The Disk Space Analysis Program (DSAP) is used to analyze how disk space is utilized on a specified volume. DSAP copies the disk directory and free-space table to the current work file. By specifying options, one can manipulate this data to produce several different reports about the use of the disk space for that volume.
The free-space table is limited only by the primary (main) and secondary (contiguous disk space) memory requirements.
RISK DSAP is strictly a reporting tool and, therefore, poses no security risk. It is most often used to determine the amount of free space available on a disk volume.
RISK Running DSAP consumes system resources.
AP-ADVICE-DSAP-01 Many system managers prefer that the majority of users be unable to run DSAP. It is up to each company to determine whether or not all users, or only specific users, are allowed to run DSAP. The Corporate Security Policy should dictate who is allowed to run DSAP.
The components of DSAP are:
DSAP
DSAPDDL
DSAPCSTM
Disk space analysis program. Space can be queried by parameters, of which some of the common ones are:
Subvol summary
User summary
File details
Free space analysis
Flags; BROKEN, EXPIRED, LICENSED, AUDITED, SQL, etc.
Opened
DDL dictionary schema for DSAP output, used by ENFORM custom reports.
Optionally a DSAPCSTM file can be used to perform standard setup commands and shortcuts for DSAP as defined in each user's default subvolume. Please refer to the Gazette section on *CSTM Configuration Files.
BP-FILE-DSAP-01 DSAP should be secured "UUNU".
BP-OPSYS-LICENSE-01 DSAP must be LICENSED.
BP-OPSYS-OWNER-01 DSAP should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-01 DSAP must reside in $SYSTEM.SYSnn.
BP-FILE-DSAP-02 DSAPDDL should be secured "NUNU".
BP-OPSYS-OWNER-02 DSAPDDL should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 DSAPDDL must reside in $SYSTEM.SYSTEM.
If available, use Safeguard software or a third party object security product to grant access to DSAP object files only to users who require access in order to perform their jobs.
BP-SAFE-DSAP-01 Add a Safeguard Protection Record to grant appropriate access to the DSAP object file.
Discovery Questions | Look here: | |
---|---|---|
OPSYS-OWNER-01 | Who owns the DSAP object file? | Fileinfo |
OPSYS-OWNER-02 | Who owns the DSAPDDL object file? | Fileinfo |
OPSYS-LICENSE-01 | Is the DSAP object file licensed? | Fileinfo |
FILE-POLICY | Does the Security Policy require limiting access to the DSAP program? | Policy |
FILE-DSAP-01 | Is the DSAP object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
FILE-DSAP-02 | Is the DSAPDDL file secured correctly? | Fileinfo |