This appendix provides information about tokens that POLYCENTER Security CM can send to the POLYCENTER SRF tool.
This appendix contains the following sections:
C.1 Purpose of a Token
This section describes the purpose of the token that POLYCENTER Security CM can send to POLYCENTER SRF after an inspection.
A token is a security status message summarizing Pass and Fail results for test collections in an inspector's domain. A token reports security status to a node running POLYCENTER SRF. POLYCENTER SRF extracts data from the token and stores it in a relational database. Designated users can then access the stored data to gain a global view of the test results of nodes on a network. Security administrators can refer to the POLYCENTER Security Reporting Facility User's Guide for more information about tokens.
You can use the POLYCENTER Security Console GUI or the POLYCENTER Security CM CLI to specify the POLYCENTER SRF node.
If transmission is unsuccessful (for instance, the collection node is unavailable or is not running POLYCENTER SRF), then POLYCENTER Security CM continues to attempt to send the token until it is successful.
The test result mask sent in the token is assembled by performing a logical AND of each node's test result mask. The same result is sent for each node in the cluster. When sending more than one token, the executor uses the same DECnet or TCP/IP link for each transaction, which reduces the overhead of starting a DECnet or TCP/IP link for each token.
The token is integrity-protected to prevent users from attempting to forge inspection results.
C.2 Token Memos
This section provides information on memos associated with tokens. It contains information on the following:
Each time an executor attempts to send tokens, it reports the results as follows:
After an executor sends a token, you might receive a cluster and node status memo. This memo acknowledges that the POLYCENTER SRF node has received the token. The memo is sent at the discretion of the POLYCENTER SRF administrator.
Some sites that run POLYCENTER SRF might monitor the receipt of the inspector token and send a memo if POLYCENTER SRF has not received the token within a certain time interval. The interval can consist of the sum of the following times:
Contact the POLYCENTER SRF administrator for the collection node and grace period for your system.
You can receive a missing tokens memo if the following administrative problem exists: your node is sending tokens to the POLYCENTER SRF node specified when POLYCENTER Security CM was installed on your node, but a different POLYCENTER SRF node is expecting a token from your node.
A number of conditions can delay the sending of a token. The following are some possible causes of delay:
See Appendix B for directions on testing whether POLYCENTER SRF is processing tokens that your system sends successfully.
Executor process : A process that hibernates until the
POLYCENTER Security CM database activates it when an inspector is scheduled to
start and when write and update requests are made to the database. The
Executor acts as the operational center for POLYCENTER Security CM.
Inspection: The process of running an inspector.
Inspector: A collection of tests that analyze a
system's security settings.
Lockdown file: When an inspection detects one or more
system settings that conflict with the requirements of your
organization's security rules and when the lockdown flag is enabled,
POLYCENTER Security CM generates a lockdown file. The lockdown file contains
commands that help bring the system into compliance with the security
rules of your organization.
Missing tokens memo: A memo sent by POLYCENTER SRF to
group managers to identify the nodes that have not sent the token.
Passthru server: Software that accepts tokens from
POLYCENTER Security CM and sends the tokens to a POLYCENTER SRF node via
DECnet or TCP/IP.
Policy file ID: The time-stamp on the policy file.
POLYCENTER SRF monitors policy file usage based on the identifiers and
other information about the parameter files which is stored in the
POLYCENTER SRF database.
POLYCENTER Security CM: POLYCENTER Security Compliance Manager
(POLYCENTER Security CM) for OpenVMS software uses a set of values derived from
a corporate security policy to discover security weaknesses and
recommend ways of improving the security on OpenVMS systems.)
POLYCENTER SRF: Digital software that extracts data
from tokens and stores the data in a relational database, from which
designated users can gain a global view of inspection results.
POLYCENTER Security CM sends tokens to POLYCENTER Security Reporting Facility
(POLYCENTER SRF) for OpenVMS.
POLYCENTER SRF node: The POLYCENTER SRF node is the node
that is specified during the POLYCENTER Security CM installation procedure as
the location of POLYCENTER SRF. POLYCENTER Security CM sends tokens to the
POLYCENTER SRF node.
Portal process: A process that accepts messages from
POLYCENTER Security Console sent using either DECnet or TCP/IP. It can respond to
requests, for example to send a report to the PC or it can pass the
request to the executor.
Report: An account of the results of an inspection.
Users receive reports via electronic mail. Users can also view
reports from the POLYCENTER Security Console GUI.)
Subsystem: A group of related tests. For ease of
reference, tests are grouped into the following subsystems: Files,
Network, Accounts, SYSGEN, Audit, and Miscellaneous subsystems.
Test collection: Contains one or more individual
tests. A subsystem contains one or more test collections.
Token: A security status message describing the results of an inspection. An inspector can send a token to the POLYCENTER SRF node specified by your security administrator during installation.