Security Compliance Manager for OpenVMS
User's Guide

Previous Contents Index

Appendix C


This appendix provides information about tokens that POLYCENTER Security CM can send to the POLYCENTER SRF tool.

In This Appendix

This appendix contains the following sections:

C.1 Purpose of a Token


This section describes the purpose of the token that POLYCENTER Security CM can send to POLYCENTER SRF after an inspection.


A token is a security status message summarizing Pass and Fail results for test collections in an inspector's domain. A token reports security status to a node running POLYCENTER SRF. POLYCENTER SRF extracts data from the token and stores it in a relational database. Designated users can then access the stored data to gain a global view of the test results of nodes on a network. Security administrators can refer to the POLYCENTER Security Reporting Facility User's Guide for more information about tokens.

You can use the POLYCENTER Security Console GUI or the POLYCENTER Security CM CLI to specify the POLYCENTER SRF node.

Unsuccessful Transmission

If transmission is unsuccessful (for instance, the collection node is unavailable or is not running POLYCENTER SRF), then POLYCENTER Security CM continues to attempt to send the token until it is successful.

Result Mask

The test result mask sent in the token is assembled by performing a logical AND of each node's test result mask. The same result is sent for each node in the cluster. When sending more than one token, the executor uses the same DECnet or TCP/IP link for each transaction, which reduces the overhead of starting a DECnet or TCP/IP link for each token.

Integrity Protection

The token is integrity-protected to prevent users from attempting to forge inspection results.

C.2 Token Memos


This section provides information on memos associated with tokens. It contains information on the following:

Token Status Memos

Each time an executor attempts to send tokens, it reports the results as follows:

Cluster and Node Status Memos

After an executor sends a token, you might receive a cluster and node status memo. This memo acknowledges that the POLYCENTER SRF node has received the token. The memo is sent at the discretion of the POLYCENTER SRF administrator.

Missing Tokens Memos

Some sites that run POLYCENTER SRF might monitor the receipt of the inspector token and send a memo if POLYCENTER SRF has not received the token within a certain time interval. The interval can consist of the sum of the following times:

Contact the POLYCENTER SRF administrator for the collection node and grace period for your system.

You can receive a missing tokens memo if the following administrative problem exists: your node is sending tokens to the POLYCENTER SRF node specified when POLYCENTER Security CM was installed on your node, but a different POLYCENTER SRF node is expecting a token from your node.

A number of conditions can delay the sending of a token. The following are some possible causes of delay:

Testing Receipt of Tokens

See Appendix B for directions on testing whether POLYCENTER SRF is processing tokens that your system sends successfully.


Executor process : A process that hibernates until the POLYCENTER Security CM database activates it when an inspector is scheduled to start and when write and update requests are made to the database. The Executor acts as the operational center for POLYCENTER Security CM.

Inspection: The process of running an inspector.

Inspector: A collection of tests that analyze a system's security settings.

Lockdown file: When an inspection detects one or more system settings that conflict with the requirements of your organization's security rules and when the lockdown flag is enabled, POLYCENTER Security CM generates a lockdown file. The lockdown file contains commands that help bring the system into compliance with the security rules of your organization.

Missing tokens memo: A memo sent by POLYCENTER SRF to group managers to identify the nodes that have not sent the token.

Passthru server: Software that accepts tokens from POLYCENTER Security CM and sends the tokens to a POLYCENTER SRF node via DECnet or TCP/IP.

Policy file ID: The time-stamp on the policy file. POLYCENTER SRF monitors policy file usage based on the identifiers and other information about the parameter files which is stored in the POLYCENTER SRF database.

POLYCENTER Security CM: POLYCENTER Security Compliance Manager (POLYCENTER Security CM) for OpenVMS software uses a set of values derived from a corporate security policy to discover security weaknesses and recommend ways of improving the security on OpenVMS systems.)

POLYCENTER SRF: Digital software that extracts data from tokens and stores the data in a relational database, from which designated users can gain a global view of inspection results. POLYCENTER Security CM sends tokens to POLYCENTER Security Reporting Facility (POLYCENTER SRF) for OpenVMS.

POLYCENTER SRF node: The POLYCENTER SRF node is the node that is specified during the POLYCENTER Security CM installation procedure as the location of POLYCENTER SRF. POLYCENTER Security CM sends tokens to the POLYCENTER SRF node.

Portal process: A process that accepts messages from POLYCENTER Security Console sent using either DECnet or TCP/IP. It can respond to requests, for example to send a report to the PC or it can pass the request to the executor.

Report: An account of the results of an inspection. Users receive reports via electronic mail. Users can also view reports from the POLYCENTER Security Console GUI.)

Subsystem: A group of related tests. For ease of reference, tests are grouped into the following subsystems: Files, Network, Accounts, SYSGEN, Audit, and Miscellaneous subsystems.

Test collection: Contains one or more individual tests. A subsystem contains one or more test collections.

Token: A security status message describing the results of an inspection. An inspector can send a token to the POLYCENTER SRF node specified by your security administrator during installation.

Index Contents