following error conditions: o The operating system version is incorrect. o Quotas necessary for successful installation are insufficient. o System parameter values for successful installation are insufficient. After the Installation 3-7 After the Installation 3.10 Error Conditions o The OpenVMS help library is currently in use. o The product license has not been registered and loaded. If any of these conditions exist, take the action described in the error message. You may need to change a system parameter or increase an authorized quota value. If the installation fails, restart the installation procedure described in Section 2.3, starting at step 2. For descriptions of these error messages, see the OpenVMS System Messages and Recovery Procedures Reference Manual and the OpenVMS System Manager's Manual. 3.11 Maintenance Updates Digital may periodically issue maintenance updates of the POLYCENTER Security CM software. Each update consists of an installation kit. Install this kit as described in this document or in documentation that accompanies the maintenance update. Each time a maintenance update is released, the version number changes. For example, if the current version is 3.1, the version number of the next maintenance update is 3.2. In addition, the maintenance update usually includes changes to the release notes. The release notes describe the changes to the POLYCENTER Security CM software since the previous release. The updated release notes are provided online. You can read the release notes at any time. For information on reading the release notes before POLYCENTER Security CM is installed, follow the installation procedure described in Section 2.3, up to step 4. To read the release notes after installing the product, display or print the file SYS$HELP:INSPECT$031.RELEASE_NOTES, or enter the following command: $ HELP INSPECT RELEASE_NOTES 3-8 After the Installation After the Installation 3.12 Reporting Problems 3.12 Reporting Problems If an error occurs while you are using the POLYCENTER Security CM software, and you believe that the error is caused by a problem with POLYCENTER Security CM, take one of the following actions: o If you have a Software Service Agreement, have your Customer Support Center Contact call your Customer Support Center. (With these services, you receive telephone support that provides high-level advisory and remedial assistance. For more information, contact your local Digital representative.) o If you have a Self-Maintenance Software Agreement but do not feel that the problem warrants immediate attention, you can submit a Software Performance Report (SPR). o If you do not have a Software Service Agreement but purchased the POLYCENTER Security CM software within the last 90 days and this is a nonconformance problem, you can submit an SPR. After the Installation 3-9 A _________________________________________________________________ Sample Installation This appendix contains a sample installation of POLYCENTER Security CM for OpenVMS VAX Version 3.1. If you refer to this sample while installing another version of POLYCENTER Security CM, you may find that the installation procedure varies. OpenVMS VAX Software Product Installation Procedure V6.2 It is 13-JAN-1999 at 09:17. Enter a question mark (?) at any time for help. * Are you satisfied with the backup of your system disk [YES]? y * Where will the distribution volumes be mounted: sys$sysdevice: Enter the products to be processed from the first distribution volume set. * Products: inspect * Enter installation options you wish to use (none): The following products will be processed: INSPECT V3.1 Beginning installation of INSPECT V3.1 at 09:18 %VMSINSTAL-I-RESTORE, Restoring product save set A ... %VMSINSTAL-I-RELMOVED, Product's release notes have been moved to SYS$HELP. Copyright (c) Digital Equipment Corporation, 1992-1995 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. Sample Installation A-1 Sample Installation The software contained on this media is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, duplication or dissemination of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. * Do you want to purge files replaced by this installation [YES]? y Product: INSPECT Producer: DEC Version: 3.1 Release Date: 04-JUL-1998 * Does this product have an authorization key registered and loaded? y * Do you want to run the IVP after the installation [YES]? y LOCKDOWN WARNING The POLYCENTER Security Compliance Manager software generates a lockdown command procedure. This procedure contains suggested solutions for each security violation stated in the report. Blindly executing the lockdown procedure may have side effects that cripple your system or layered products. It is YOUR responsibility to examine the lockdown procedure to ensure that it is compatible with your configuration. If the lockdown procedure is not satisfactory, you are still responsible for correcting the security violations stated in the report. Feel free to extract and use the sections of the lockdown procedure that are compatible with your configuration. At the prompt, please type "I UNDERSTAND" to state your understanding of the preceding two paragraphs. This is required for the installation to continue. * State that you understand the LOCKDOWN WARNING: I understand A-2 Sample Installation Sample Installation The POLYCENTER Security CM software depends upon a specific subdirectory structure for its operation. In response to the following question, enter a location where these directories should reside. All files used or created while running the POLYCENTER Security CM software will reside in subdirectories of the location you specify. *** NOTE *** It is recommended that these directories should *NOT* be placed within the system directory tree (that is, SYS$SYSROOT:[*...]). * Where should the directories be placed [SYS$SYSDEVICE:[INSPECT]]: %VMSINSTAL-I-SYSDIR, This product creates system disk directory SYS$SYSDEVICE:[INSPECT]. %CREATE-I-EXISTS, SYS$SYSDEVICE:[INSPECT] already exists %INSPECT-I-ROOT_DIR, INSPECT$ROOT will be defined as: -INSPECT-I-ROOT_DIR, SYS$SYSDEVICE:[INSPECT.] This installation will now attempt to shut down POLYCENTER Security CM if it is already active on any node. Please ignore any error messages that might be displayed. %SYSMAN-I-ENV, current command environment: Clusterwide on local cluster Username SYSTEM will be used on nonlocal nodes %SYSMAN-I-OUTPUT, command execution on node PUPPY The remainder of this installation will be completed without further questions. This will take between 5 and 40 minutes depending on your processor type. %VMSINSTAL-I-RESTORE, Restoring product save set B ... %VMSINSTAL-I-SYSDIR, This product creates system disk directory INSPECT$ROOT:[DATABASE]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory INSPECT$ROOT:[IMAGES]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory INSPECT$ROOT:[EXAMPLES]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory INSPECT$ROOT:[IMAGES.VAX]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory INSPECT$ROOT:[EXAMPLES.VAX]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory INSPECT$ROOT:[LOGS]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory INSPECT$ROOT:[REPORTS]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory INSPECT$ROOT:[LOCKDOWNS]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory INSPECT$ROOT:[SCRATCH]. %VMSINSTAL-I-SYSDIR, This product creates system disk directory INSPECT$ROOT:[DICTIONARY]. To have your POLYCENTER Security CM environment defined after each system boot, please add the following line to your system startup procedure, SYS$STARTUP:SYSTARTUP_VMS.COM. Sample Installation A-3 Sample Installation $ @ SYS$STARTUP:INSPECT$STARTUP %VMSINSTAL-I-MOVEFILES, Files will now be moved to their target directories... %-I-STARTUP, Now starting POLYCENTER Security CM. Importing Example Required Inspector. %RUN-S-PROC_ID, identification of created process is 00000119 %RUN-S-PROC_ID, identification of created process is 0000011A %INSPECT-I-IVP, Starting Installation Verification Procedure. Copyright (c) Digital Equipment Corporation, 1992-1995 All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Digital Equipment Corporation. Possession, use, duplication or dissemination of the software and media is authorized only pursuant to a valid written license from Digital Equipment Corporation. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, or in FAR 52.227-19, as applicable. Installation of POLYCENTER Security CM V3.1 software successful. POLYCENTER Security CM V3.1 Installation Verification Procedure completed. Installation of INSPECT V3.1 completed at 09:21 A-4 Sample Installation B _________________________________________________________________ POLYCENTER Security CM for OpenVMS Files This appendix lists the files that the POLYCENTER Security CM installation places on the system. Table B-1 lists the files that the installation places in the INSPECT$ROOT:[IMAGES] directory. Table_B-1_Files_Placed_in_INSPECT$ROOT:[IMAGES]____________ File________________________________Description____________ INSPECT$031.RELEASE_NOTES POLYCENTER Security CM release notes. This is only placed in this directory if you install both POLYCENTER Security CM for OpenVMS Alpha and POLYCENTER Security CM for OpenVMS VAX. INSPECT$CLI.CLD File used by the command line interface. This is only placed in this directory if you install both POLYCENTER Security CM for OpenVMS Alpha and POLYCENTER Security CM for OpenVMS VAX. (continued on next page) POLYCENTER Security CM for OpenVMS Files B-1 POLYCENTER Security CM for OpenVMS Files Table_B-1_(Cont.)_Files_Placed_in_INSPECT$ROOT:[IMAGES]____ File________________________________Description____________ INSPECT$CONFIG.COM Program used to configure the passthru server and to create a new database. INSPECT$CREATE_NEW_DATABASE.COM Program used to create a new database. INSPECT$EXEC.COM Command procedure to run the executor. INSPECT$IVP.COM Command procedure to run the Installation Verification Procedure (IVP). INSPECT$PORTAL.COM Command procedure to run the portal. INSPECT$POSTINSTALL.COM Post-installation command procedure. This is only placed in this directory if you install both POLYCENTER Security CM for OpenVMS Alpha and POLYCENTER Security CM for OpenVMS VAX. INSPECT$PRELOCK.COM Command procedure to set up the privileges required to lock down tests. INSPECT$POSTLOCK.COM Command procedure to remove privileges needed to lock down tests. INSPECT$SHUTDOWN.COM POLYCENTER Security CM shutdown command procedure. (continued on next page) B-2 POLYCENTER Security CM for OpenVMS Files POLYCENTER Security CM for OpenVMS Files Table_B-1_(Cont.)_Files_Placed_in_INSPECT$ROOT:[IMAGES]____ File________________________________Description____________ INSPECT$START_EXEC.COM Secondary startup procedure for the executor. INSPECT$START_PORTAL.COM Secondary startup procedure for the portal. INSPECT$VACCLGCM_MAIN.COM Command procedure used to start the Account Login Command program (a program used by one ____________________________________of_the_tests.)_________ Table B-2 lists the files that the installation places in the INSPECT$ROOT:[IMAGES.VAX] directory on OpenVMS VAX systems and in the INSPECT$ROOT:[IMAGES.AXP] directory on OpenVMS Alpha systems. Table_B-2_Files_Placed_in_INSPECT$ROOT:[IMAGES.system]_____ File____________________________Description________________ INSPECT$BASESHR.EXE A POLYCENTER Security CM shareable image. INSPECT$CIASHR.EXE A POLYCENTER Security CM shareable image. This file is installed only on OpenVMS Alpha systems. INSPECT$CLI.EXE The executable file for the command line interface. This program is installed with the following privileges: o SYSLCK o WORLD (continued on next page) POLYCENTER Security CM for OpenVMS Files B-3 POLYCENTER Security CM for OpenVMS Files Table B-2 (Cont.) Files Placed in __________________INSPECT$ROOT:[IMAGES.system]_____________ File____________________________Description________________ INSPECT$CONSTSHR.EXE A POLYCENTER Security CM shareable image. INSPECT$DBSHR.EXE A POLYCENTER Security CM shareable image. INSPECT$EXECUTOR.EXE The executable file for the POLYCENTER Security CM executor. This program runs from a detached process with the following privileges: o SYSLCK o READALL o SYSNAM o SECURITY o SYSPRV o CMKRNL o ALTPRI o EXQUOTA o NETMBX o TMPMBX o WORLD o OPER o BYPASS o DETACH o SETPRV INSPECT$INSPSHR.EXE A POLYCENTER Security CM shareable image. (continued on next page) B-4 POLYCENTER Security CM for OpenVMS Files POLYCENTER Security CM for OpenVMS Files Table B-2 (Cont.) Files Placed in __________________INSPECT$ROOT:[IMAGES.system]_____________ File____________________________Description________________ INSPECT$MSGCHANSHR.EXE A POLYCENTER Security CM shareable image. INSPECT$PASSTHRU_SERVER.EXE The executable file for the passthru server. INSPECT$PORTAL.EXE The executable file for the POLYCENTER Security CM portal. This program runs from a detached process with the following privileges: o SYSLCK o SYSNAM o SYSPRV o SECURITY o CMKRNL o AUDIT o DETACH o EXQUOTA o NETMBX o TMPMBX o OPER o WORLD INSPECT$PRIMSHR.EXE A POLYCENTER Security CM shareable image. INSPECT$RWTOOLSHR.EXE A POLYCENTER Security CM shareable image. (continued on next page) POLYCENTER Security CM for OpenVMS Files B-5 POLYCENTER Security CM for OpenVMS Files Table B-2 (Cont.) Files Placed in __________________INSPECT$ROOT:[IMAGES.system]_____________ File____________________________Description________________ INSPECT$SERV_LOGIN.COM Command procedure associated with the passthru account. INSPECT$VACCLGCM.EXE A POLYCENTER Security CM shareable image. INSPECT$_MSG.EXE________________Run-time_message_library.__ Table B-3 lists the files that the installation places in the INSPECT$ROOT:[DATABASE] directory. Table_B-3_Files_Placed_in_INSPECT$ROOT:[DATABASE]__________ File______________________________________Description______ INSPECT$CONFIG.DAT A file that stores data configurable from the POLYCENTER Security Console GUI and from the CLI. INSPECT$INSIDX.DAT The inspector index file. INSPECT$JOBIDX.DAT The job index file. INSPECT$TOKIDX.DAT The token index file. INSPECT$IN_4E7MGTO40OG0KAJQF282C007.DAT The sample or_similar________________________________inspector._______ Table B-4 lists the files that the installation places in the INSPECT$ROOT:[DICTIONARY] directory. B-6 POLYCENTER Security CM for OpenVMS Files POLYCENTER Security CM for OpenVMS Files Table_B-4_Files_Placed_in_INSPECT$ROOT:[DICTIONARY]________ File____________________________Description________________ INSPECT$USER_DICT.DAT A dictionary file used by ________________________________the_Weak_Passwords_test.___ Table B-5 lists the files that the installation places in the INSPECT$ROOT:[EXAMPLES] directory. Table_B-5_Files_Placed_in_INSPECT$ROOT:[EXAMPLES]__________ File______________________________________Description______ INSPECT$EXAMPLE_REQUIRED_INSPECTOR.DAT Sample inspector file (binary format). INSPECT$SAMPLE_VMS_UW.C Sample user- __________________________________________written_program._ Table B-6 lists the files that the installation places in the INSPECT$ROOT:[EXAMPLES.AXP] directory on OpenVMS Alpha systems and in the INSPECT$ROOT:[EXAMPLES.VAX] directory on OpenVMS VAX systems. Table_B-6_Files_Placed_in_INSPECT$ROOT:[EXAMPLES.system]___ File____________________________Description________________ INSPECT$SAMPLE_VMS_UW.EXE Sample user-written program ________________________________executable_file.___________ POLYCENTER Security CM for OpenVMS Files B-7 C _________________________________________________________________ POLYCENTER Security CM Logicals This appendix describes the logicals that you can define when using POLYCENTER Security CM. Most of these logicals specify file locations. C.1 POLYCENTER Security CM Logicals Table C-1 describes the logicals. Table_C-1_POLYCENTER_Security_CM_Logicals__________________ Logical_______________Description__________________________ INSPECT$BASESHR Specifies the location of a POLYCENTER Security CM shareable image. INSPECT$CIASHR Specifies the location of a POLYCENTER Security CM shareable image. INSPECT$CLI Specifies the location of the POLYCENTER Security CM command line interface executable image. INSPECT$CLUSTER_NAME Specifies the name of the cluster on which POLYCENTER Security CM runs. INSPECT$CONSTSHR Specifies the location of a POLYCENTER Security CM shareable image. (continued on next page) POLYCENTER Security CM Logicals C-1 POLYCENTER Security CM Logicals C.1 POLYCENTER Security CM Logicals Table_C-1_(Cont.)_POLYCENTER_Security_CM_Logicals__________ Logical_______________Description__________________________ INSPECT$DATABASE Specifies the location of the POLYCENTER Security CM database directory. INSPECT$DBSHR Specifies the location of a POLYCENTER Security CM shareable image. INSPECT$DICTIONARY Specifies the location of a dictionary file used by the Weak Passwords test. INSPECT$EXAMPLES A search list that specifies the location of the directory containing a sample user-defined test. It specifies the location of the executable image and the location of the source code. INSPECT$IMAGES A search list that specifies the location of the following directories: o The directory containing the executable images for either POLYCENTER Security CM for OpenVMS Alpha or POLYCENTER Security CM for OpenVMS VAX. o The command files. INSPECT$INSPSHR Specifies the location of a POLYCENTER Security CM shareable image. INSPECT$LOCKDOWNS Specifies the location of the directory containing the lockdown files. INSPECT$LOGS Specifies the location of the directory containing the log files. (continued on next page) C-2 POLYCENTER Security CM Logicals POLYCENTER Security CM Logicals C.1 POLYCENTER Security CM Logicals Table_C-1_(Cont.)_POLYCENTER_Security_CM_Logicals__________ Logical_______________Description__________________________ INSPECT$MSGCHANSHR Specifies the location of a POLYCENTER Security CM shareable image. INSPECT$PRIMSHR Specifies the location of a POLYCENTER Security CM shareable image. INSPECT$REPORTS Specifies the location of the directory containing the POLYCENTER Security CM reports. INSPECT$ROOT Specifies the location of the root directory. INSPECT$RWTOOLSHR Specifies the location of a POLYCENTER Security CM shareable image. INSPECT$SCRATCH Specifies the location of a directory containing some log files. INSPECT$_MSG Specifies the location of the executable image for the message ______________________file.________________________________ POLYCENTER Security CM Logicals C-3 _________________________________________________________________ Index A______________________________ I______________________________ AUTHORIZE utility Identifier using, 3-3 granting, 3-3 Installation C______________________________ aborting, 2-2 Command files, 3-1 associated software, 1-4 Configuring the passthru completing, 3-1 server, 3-6 failure, 3-7 Conventions, viii files added, B-1 kit, 1-1 D requirements, 1-4 _______________________________ requirements after, 3-1 DCLTABLES, 3-4 requirements before, 1-4 Directory sample, A-1 specifying, 2-5 starting, 2-1 Disk space steps, 2-2 required after installation, verifying, 3-5 3-4 Installation Verification required for installation, Procedure 1-4 See IVP Documentation IVP, 1-3, 2-5, 3-5 related, viii E L______________________________ _______________________________ License Error Conditions, 3-7 See PAK F LICENSE LOAD command, 3-4 _______________________________ License Management Facility Files See LMF installed, B-1 purging previous release, 2-4 Index-1 License Product Authorization Prerequisite software, 1-4 Key Privilege See PAK to install, 1-4 LICENSE REGISTER command, 1-3 to run POLYCENTER Security License registration, 1-2 CM, 3-3 LMF, 1-2 Problems Lockdown Warning, 2-5 reporting, 3-9 Logicals, C-1 Product Authorization Key See PAK M______________________________ Purging Maintenance update, 3-8 files of previous releases, Messages, 2-5 2-4 _______________________________ R______________________________ Operating system components Release Notes required, 1-2 accessing, 1-1 Operating system required, 1-4 choosing options, 2-3 Option reading after installation, purging, 2-4 1-2 release notes, 2-1 reading before installation, 1-1 P______________________________ Requirements for installation PAK, 1-2, 2-5, 3-4 associated software, 1-4 Passthru server disk space, 1-4 definition, 3-6 operating system, 1-4 preparing system-specific privileges, 1-4 root directory, 3-7 time, 1-4 POLYCENTER Security CM Requirements for running directories, 2-5 POLYCENTER Security CM files, B-1 quotas, 3-3 installation, 2-1 Root directory installing from a spawned system-specific, 3-7 process, 1-5 S invoking, 3-3 _______________________________ maintenance updates, 3-8 Sample installation session, on a VMScluster system, 1-3 A-1 requirements after Software installation, 3-1 distribution kit, 1-1 requirements for running, problems, 3-9 3-3 product description, 1-2 requirements for running Software Performance Report quotas, 3-3 See SPR requirements to install, 1-4 software, 3-8 Index-2 Software Product Description See UIC See SPD SPD, 1-2 V______________________________ SPR, 3-9 VMScluster system Startup command procedure, 3-2 alias required for reporting System-specific root directory token, 2-6 preparing, 3-7 license load on each node, U 1-3 _______________________________ running POLYCENTER Security UIC CM, 3-1 for Passthru server account, VMScluster systems 3-7 running POLYCENTER Security Update CM, 1-3 POLYCENTER Security CM VMSINSTAL, 2-1 software, 3-8 requirements, 1-5 User Identification Code Index-3