- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- How to create a privileged COPY command?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2011 10:58 AM
02-08-2011 10:58 AM
The object would be to create a program that makes an audit log of who, when and what files are copied to a protected production directory. The directory can only be accessed with privilege or by using this program with an audit trail.
Any ideas out there?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2011 11:05 AM
02-08-2011 11:05 AM
Re: How to create a privileged COPY command?
How about skipping the privileged executable and setting the appropriate settings in the target directory to:
- allow the writer to write to the directory; and
- turn on auditing on the directory.
(Am about to go on a conference call, otherwise would sit down and gin up the example).
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2011 11:39 AM
02-08-2011 11:39 AM
Re: How to create a privileged COPY command?
For a description of ALARM and AUDIT ACEs, see the OpenVMS System Management Utilities Reference Manual (at http://h71000.www7.hp.com/doc/83final/6048/6048pro.html#index_x_34 ), Section 1.3.
Obviously, the documented privileges are required to establish the ACL entries, but they can be defaulted on the directory.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2011 01:51 PM
02-08-2011 01:51 PM
Re: How to create a privileged COPY command?
Installing images with privileges that weren't designed for that purpose has many pitfalls and potential to create unintended security holes.
Simple example, suppose I used the privileged COPY to overwrite the audit trail with my version of the audit trail?
Much simpler and safer to use appropriate ACLs to allow authorised users to access the directory in question, and generate the required audit messages.
Another option which may not require privilege, look up SUBSYSTEMS in the security manual.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2011 02:06 PM
02-08-2011 02:06 PM
Re: How to create a privileged COPY command?
I should explain that the object is to make our financial auditors happy by not allowing our programmers full, unlogged access to production files. It's not just a matter of keeping the world out, it's keeping almost everyone out except the application itself. Hence my desire to have a program that would only copy certain files to a directory and identify who, what, and when. I'm sure there are other solution so I'm open to suggestions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2011 02:17 PM
02-08-2011 02:17 PM
Re: How to create a privileged COPY command?
Then you definitely DO NOT want to install a privileged image. However, the ALARM and AUDIT ACEs are designed for precisely this type of requirement.
As they are documented in that way, they are particularly well-suited to satisfying audit requirements.
If I can be of any assistance, please let me know.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2011 02:30 PM
02-08-2011 02:30 PM
Re: How to create a privileged COPY command?
Then you can determine just how you want to grant/revoke the Identifiers - manually through Authorize if the usage is low and occurs during hours when a sysadmin can grant it - or write a privileged program with some reasonably good authentication to grant/revoke the Identifier (and log that separately) if there is a lot of activity or you need off-hours access.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2011 04:17 PM
02-08-2011 04:17 PM
SolutionAll you have to do after copying COPY.EXE to PRIVED_COPY.EXE and installing it, is to DEFINE COPY as a logical name pointing to PRIVED_COPY.EXE in the login.com of the users you wish to have access to it
That way when these users invoke the standard COPY verb from DCLTABLES, it will launch PRIVED_COPY.EXE.
Be sure to set the file protection on PRIVED_COPY.EXE so that no one can access it except those that were intended to use it. This will probably means you will need an ACL that grants them execute access to the file.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-08-2011 04:35 PM
02-08-2011 04:35 PM
Re: How to create a privileged COPY command?
>Be sure to set the file protection on
>PRIVED_COPY.EXE so that no one can access
>it except those that were intended to use
>it. This will probably means you will need
>an ACL that grants them execute access to
>the file.
Yes, but how come you're trusting the ACL on your PRIVED_COPY.EXE to work, when (by implication) you don't trust the same ACL to work on the target directory? Remove the middle entity, just protect the target directly exactly as you're proposing to protect the privileged image.
re: Clark: "it's keeping almost everyone out except the application itself."
This is EXACTLY what a PROTECTED SUBSYSTEM does. You define the subsystem using identifiers, then GRANT the subsystem identifier to an application. Only applications belonging to the subsystem are allowed to access the files. It's much finer control than using general privileges.
See Chapter 14 of Guide to OpenVMS System Security http://h71000.www7.hp.com/doc/84final/ba554_90015/ch14.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2011 06:48 AM
02-09-2011 06:48 AM
Re: How to create a privileged COPY command?
After considering your question overnight, the ACL solution is IMHO the right path.
Audit requirements include a requirement that all changes be identified, thus the directory needs to be protected against the widest group of users. ACLs on the directory are the solution to this requirement.
A privileged version of COPY does not improve the level of protection. In fact, it restricts operations to COPY operations, which in many situations is not desirable.
- Bob Gezelter, http://www.rlgsc.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-09-2011 08:30 AM
02-09-2011 08:30 AM
Re: How to create a privileged COPY command?
>>>
It's not just a matter of keeping the world out, it's keeping almost everyone out except the application itself.
<<<
Reread John G.'s answer w.r.t. Protected Subsystems!
It can do EXACTLY what you seem to desire, but is NOT limited to COPY operations.
- you need to enable the volume where the application program(s) reside(s) for subsystems
- you need to create (a) SUBSYSTEM identifier(s) (maybe differentiate between Read/Write/Delete functionalities?)
- you install the relevant program(s) with the relevant ident(s)
- you restrict the access to the data structures to be limited to the relevant subsystem IDs.
- create a DIFFERENT set of application IDs, and use those to specify execute access to the application images.
Now,
ONLY authorised users can run (maybe part of?) the application
ONLY users RUNNING the app image have (ONLY the specified) access to the data.
--- In implementing, be sure to read (and understand) the relevant chapter in the Guide to System Security.
It is no magic, but all in all not entirely trivial.
hth
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2011 03:53 PM
02-10-2011 03:53 PM
Re: How to create a privileged COPY command?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-10-2011 05:04 PM
02-10-2011 05:04 PM
Re: How to create a privileged COPY command?
Subsystem images need to be INSTALLed, so you can't do it from DCL.
If you can't write an executable image to mediate access to the data files, that takes you back to designing an ACL structure which grants appropriate access.
You're unlikely to be able to write a "secure" DCL procedure to do what you want. If it's possible to do something inside the procedure, it's possible to do it outside as well.
An installed image (subsystem or privileged) is a different beast. You can control exactly what is permitted.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-11-2011 06:08 AM
02-11-2011 06:08 AM
Re: How to create a privileged COPY command?
http://labs.hoffmanlabs.com/node/491
Has some options.
I'd probably use a DECnet task here, since I'm guessing this isn't a heavy-usage application.
There are other options.
Trying to secure a process with privileged and unprivileged code mixed together is to be avoided. That's more difficult to secure, and more vulnerable to attacks.
The subsystem identifier would probably work here, but you can firewall this whole task by passing along a directory specification to a privileged server process via DECnet task-to-task, and have the server do all the work for your user. That's simpler to build and secure, given the only connection between the untrusted and the trusted software is the DECnet link.
If you're just logging stuff and this COPY is a canard, then you might look at the OPCOM REQUEST command:
REQUEST "Hello, I'm Home"
or analogous. That'll log whatever is requested, and where the gremlins can't get at it.
Or look at adding modern operator and system logging onto VMS, rather than the antique OPCOM scheme. syslog and other options do exist.