HP OpenVMS Guide to System Security > Appendix C Running an OpenVMS System in a C2 Environment

Checklist for Generating a C2 System

  Table of Contents

  Glossary

  Index

The previous sections of this appendix describe the U.S. government requirements for running the OpenVMS operating system in a C2 environment. The following list reviews the government's security requirements:

Installing the System

  • Did you perform a full installation (not an upgrade) as described in the OpenVMS AXP Version 6.1 Upgrade and Installation Manual or OpenVMS VAX Version 6.1 Upgrade and Installation Manual ?

Using Evaluated Components

  • Is all hardware in your configuration listed on the evaluated hardware list? (See Final Evaluation Report, Digital Equipment Corporation, OpenVMS VAX and SEVMS Version 6.0.)

  • Have you excluded the following software products: DECdns, LASTport, LASTport/DISK, LAT?

  • Do system files have the same protection as when HP delivered them to you? (See Appendix B “Protection for OpenVMS System Files”.)

  • Did you avoid installing DECwindows software or other privileged layered products?

Making Individuals Accountable

  • Have you trained privileged users so they understand the effect of operations they may perform?

  • Does each user have a unique UIC?

  • Do all accounts have passwords of nonzero length?

  • Does each user have a separate account?

  • Have you eliminated any guest accounts?

  • Have you disabled all autologins?

  • Does each user have a unique proxy?

  • Are all proxy accounts nonprivileged?

  • Do you log operators' HSC activities on a hardcopy printer?

  • Does the HSC console have a sign-in log, and are your operators trained to use it?

  • Did you ensure that users are familiar with the restrictions on the use of access control strings in the evaluated configuration?

Managing the Audit Reporting System

  • Are the audit server and OPCOM processes running?

  • Do you have one audit log file for the entire cluster?

  • Are you using a hardcopy terminal as the security operator terminal?

  • Is the security operator terminal accessible only to authorized personnel?

  • Do you have a procedure for reviewing the audit log file on a regular basis?

  • Does the audit log file have both Audit and Alarm ACEs?

  • Are the Authorization and ACL event classes enabled?

  • Did you put Audit ACEs on all captive login command procedures and their home directories?

Reusing Disks, Tapes, and Terminals

  • Is high-water marking enabled on system disk volumes?

  • Are users trained to shut off their terminals after logging out?

  • Do you have a procedure for erasing tapes before they are used again?

Building a Single Security Domain

  • Does your cluster have only one copy of the following files?

    NETOBJECT.DAT

    NET$PROXY.DAT

    NETPROXY.DAT

    QMAN$MASTER.DAT

    RIGHTSLIST.DAT

    SYS$QUEUE_MANAGER.QMAN$QUEUES

    SYSUAF.DAT

    SYSUAFALT.DAT

    VMS$AUDIT_SERVER.DAT

    VMSMAIL_PROFILE.DATA

    VMS$OBJECTS.DAT

    VMS$PASSWORD_DICTIONARY.DATA

    VMS$PASSWORD_HISTORY.DATA

    VMS$PASSWORD_POLICY.EXE

  • Are all nodes in the cluster part of the C2 configuration?

Starting the System

  • Did you set security-sensitive parameters to the following values?

    LGI_CALLOUTS

    0

    LOAD_PWD_POLICY

    0

    MAXSYSGROUP

    7

    NISCS_CONV_BOOT

    0

    RMS_FILEPROT

    65,280

    SECURITY_POLICY

    0

    STARTUP_P1

    "####"

  • Is the CONNECT CONSOLE command disabled? (On VAX 9000 systems, is the SET SPU_UPDATE_OFF command in effect?)

  • Have you excluded FYDRIVER from your system?