update on greenhouse nonstop server security and operations free- and shareware tools carl weber...
Post on 17-Dec-2015
214 Views
Preview:
TRANSCRIPT
Update onGreenHouse
NonStop ServerSecurity and Operations
Free- and ShareWare ToolsCarl Weber GreenHouse Software & ConsultingCarl Weber GreenHouse Software & Consulting15Oct2003, 11:30 – 12:15 15Oct2003, 11:30 – 12:15 MEA-17-U, Room C 1/2 MEA-17-U, Room C 1/2
GH S
Operations and SecurityFree- and ShareWare Tools
Developed during the past 11+ years Based on GreenHouse needs and
customer requests Fill gap of missing functions and tools Make life with NSK much easier
GH S
Why Free- and ShareWare?
Why not! Why charging for every bit and piece? Why not sharing meaningful utilities? And finally: What is wrong about gifts?
(except that the German word Gift translates to poison)
GH S
Operations and SecurityFree- and ShareWare Tools
Developed on K122 (D48.02)EXPANDed to S7000 (G06.16)
Written in TAL and/or pTAL(NO TACL Macros)
Run on every hardware platformneeds D40/G03 or better
SPI is used when applicablee.g. with SAFEGUARD, TCP/IP etc.
Support wildcards where meaningful Obey ALL security rules
Operations and SecurityFree- and ShareWare Tools
GH S
FreeWare changes since ITUG 2002
Unchanged: 54 Enhanced: 13 New: 3 Migrated to
ShareWare: 5 Future: Migration to the new hardware
platform when necessary.More tools!
Operations and SecurityFreeWare Tools
GH S
ShareWare
New with ITUG 2002 based on request from the audience(you told me that you would use the tools when you could pay for them!)
Number of Tools:7 Future: Migration to the new
hardware platform whennecessary.New tools!
Operations and SecurityShareWare Tools
GH S
General
No warranty is given No Decease's, Time Bombs, Trojan Horses
or Spoof’s build in Use it at your own risk Read the documentation that comes along
with each tool All tools are the property of GreenHouse
Operations and SecurityFree- and ShareWare Tools
GH S
Anyway …
All GreenHouse tools are SUPPORTED!
Yes – the FreeWare as well!
Operations and SecurityFree- and ShareWare Tools
GH S
BindLib
Attaches a LIB to an executable, or Detaches a LIB from an executable Supports 100 as well as 700 type objects
Process_Create_ error 14 (unresolved externals) is handled correct now
Operations and SecurityFreeWare Updates
GH S
BindLib
BINDLIB [/OUT <file>/] -H[ELP] | <f-template> [[,] WITH <lib>]
The companion tool ShowLib displays object files, having a library attached.
Operations and SecurityFreeWare Updates
GH S
FlipGRP
Changes the AUTO-DELETE attribute of a SAFEGUARD group to ON
Enhanced I/O to SAFEGUARD’s data base
[run] FLIPGRP <grp> | -H[ELP]
Operations and SecurityFreeWare Updates
GH S
LastOpen
Displays the last open and last modification timestamps of disk files
Introduction of TODAY and YESTERDAYas date attributes
Operations and SecurityFreeWare Updates
GH S
LastOpen
[run] LASTOPEN [/OUT <file>/] -H[ELP]
[run] LASTOPEN [/OUT <file>/] [<temp>] [,NEVER [by-op]]
[,AFTER <date> [by-op]]
[,BEFORE <date> [by-op]]
[,BETWEEN <date> [AND]<date>][by-op]]
Operations and SecurityFreeWare Updates
GH S
LastOpen
$GHS1 SECOM 1> lastopen
LastOpen (130) - T7172G06 - (06Nov2002) System \BEECH, running NSK G06
Copyright (c) GreenHouse Software & Consulting 2000,2002
File list is: By File name
Fileset is: *
Collecting data...
File Name Last Open Last Mod
$GHS1.SECOM.ABC 28May2003 9:28 18Dec2002 16:03
$GHS1.SECOM.ALTFILE YESTERDAY 15:26 14Mar2002 10:47
$GHS1.SECOM.ALTFILES 28May2003 9:28 6Mar1999 13:31
$GHS1.SECOM.SECOM TODAY 9:24 YESTERDAY 15:29
$GHS1.SECOM.SECOMCI YESTERDAY 15:26 15Aug2003 10:46
Operations and SecurityFreeWare Updates
GH S
License
Automatic licensing of executables containing- PRIV Code- Callable Procedures
Corrects wrong settings (auto REVOKE) Evaluates 100 as well as 700 type files Special cases are taken into account:
- SQLCAT- SQLCOMP- SQLUTIL- SQLCI2
Operations and SecurityFreeWare Updates
GH S
License
OSS type files are no longer taken into account
Operations and SecurityFreeWare Updates
GH S
MiG2S
Migrates GUARDIAN security vectors RWEP, ProgID, Clear-on-Purge and License into SAFEGUARD ACLs
Prevents mistyping and mistakes Introduction of keyword: DISPLAYONLY
Operations and SecurityFreeWare Updates
GH S
MiG2S
$GHS1 SECOM 3> mig2s secom displayonly
MIG2S (101) - T7172G06 - (06Jan2003) System \BEECH, running NSK G06
Copyright (c) GreenHouse Software & Consulting 2002,2003
ASSUME DISKFILE
ADD $GHS1.SECOM.SECOM
ALTER $GHS1.SECOM.SECOM,ACCESS 100,5 (R)
ALTER $GHS1.SECOM.SECOM,ACCESS 100,5 (W)
ALTER $GHS1.SECOM.SECOM,ACCESS \*.*,* (E)
ALTER $GHS1.SECOM.SECOM,ACCESS 100,5 (P)
ALTER $GHS1.SECOM.SECOM,OWNER 100,5
ALTER $GHS1.SECOM.SECOM LICENSE ON
Diskfile $GHS1.SECOM.SECOM processed
$GHS1 SECOM 4>
Operations and SecurityFreeWare Updates
GH S
MyInfo
FILEINFO look-a-like, featuring file modifiers Enhanced search algorithm Introduction of keywords TODAY and
YESTERDAY as date attributes
Operations and SecurityFreeWare Updates
GH S
MyInfo
[run] MYINFO [/OUT <file>/][-H[ELP]]
[fileset] [WHERE attributes] [SUMMARY]
e.g.
MYINFO *,where code = 101 and owner = 141,*
Operations and SecurityFreeWare Updates
GH S
Orphans
Processes orphaned disk files- find- purge- give to a new owner
PURGE and GIVE now allow wild carded groups
Operations and SecurityFreeWare Updates
GH S
Orphans
ORPHANS [/OUT <outfile>/] <fileset> [,PURGE <xxx,yyy>|<xxx>,*|* [,PREVIEW]]
[,GIVE <xxx,yyy>|<xxx>,*|* TO <NewID> [,PREVIEW]]
Operations and SecurityFreeWare Updates
GH S
Remotes
Lists remote passwords Optionally displays them in a SAFEGUARD
command format Day one bug fixed: It displayed a wrong node
number
Operations and SecurityFreeWare Updates
GH S
Remotes
The companion tool CLEANRPW deletes superfluous remote passwords
Operations and SecurityFreeWare Updates
GH S
ShowLib
Displays libraries, attached to executables Supports file codes 100 and 700 Handling of user supplied LIB-parameter
enhanced
SHOWLIB [/OUT <file>/] <f-template> [,LIB <l-template>]
Operations and SecurityFreeWare Updates
GH S
ShowUser
Displays all processes of a given user by:- PID- process name- start time- CPU time [CYCLE <seconds>]- CPU busy time [CYCLE <seconds>]- last use time
OSS process support added
Operations and SecurityFreeWare Updates
GH S
SysInfo
Displays all important system parameters New system and CPU types added
Operations and SecurityFreeWare Updates
GH S
SysInfo$GHS1 SECOM 13> run sysinfo.sysinfo
SYSINFO (123) - T7172G06 - (17Feb2003) System \BEECH, running NSK G06
Copyright (c) GreenHouse Software & Consulting 1994-1998,2001,2003
GUARDIAN version is: G06.16
GUARDIAN loaded from: \BEECH.$SYSTEM.SYS01.OSIMAGE
Actual GMT is: 27.08.2003 14:45:26.073233
Actual LCT is: 27.08.2003 16:45:26.073233
System load time was (LCT): 27.08.2003 09:20:39.000000
SYSGEN time was (LCT): 12.08.2002 12:23:37.000000
System is running since: 0 days, 07:24:46.039384
System Name is: ** \BEECH
System Number is: ** 252
System Serial Number is: ** W37936
Number of CPUs: 2
CPU Status (0 .. 15): 11
All Processors are of Type: S7000 (Tandem NonStop System RISC Model W CPU)
$GHS1 SECOM 14>
Operations and SecurityFreeWare Updates
GH S
Trace
Traces a process chain and displays the- User ID (TracID), or- User name (TracUser)
TRACUSER now checks, if a user owned process really is logged on
[run]TRACID [/OUT<file>/]*|<cpu,pin>|<$name>
[run]TRACUSER[/OUT<file>/]*|<cpu,pin>|<$name>
Operations and SecurityFreeWare Updates
GH S
Trace
$GHS1 SECOM 14> tracuser *
TRACUSER (108) - T7172G06 - (21Mar2002) System \BEECH
Copyright (c) GreenHouse Software & Consulting 1997,1999-2003
Name PID Program Login Name
$Z02Z 1,318 $GHS1.SECOM.TRACUSER *** not logged on ***
$Z029 1,332 $SYSTEM.SYS01.TACLH SA.CARL
$Z028 1,337 *** MOM no longer exists ***
$GHS1 SECOM 15>
Operations and SecurityFreeWare Updates
GH S
WhoIs
Displays logged on users and processes Differentiates between “logged on” and
“inherited logon” Displays the Tandem as well as
Client IP address and port number
Operations and SecurityFreeWare Updates
GH S
WhoIs
$GHS1 SECOM 15> whois
WHOIS (110) - T7172G06 - (28Mar2003) System \BEECH
Copyright (c) GreenHouse Software & Consulting 1997,1998,2000,2002,2003
You are the GUARDIAN user SA.CARL (ID 100,5)
Home Terminal: \BEECH.$ZTN01.#PTQGAAA
Client Address: 192.231.36.1 1387
Tandem Address: 192.231.36.81 23
$GHS1 SECOM 16>
Operations and SecurityFreeWare Updates
GH S
NumtoID
Converts a user number to a users ID and name
$GHS1 SECOM 18> numtoid %Hffff
NumtoID (101) - T7172G06 - (08Dec2002) System \BEECH, running NSK G06
Copyright (c) GreenHouse Software & Consulting 2002
Number: %Hffff translates to:
Users ID: 255,255
Users name: SUPER.SUPER
Alias: SuperCarl
$GHS1 SECOM 19>
Operations and SecurityFreeWare News
GH S
PWState
Evaluates a users password situation and displays it to the users manager
Operations and SecurityFreeWare News
GH S
PWState
$GHS1 SECOM 23> pwstate *,detail
PWState (100) - T7172G06 - (13Dec2002) System \BEECH, running NSK G06
Copyright (c) GreenHouse Software & Consulting 2002
Password status for: SA.CARL
Password last change: 05Aug2003 12:54:00
Today: 27Aug2003 16:57:44
Password may change: 22Nov2030 00:00:00
Password expires: *** None ***
User freezes: *** None ***
Last real logon time: 26Aug2003 14:58:53
Current fail count: 0
Static fail count: 797
No password change configured.
The password is younger than 30 days and assumed to be OK.
$GHS1 SECOM 24>
Operations and SecurityFreeWare News
GH S
SysTime
Evaluates the system time of EXPANDed systems
$GHS1 SECOM 28> systimes.systime
SysTime (101) - T7172G06 - (24Dec2002) System \BEECH, running NSK G06
Copyright (c) GreenHouse Software & Consulting 2002
System time differences based on node: \BEECH
Node LCT GMT Difference
-------- ------------------ ------------------ ---------------
\BEECH 27Aug2003 17:00:33 27Aug2003 15:00:33 00:00:00 <- Ref. Node
$GHS1 SECOM 29>
Operations and SecurityFreeWare News
GH S
SysTime
System time differences based on node: \VIA
Node LCT GMT Difference
-------- ------------------ ------------------ ---------------
\EVAS 04Dec2002 09:02:11 04Dec2002 08:02:11 00:00:59 +
\VIA 04Dec2002 09:01:12 04Dec2002 08:01:12 00:00:00 <- Ref. Node
\DER2 04Dec2002 09:03:48 04Dec2002 08:03:48 00:02:36 +
\DORN 04Dec2002 08:59:09 04Dec2002 07:59:09 00:02:02 -
\TISPE 04Dec2002 08:58:32 04Dec2002 07:58:32 00:02:40 -
\AURIS 04Dec2002 08:59:50 04Dec2002 07:59:50 00:01:21 -
\DERP 04Dec2002 08:59:12 04Dec2002 07:59:12 00:02:00 -
\TLC2 04Dec2002 09:44:55 04Dec2002 07:44:55 00:16:17 -
\EVA2 04Dec2002 09:02:27 04Dec2002 08:02:27 00:01:15 +
\VL02 04Dec2002 09:01:19 04Dec2002 08:01:19 00:00:06 +
Operations and SecurityFreeWare News
GH S
Launcher
Automatic load balancing WITHOUT programming
NO $CMON - just a LIB Supports
- CPU masking- Fine tuning by measurement time adjustment- supports 100 as well as 700 type executables
Operations and SecurityShareWare News
GH S
Launcher
Enhanced performance and program file handling(on request by a users)
Aktivation for balancing Telnet Windowsrun $SYSTEM.SYSnn.LOGIN/LIB $vol.subvol.LAUNCHER/
De-aktivation:run $SYSTEM.SYSnn.LOGIN/LIB/
Operations and SecurityShareWare News
GH S
LogonLog
Lists authentication events from the SAFEGUARD audit trails in real time- requesting user, resource, and IP address- history from SAFEGUARD audit trails
Differentiates between- initial logon- Re-logon- Logoff (when logged on through SAFEGUARD)- Error during logon
Operations and SecurityShareWare News
GH S
LogonLog
Allows thresholds PATHSEND interface added
Operations and SecurityShareWare News
GH S
LogonLog
$SYSTEM SUPER 2> logonlogLogonLog (310) - T7172G06 - (25Aug2003) System \BEECH, running NSK G06Copyright (c) GreenHouse Software & Consulting 1999,2001-2003This copy of LOGONLOG is licensed to: GreenHouse Software & ConsultingLogging Authentication Events for users, matching Template: *Actual SAFEGUARD log file: $SYSTEM.SAFE.A0001729Checking SAFEGUARD log file...Checked Records: 4Done!Waiting for new logon events
29Aug2003 10:53:40 ghs_carl failed to logon (user invalid) Terminal: $ZTN01.#PTRLAAC (192.231.36.1) Program file: $SYSTEM.SYS01.TACLH (1,340 -> $Z02F)29Aug2003 10:53:49 SA.CARL re-logged on to SA.CARL Terminal: $ZTN01.#PTRLAAC (192.231.36.1) Program file: $SYSTEM.SYS01.TACLH (1,340 -> $Z02F)
Operations and SecurityShareWare News
GH S
MergeUID
Exports user IDs to a file Imports user IDs from the export file Supports GUARDIAN as well as Alias users Keeps ALL user attributes
- password- remote password- etc. etc. etc.
Operations and SecurityShareWare News
GH S
MergeUID
Requires SAFEGUARD Works on open USERID and LUSERID files
- no need to shut down EXPAND line handlers!
Operations and SecurityShareWare News
GH S
MyLogin
Automatic sub-sequential LOGON for windows, started from the same IP address- configurable resource
- configurable grace period
Makes life MUCH easier Automatic authentication for WIN6530 client
Operations and SecurityShareWare News
GH S
SetPW
Sets, and optionally expires, a users password
Supports GUARDIAN as well as Alias users Optionally generates the new password
Operations and SecurityShareWare News
GH S
WhatsUp
Real time evaluation of SAFEGUARD log files View can be changed during evaluation Definition of filters
- user- disk file- process
Operations and SecurityShareWare News
GH S
WhatsUp
WhatsUp (101) - T7172G06 - (16Jan2003) System \BEECH, running NSK G06
Copyright (c) GreenHouse Software & Consulting 2002,2003
This copy of WHATSUP is licensed to: GreenHouse Software & Consulting
User filter: *
Process filter: *
Diskfile filter: *
Positioning to EOF of actual Audit file $SYSTEM.SAFE.A0001729
Waiting for SAFEGUARD events. Stay tuned!
No events since 00:00'09,998.386
Operations and SecurityShareWare News
GH S
WhatsUp
WhatsUp (101) - T7172G06 - (16Jan2003) 11:20:42 29Aug2003 11:36:02 29Aug2003
Event Ten Minu 10Mi Hour Total Pass Fail Last Event
Execute 0 0 0 2 2 2 0 11:23:26
Set 0 0 0 2 2 2 0 11:25:25
Logoff 0 0 0 1 1 1 0 11:22:11
VerifyUser 0 0 0 1 1 1 0 11:22:11
Operations and SecurityShareWare News
GH S
Wipe
FileWipe erases a file and all its allocated space(controlled Clear-on-Purge)
DiskWipe erases the disk free space(space between files)
FFSWipe (File Free Space) erases the unused allocated file space(space beyond EOF)
Operations and SecurityShareWare News
GH S
Wipe
Allows definition of- number of wipe rounds- disk writes per second (to prevent system load problems)- optional start of DCOM- optional use of REBUILDDFS
Operations and SecurityShareWare News
GH S
OSS Tools
GHS-TACL- starts an already logged on TACL for the OSH user
EDIT, TEDIT and FC- bring good old GUARDIAN commands and functions into the OSS space
Operations and Security Miscellaneous
GH S
SAFEGUARD Audit Book
Started by the Security RDS group in 1992 Re-Vitalized and on the way back to life Updates will be published when available
Operations and Security Miscellaneous
GH S
Where can you get all these
supported
tools?
www.GreenHouse.de
Operations and SecurityFree- and ShareWare Tools
GH S
1. Hardware goes wrong, software IS wrong. (my favorite!)
2. In case a program may break, it will:Causing the biggest possible damage.
3. Using cut and paste, when editing a program, ten folds the number of programming errors.
Operations and SecurityFree- and ShareWare Tools
GH S
Please inform me about- bugs, errors and glitches: I’ll fix them- meaningful enhancements: I’ll add them
You can reach me at:
Carl.Weber@GreenHouse.de
Info@GreenHouse.de
Operations and SecurityFree- and ShareWare Tools
GH S
GH S
Questions?Questions?(please...)
Thank you for your time and attention!Enjoy the conference!
GH S
top related