Subsystem Control Facility (SCF)
The Subsystem Control Facility (SCF) is used to configure, control, and collect information about many of the HP NonStop server subsystems and their objects. Through SCF, objects such as communication lines are started or stopped . Many of the components of the HP system are controlled via SCF.
RISK Unauthorized or erroneous use of SCF can cause the starting or stopping of system resources that may be vital to the performance of the system.
AP-ADVICE-SCF-01 SCF should only be used by system knowledgeable personnel.
Subsystems Controlled Via SCF
The subsystems under the SCF umbrella vary depending on the type of NonStop server.
On D-Series Operating Systems
On D-series operating systems, the Subsystem Control Facility (SCF) is only used to configure, control, and collect information about data communications subsystems . These subsystems are:
| AM3270/TR3271 | QIO | SNMP AGENT |
| ENVOY | SCP | TLAM |
| EXPAND | SNAX | X25AM |
| FOX | FTAM | |
| GDSX | TCPIP | |
| MULTILAN | OSI | |
| IPX/SPX | TELSERV |
On G-Series Operating Systems
With the release of G-series operating system, a great many more utilities came under the SCF umbrella. In addition to the subsystems included in D-series, the following subsystems are included in G-series operating systems:
| ATM | FOX KERNEL | PUP SCL |
| ATP6100 | MHS | SMN |
| CMI | NFS | SNAXHLS |
| COUP | NSC | STORAGE |
| CP6100 | PAM | WAN |
| ENVOYACX | PTCPIP |
The default SCP process is $ZNET. If $ZNET is not running, SCF starts its own SCP process. The process stops when SCF is stopped.
SCF is made up of the following components:
SCF
SCFLIB
SCFLIBXR
SCFLIBOR
SCFTEXT
Subsystem-specific servers
SCF
SCF is the command interpreter for the Subsystem Control Facility.
SCF Custom Files
Each time a user invokes SCF, a file called SCFCSTM is invoked before the first prompt. The SCFCSTM file is an obey file that resides in each user's default sub- volume. The file can be used to customize the user 's SCF environment by defining options such as function key/command associations. See *CSTM Files.
SCF LIBRARIES
The SCFLIB is the default user-library file for the SCF process. Other libraries may be configured. An SCF library can be attached to the SCF process at runtime.
SCFTEXT
The SCFTEXT file contains all the SCF help and error messages. It is a key- sequenced file.
Subsystem-specific servers
SCF has a specific server for each subsystem that it manages . These servers all reside in $SYSTEM.SYSTEM. Each 8-character object file name begins with a Z and ends in SCF, the intervening three characters identify the subsystem:
| Subsystem | SCF Server | Subsystem | SCF Server |
|---|---|---|---|
| AM3270 Z | AM3SCF | PTCPIP | ZTCPSCF |
| ATM | ZATMSCF | QIO | ZQIOSCF |
| ATP6100 | ZATPSCF | SCL | ZSCLSCF |
| CP6100 | ZCP6SCF | SCP | ZSCPSCF |
| ENVOY | ZENVSCF | SCS | ZSCSSCF |
| ENVOYACF | ZEXFSCF | SLSA | ZLANSCF |
| EXPAND | ZEXPSCF | SMN | ZSMNSCF |
| FOX | ZFOXSCF | SNAX | ZSX1SCF |
| GDS | ZGDSSCF | SNAXAPC | ZAPCSCF |
| IPXSPX | ZIPXSCF | SNAXCRE | ZCRESCF |
| KERNEL | ZKRNSCF | SNAXHLS | ZHLSSCF |
| MHS | ZMHSSCF | SNMP | ZSMPSCF |
| NFS | ZNFSSCF | STORAGE | ZSTOSCF |
| NSC | ZNSCSCF | TCPIP | ZTCISCF |
| NSIM | ZNIMSCF | TDMTALK | ZTLKSCF |
| OSIAPLMG | ZOSASCF | TELSERV | ZTNTSCF |
| OSIAS | ZOSISCF | TR3271 | ZTR3SCF |
| OSIFTAM | ZOSFSCF | TSIMS | ZSIMSCF |
| OSITS | ZOS4SCF | WAN | ZWANSCF |
| OSS | ZPOSSCF | X25AM | ZX25SCF |
| PAM | ZPAMSCF |
Securing SCF Components
BP-FILE-SCF-01 SCF should be secured "UUNU".
BP-OPSYS-OWNER-02 SCF should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 SCF must reside in $SYSTEM.SYSTEM.
BP-FILE-SCF-02 SCFLIB should be secured "NUNU".
BP-OPSYS-OWNER-02 SCFLIB should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 SCFLIB must reside in $SYSTEM.SYSTEM.
BP-FILE-SCF-03 SCFLIBOR should be secured "NUNU".
BP-OPSYS-LICENSE-02 SCFLIBOR must be LICENSED.
BP-OPSYS-OWNER-02 SCFLIBOR should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 SCFLIBOR must reside in $SYSTEM.SYSTEM.
BP-FILE-SCF-04 SCFLIBXR should be secured "NUNU".
BP-OPSYS-LICENSE-02 SCFLIBXR must be LICENSED.
BP-OPSYS-OWNER-02 SCFLIBXR should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 SCFLIBXR must reside in $SYSTEM.SYSTEM.
BP-FILE-SCF-05 SCFTEXT should be secured "NUUU".
BP-OPSYS-OWNER-02 SCFTEXT should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 SCFTEXT must reside in $SYSTEM.SYSTEM.
BP-FILE-SCF-06 Z???SCF should be secured "UUNU". (one of subsystem specific servers from the list above)
BP-OPSYS-OWNER-02 Z???SCF should be owned by SUPER.SUPER.
BP-OPSYS-FILELOC-02 Z???SCF reside in $SYSTEM.SYSTEM.
If available, use Safeguard software or a third party object security product to grant access to the SCF components only to users who require access in order to perform their jobs.
BP-SAFE-SCF-01 Add a Safeguard Protection Record to grant appropriate access to the SCF object files.
SCF Commands with Security Implications
SCF processes commands differently, depending on the target subsystem:
If a command is entered that relates only to SCF rather than a subsystem, SCF carries out the required actions.
If a command involving a subsystem is entered, SCF performs syntax checking and validates the object type and object name, then forwards the command to the appropriate subsystem. The subsystem product then validates the command again and translates it into a formatted message for SCP, which then communicates with the appropriate subsystem to perform the specified task.
This list includes only the SCF commands that pose security risks.
ABORT*
ACTIVATE*
ADD*
ALLOCATE*
ALLOWOPENS*
ALTER*
BOOT*
CHECK*
CONNECT*
CONTROL*
COPY*
DELETE*
DIAGNOSE*
DISCONNECT*
DUMP*
INITIALIZE*
LOAD*
MOVE*
PRIMARY*
RELEASE*
RENAME*
REPLACE*
RESET*
RUN
SAVE*
START*
STOP*
STOPOPENS*
SUSPEND*
SWITCH*
TELL*
TRACE*
VERIFY*
Commands marked with an asterisk (*) above, can only be executed by A SUPER Group member
The subsystem owner, i.e. user who started it
A member of the subsystem owner's group
RISK Indiscriminate use of the DELAY command can have a detrimental effect on the time it takes to process a command file. The DELAY command is intended for use with subsystems that require completion of a command before another can occur and it is possible that SCF may get a 'command completed' message before the command has actually completed.
RISK Any program started with the SCF RUN command will run as the userid that started the SCF session.
If a third party access control product is used to grant selected users access to SCF running as a SUPER Group member, or a member of a subsystem owners ' groups, the sensitive commands should only be granted to the appropriate users and denied to all others.
3P-ACCESS-SCF-01 Use a third party access control product to allow the users responsible for using SCF access to commands as SUPER.SUPER.
| Discovery Questions | Look here: | |
|---|---|---|
| OPSYS-OWNER-02 | Who owns the SCF object file? | Fileinfo |
| OPSYS-OWNER-02 | Who owns the SCFLIB object files? | Fileinfo |
| OPSYS-OWNER-02 | Who owns the SCFLIBOR object files? | Fileinfo |
| OPSYS-OWNER-02 | Who owns the SCFLIBXR object files? | Fileinfo |
| OPSYS-OWNER-02 | Who owns the SCFTEXT object file? | Fileinfo |
| OPSYS-OWNER-02 | Who owns the Z???SCF object file? | Fileinfo |
| OPSYS-LICENSE-02 | Is the SCFLIBOR object file licensed? | Fileinfo |
| OPSYS-LICENSE-02 | Is the SCFLIBXR object file licensed? | Fileinfo |
| FILE-POLICY | Who is allowed to perform SCF functions on the system? | Policy |
| FILE-SCF-01 | Is the SCF object file correctly secured with the Guardian or Safeguard system? | Fileinfo Safecom |
| FILE-SCF-02 | Is the SCFLIB object file secured correctly? | Fileinfo |
| FILE-SCF-03 | Is the SCFLIBOR object file secured correctly? | Fileinfo |
| FILE-SCF-04 | Is the SCFLIBXR object file secured correctly? | Fileinfo |
| FILE-SCF-05 | Is the SCFTEXT file secured correctly? | Fileinfo |
| FILE-SCF-06 | Are the Z???SCF object files secured correctly? | Fileinfo |
Related Topics
Operating System
DSMSCM
