Appendix A: Gathering The Audit Information | HP NonStop Server Security 2004

Overview

The following series of commands and examples demonstrates how to gather information to complete the discovery of information from an HP NonStop server.

3P-POLICY-QUERY-01 Use a third party tool to gather and query information about the HP NonStop server to obtain the discovery information.

Legend

Syntax:

Command syntax.

Examples:

Examples will generally follow a Syntax heading.

Output:

Output generated from the examples will be displayed in an outlined box. Text "" denotes items of interest

Example:

 SYSINFO - T9268D37 - (27 Nov 97) SYSTEM \SYDNEY Date 23 Apr 2003, 16:46:21 COPYRIGHT TANDEM COMPUTERS INCORPORATED 1985, 1987-1997          System name    \SYDNEY   EXPAND node number    111        Current SYSnn    SYS01        System number    44301   Software release ID    G06.18

Guardian Wildcarding

These wildcard characters can be used to match characters anywhere in a process name, filename, subvolume or volume name (but not a node name):

* The asterisk matches zero to eight characters.

? The question mark matches a single character.

More than one wildcard can be used in the same command. If a wildcard is used in the volume name, a dollar sign must be included .

Wildcards cannot be used to match the periods that separate the elements of a filename string (system, volume, subvolume, and file names ).

Example 1:

  FILES $SYSTEM.SYS*

Example 1 lists all the files in every subvolume on the $SYSTEM disk whose sub- volume name begins with the letters SYS.

Example 2:

  FILEINFO $DATA*.MN?.*

Example 2 lists all files that reside in the subvolume that has a three-character name beginning with MN and volumes beginning with $DATA.

Example 3:

  FILEINFO $DATA*.MN?.CASH*

Example 3 lists all files with names beginning with CASH that reside in the sub- volume that has a three-character name beginning with MN and volumes beginning with $DATA.

Example 4:

  FILEINFO $DA??01.SAFE*.A00*

Example 4 lists all files with names beginning with A00 that reside in the sub- volume with a name beginning with SAFE and all volumes with six character names starting with DA and ending with 01.

CUSTFILE

Use the SYSINFO command to get the system number of an HP NonStop server:

  SYSINFO

 SYSINFO - T9268D37 - (27 Nov 97) SYSTEM \SYDNEY Date 23 Apr 2003, 16:46:21 COPYRIGHT TANDEM COMPUTERS INCORPORATED 1985, 1987-1997          System name   \SYDNEY   EXPAND node number   111        Current SYSnn   SYS01        System number   44301   Software release ID   G06.18

Locate the CUSTFILE located in $SYSTEM.A<system number>

Note that the subvolume name will be the letter A followed by six characters. So, a leading zero (0) may need to be added after the 'A' as shown below.

  FILEINFO $SYSTEM.A044301.*

 $SYSTEM.A044301           CODE       EOF   LAST MODIFIED  OWNER  RWEP  PExt SExt CUSTFILE   101    365896 13DEC2002  9:01 255,255 NUNU    20   20 ZMP0000B   961      1536 16DEC2002 17:22 255,255 NCCN     2    2 ZMP0000C   961      1536 30DEC2002 16:33 255,255 NCCC     2    2 ZPHI6030   961       178 02DEC2002 13:36 255,255 NCCN     2    2 ZPHIFI     961      1536 30DEC2002 17:05 255,255 NCCN     2    2

Use EDIT, in read only mode, to view the contents of the CUSTFILE file. The EDIT Command Interpreter prompt will be an asterisk "*".
```
  EDIT $SYSTEM.A044301.CUSTFILE R  
```
TEXT EDITOR - T9601D20 - (01JUN93 CURRENT FILE IS $SYSTEM.A043421.CUSTFILE *

The EDIT command LC will display the column numbers . Locate the column number where the L (for LICENSE) appears. In this case it is column 62.

LC

 ....+....1....+....2....+....3....+....4....+....5....+....6....+....7 ....+....8....+.  6814     2 Y9683D43    ZNSSTMPL ZTEMPL   SYSGEN   TEMPLATE     980130141053 *

The EDIT command PUT <output filename>/L/C62 will list all lines in the CUSTFILE where an upper case 'L' appears in column 62 to the output file. In this case, the output file is $DATAA.SECREVU.LICENSED.
```
  PUT $DATAA.SECREVU.LICENSED /L/C62  
```
CURRENT FILE IS $SYSTEM.A044301.CUSTFILE

Examine the output file to review all the files for the Operating System Version that HP recommends be LICENSED.

  GET $DATAA.SECREVU.LICENSED

 CURRENT FILE IS $DATAA.SECREVU.LICENSED

  NUMBER ALL   LIST LAST

 101     2 Y9519D30 TAPERDR  ZUTIL   SYSGEN  COPY    SYSNN     L   020624180724

In this case there are 101 program files that should LICENSED. The last line is shown above. The copy of TAPERDR residing in $SYSTEM.SYSnn should be LICENSED.

Y9519D30 is the product number.

ZUTIL is the 'installation subvolume' where this program file will be placed during the loading of the SUT tape.

COPY SYSNN means that the program will automatically be copied to the new SYSnn during the SYSGEN process.

SYSGEN means that the program will be copied by SYSGEN.

020624180724 is the compile date of the program.

L (in column 62) means that the program file should be LICENSED.

DSAP Commands

Use the DSAP utility to identify PROGID'd programs. Use EDIT to examine the output file.

Syntax:

  [RUN] [ \node.]DSAP / out <filename> / [ <volume specification>]   [,<options>]

<volume specification> is of the form:

  $<volume name>  a single volume.   ($<vol-name>,$<vol-name>, ..)  a list of volumes.   $* -or- *  ALL volumes.

A <volume name> may contain asterisks , which match 0-7 characters, or question marks, which match any single character.

  Report options:   TABULAR   for tabular form of DSAP reports   BYSUBVOL  space allocation by subvol   BYUSER    space allocation by user-id   AUDITED   TMF audited files   DETAIL    detailed list of selected files   DETAIL selection options.   LICENSED   PROGID

To create a listing of all the files and their owner, listed by subvolume:

Syntax:

  DSAP [ /out <outfile> / ] $*, BYSUBVOL,DETAIL,TABULAR

To create a listing of all the files owned by a specific user:

Syntax:

  DSAP [ /out <outfile> / ] $*, USER <user name>  <user number>, DETAIL

When a file is owned by a userid that no longer exists on the system, the User Number is shown and the User Name is displayed as question marks (?????)

To create a listing of all files that are PROGID or LICENSED:

Syntax:

  DSAP [ /out <outfile> / ] $*, DETAIL, LICENSED, PROGID

Fileinfo Commands

The FILEINFO command lists information about one or more files. Auditors will use this command to discover the location of certain sensitive files, their owners and their Guardian security string.

To send the output of the FILEINFO command to a file or the SPOOLER, use the OUT command.

Syntax:

  FILEINFO [ / OUT outfile / ] [ [ wc-vol.] [ wc-subvol.] ] wc-filename ]

where WC stands for Wildcarded.

Example 1:

  FILEINFO $SYSTEM.SYS*.OSMON

 $SYSTEM.SYS00              CODE      EOF   LAST MODIFIED  OWNER  RWEP PExt SExt OSMON     O   700   477512 16APR2001 10:16 255,255 NUNU   32   32 $SYSTEM.SYS06              CODE      EOF   LAST MODIFIED  OWNER  RWEP PExt SExt OSMON         700   477512 16APR2001 10:16 255,255 NUNU   32   32

Example 1 will display all the OSMON object files on any $SYSTEM.SYSnn subvolume.

Example 2:

  FILEINFO $*.*.APPDEV

 $SYSTEM.APPDEV CODE EOF LAST MODIFIED OWNER RWEP PExt SExt APPDEV O 100 4763648 24JUN2001 21:51 255,255 UUUU 278 64

Example 2 will display the APPDEV object file information.

Example 3:

  FILEINFO /OUT $USER.BRIAN.SAFELIST/ $*.DATA*.A*

Example 3 will display all the files, on any disk, with a subvolume name beginning with the characters DATA and a filename beginning with the letter A. The listing will be sent to a file called SAFELIST in the $USER.BRIAN subvolume.

Example 4:

  FILEINFO /OUT $S.#WIRELST/ $AUDIT*.WIRE.*

Example 4 will display all the files on any disk with a name beginning with the string AUDIT, with a subvolume name of WIRE and send the output to the SPOOLER location $S.#WIRELST.

FUP (File Utility Program) Commands

FUP is designed to manage disk files on the HP NonStop system. Use FUP to create, display, and duplicate files, load data into files, alter file characteristics, and purge files.

Use the FUP INFO command to display summary attributes of a diskfile. To start FUP:

Syntax:

FUP

The FUP Command Interpreter prompt will be a dash "-".

Example 1:

FUP

 File Utility Program - T6553G07 - (01AUG2002) System \Toronto Copyright Tandem Computers Incorporated 1981, 1983, 1985-2001 -

  INFO $DATA01.TEMP.CATDEL

 CODE      EOF      LAST MODIF OWNER RWEP TYPE REC BL $DATA01.TEMP  CATDEL         101     8312 4Feb2002 09:11 222,11 CCCC

Use the INFO DETAIL command to display detail attributes of a diskfile.

Example 2:

  INFO $DATA01.TEMP.CATDEL, DETAIL

 $DATA01.TEMP.CATDEL              30 Jun 2003, 8:49     ENSCRIBE     TYPE U     FORMAT 1     CODE 101     EXT (4 PAGES, 28 PAGES)     MAXEXTENTS 978     BUFFERSIZE 4096     OWNER 222,11     SECURITY (RWEP): CCCC     DATA MODIF: 4 Feb 2002, 9:11     CREATION DATE: 9 Apr 2003, 11:13     LAST OPEN: 9 May 2003, 11:24     FILE LABEL: 158 (3.8% USED)     EOF: 8312 (0.0% USED)     EXTENTS ALLOCATED: 2

Pathway Commands

Use the STATUS command to determine if there are any Pathway applications running and the userids they are running under.

Syntax:

  STATUS *,PROG $*.*.PATHMON

Example 1:

  STATUS *,PROG $*.*.PATHMON

 Process          Pri PFR %WT Userid   Program file            Hometerm $BEN      0,100  145      001 222,9   $SYSTEM.SYSTEM.PATHMON  $VHS $YPHI     0,144  100      005 255,255 $SYSTEM.SYSTEM.PATHMON  $ZHOME $BMA1     0,146  145      001 222,210 $SYSTEM.SYSTEM.PATHMON  $VHS $ABOP     0,183  160      005 255,255 $SYSTEM.SYSTEM.PATHMON  $VHS $QAPQ     0,187  145      001 222,212 $SYSTEM.SYSTEM.PATHMON  $VHS $DVMA     0,192  145      001 222,9   $SYSTEM.SYSTEM.PATHMON  $VHS $BFMA   B 0,212  145      001 222,11  $SYSTEM.SYSTEM.PATHMON  $VHS $AMA      0,222  145      001 222,9   $SYSTEM.SYSTEM.PATHMON  $VHS $ABOP   B 1,22   160      001 255,255 $SYSTEM.SYSTEM.PATHMON  $VHS $ZVHS   B 1,31   148      001 255,255 $SYSTEM.SYSTEM.PATHMON  $YMIOP.#CLCI $XPLP     0,97   145      005 255,255 $SYSTEM.SYSTEM.PATHMON  $VHS

For any Pathway applications running under SUPER.SUPER, use the PATHCOM INFO command to determine the internal Pathway security. To start PATHCOM:

Syntax:

  PATHCOM $<process>.

The Pathway Command Interpreter prompt will be an equals sign "="

Example 2:

  PATHCOM $XPLP

 $Y7D7: PATHCOM - T8344D44 - (02MAY01) COPYRIGHT HP COMPUTER CORPORATION 1980 - 1985, 1987  2001 =

Example 3:

  INFO PATHWAY

 PATHWAY MAXASSIGNS 50          [CURRENTLY 0]   MAXDEFINES 20                [CURRENTLY 0]   MAXEXTERNALTCPS 0            [CURRENTLY 0]   MAXLINKMONS 5                [CURRENTLY 0]   MAXPARAMS 20                 [CURRENTLY 0]   MAXPATHCOMS 5                [CURRENTLY 2]   MAXPROGRAMS 10               [CURRENTLY 2]   MAXSERVERCLASSES 50          [CURRENTLY 23]   MAXSERVERPROCESSES 70        [CURRENTLY 23]   MAXSPI 1                     [CURRENTLY 0]   MAXSTARTUPS 20               [CURRENTLY 0]   MAXTCPS 5                    [CURRENTLY 1]   MAXTELLQUEUE 4   MAXTELLS 32                  [CURRENTLY 0]   MAXTERMS 5                   [CURRENTLY 1]   MAXTMFRESTARTS 5   OWNER \LA.255,255  SECURITY "N"    =

Look for any PATHMON process secured "N" or "A".

Status Command

The STATUS command is used to list information about processes running on a system.

Syntax:

  STATUS $<PROCESS NAME>

Example 1:

  STATUS $CMON

 System \LA Process             Pri PFR %WT Userid  Program file             Hometerm $CMON       1,171   180     001 255,255 $SYSTEM.APPCM.APPCM      $VHS                         Swap File Name: $AUDIT.#0        Current Extended Swap File Name: $AUDIT.#0483691 $CMON    B  0,226   180     001 255,255 $SYSTEM.APPCM.APPCM      $VHS                         Swap File Name: $AUDIT.#0        Current Extended Swap File Name: $AUDIT.#0483692

Use the FILEINFO $<volume>.<subvolume>.<fileinfo> to list the owner and RWEP string for the CMON process's object and source files. The STATUS command shown above, will display the CMON process's object file $SYSTEM.APPCM.APPCM..

Syntax:

  FILEINFO $<volume>.<subvolume>.<filename>

Example 2:

  FILEINFO $SYSTEM.APPCM.APPCM

 $SYSTEM.APPCM               CODE         EOF LAST MODIFIED    OWNER  RWEP   PExt  SExt APPCM  O       100     4763648 24JUN2001 21:51  255,255 OOOO  278    64

Safeguard Commands

The Safeguard commands necessary to gather audit information are provided in the following table.

Gathering Information about Objects Protected by the Safeguard Subsystem

The following table shows the commands for gathering information about each type of object.

Information Needed	Safeguard Command
Diskfile access rules	INFO DISKFILE { $<vol name>.<subvol name>.<filename>} ,DETAIL
Subvolume access rules	INFO SUBVOL { $<vol name>.<subvol name> },DETAIL
Volume access rules	INFO VOL { $<volume name > }, DETAIL
Process access rules	INFO PROCESS { $<process name> }, DETAIL
Subprocess access rules	INFO SUBPROCESS {$<subprocess name> },DETAIL
Device access rules	INFO DEVICE { $<device name> }, DETAIL
Subdevice access rules	INFO SUBDEVICE {$<subdevice name> },DETAIL
Safeguard global settings	INFO SAFEGUARD,DETAIL
Groups - Security	INFO SECURITY-GROUP SECURITY-ADMININSTRATOR INFO SECURITY- GROUP SYSTEM-OPERATOR
Groups - File-sharing	INFO GROUP NAME <group name>,DETAIL INFO GROUP NUMBER <group number>,DETAIL
Audit Configuration	INFO AUDIT SERVICE INFO AUDIT POOL <audit pool>
User - Audit parameters	INFO USER {user name user number},AUDIT
User - Remote passwords	INFO USER {user name user number}, REMOTEPASSWORD User - OSS parameters INFO USER {user name user number}, OSS User - CI parameters INFO USER {user name user number}, CI
User - Aliases	INFO USER {user name user number}, ALIAS
User - STATUS	INFO USER {user name user number}, GENERAL
User - File Sharing Groups	INFO USER {user name user number}, GROUP
User - all parameters	INFO USER {user name user number}, DETAIL
Alias - Audit parameters	INFO ALIAS {alias }, AUDIT
Alias - Remote passwords	INFO ALIAS {alias}, REMOTEPASSWORD
Alias - OSS parameters	INFO ALIAS {alias}, OSS
Alias - CI parameters	INFO ALIAS {alias}, CI
Alias - STATUS	INFO ALIAS {alias}, GENERAL
Alias- File Sharing Groups	INFO ALIAS {user name user number}, GROUP
Alias - All fields	INFO ALIAS {alias}, DETAIL
Objecttype settings	INFO OBJECTTYPE {objecttype}, DETAIL

Many Safeguard OBJECTs, such as User Group Name or Number, Volume, Sub- volume or Diskfile names can be wildcarded with an asterisk (*).

Use the INFO SAFEGUARD DETAIL command to display all the Global Security attributes of Safeguard software. To start SAFECOM:

Syntax:

  SAFECOM

The prompt for SAFECOM is an equal sign "=".

Example 1:

  SAFECOM

 SAFEGUARD COMMAND INTERPRETER - T9750G06 - (22JUL02) SYSTEM \LA =

  INFO SAFEGUARD, DETAIL

 SAFEGUARD IS CONFIGURED WITH SUPER.SUPER UNDENIABLE   AUTHENTICATE-MAXIMUM-ATTEMPTS =      3   AUTHENTICATE-FAIL-TIMEOUT     =     60 SECONDS   AUTHENTICATE-FAIL-FREEZE      = OFF   PASSWORD-REQUIRED = OFF    PASSWORD-HISTORY = 0   PASSWORD-ENCRYPT  = ON     PASSWORD-MINIMUM-LENGTH = 6   PASSWORD-MAY-CHANGE   =      1 DAYS BEFORE-EXPIRATION   PASSWORD-EXPIRY-GRACE =      7 DAYS  AFTER-EXPIRATION   WARNING-MODE = OFF WARNING-FALLBACK-SECURITY = GUARDIAN   DIRECTION-DEVICE     = SUBDEVICE-FIRST  CHECK-DEVICE    = ON   COMBINATION-DEVICE   = FIRST-ACL        CHECK-SUBDEVICE = ON   ACL-REQUIRED-DEVICE  = OFF   DIRECTION-PROCESS    = SUBPROCESS-FIRST CHECK-PROCESS = ON   COMBINATION-PROCESS  = FIRST-ACL CHECK-SUBPROCESS     = ON   ACL-REQUIRED-PROCESS = OFF   DIRECTION-DISKFILE    = FILENAME-FIRST   CHECK-VOLUME    = OFF   COMBINATION-DISKFILE  = FIRST-ACL        CHECK-SUBVOLUME = ON   ACL-REQUIRED-DISKFILE = OFF              CHECK-FILENAME  = ON   CLEARONPURGE-DISKFILE = OFF   AUDIT-OBJECT-ACCESS-PASS = NONE     AUDIT-AUTHENTICATE-PASS   = ALL   AUDIT-OBJECT-ACCESS-FAIL = ALL      AUDIT-AUTHENTICATE-FAIL   = ALL   AUDIT-OBJECT-MANAGE-PASS = ALL      AUDIT-SUBJECT-MANAGE-PASS = ALL   AUDIT-OBJECT-MANAGE-FAIL = ALL      AUDIT-SUBJECT-MANAGE-FAIL = ALL   AUDIT-DEVICE-ACCESS-PASS = NONE     AUDIT-PROCESS-ACCESS-PASS = NONE   AUDIT-DEVICE-ACCESS-FAIL = ALL      AUDIT-PROCESS-ACCESS-FAIL = ALL   AUDIT-DEVICE-MANAGE-PASS = ALL      AUDIT-PROCESS-MANAGE-PASS = ALL   AUDIT-DEVICE-MANAGE-FAIL = ALL      AUDIT-PROCESS-MANAGE-FAIL = ALL                     AUDIT-DISKFILE-ACCESS-PASS = NONE                     AUDIT-DISKFILE-ACCESS-FAIL = ALL                     AUDIT-DISKFILE-MANAGE-PASS = ALL                     AUDIT-DISKFILE-MANAGE-FAIL = ALL                     AUDIT-CLIENT-SERVICE       = OFF   CI-PROG = $SYSTEM.SYSTEM.TACL          CMON        = ON   CI-LIB  = * NONE *                     CMONERROR   = ACCEPT   CI-SWAP = * NONE *                     CMONTIMEOUT =     29 SECONDS   CI-CPU  = * NONE *                     BLINDLOGON  = ON   CI-PRI  =      150                     NAMELOGON   = ON   CI-PARAM-TEXT =   TERMINAL-EXCLUSIVE-ACCESS = OFF

Example 1 shows the Safeguard Globals. Note the first line, which shows that SUPER.SUPER is undeniable.

Example 2:

  INFO USER 222,77,DETAIL

 GROUP.USER          USER-ID   OWNER    LAST-MODIFIED   LAST-LOGON    STATUS ABCO.PAM            222,77 \*.253,1    12APR02, 11:00  23DEC02, 7:45 THAWED   UID                        =      56909   USER-EXPIRES               =    23DEC02, 7:45   PASSWORD-EXPIRES           =    23DEC02, 7:45   PASSWORD-MAY-CHANGE        =    * NONE *   PASSWORD-MUST-CHANGE EVERY =    30 DAYS   PASSWORD-EXPIRY-GRACE      =    29 DAYS   LAST-LOGON                 = 23DEC02 , 7:45   LAST-UNSUCCESSFUL-ATTEMPT  =  4DEC02, 13:11   LAST-MODIFIED              = 12APR02, 11:00   FROZEN/THAWED              = THAWED   STATIC FAILED LOGON COUNT  =        4   GUARDIAN DEFAULT SECURITY  = NCCC   GUARDIAN DEFAULT VOLUME    = $DATAA.PAM   AUDIT-AUTHENTICATE-PASS    = ALL     AUDIT-MANAGE-PASS = ALL   AUDIT-AUTHENTICATE-FAIL    = ALL     AUDIT-MANAGE-FAIL = ALL   AUDIT-USER-ACTION-PASS     = NONE   AUDIT-USER-ACTION-FAIL     = ALL   CI-PROG = * NONE *   CI-LIB  = * NONE *   CI-NAME = * NONE *   CI-SWAP = * NONE *   CI-CPU  = * NONE *   CI-PRI  = * NONE *   CI-PARAM-TEXT =   INITIAL-PROGTYPE = PROGRAM   INITIAL-PROGRAM =   INITIAL-DIRECTORY =   PRIMARY-GROUP = ABCO   GROUP         = ABCO   REMOTEPASSWORD = \LA    xxxx   REMOTEPASSWORD = \SYDNEY xxxx   REMOTEPASSWORD = \LONDON   xxxx   ALIAS = pamela   ALIAS = pam1   ALIAS = pam-noseg   ALIAS = plh1a   SUBJECT DEFAULT-PROTECTION SECTION  UNDEFINED  !

Example 2 shows a user record.

Example 3:

  INFO USER 222,77,REMOTEPASSWORD

 GROUP.USER         USER-ID   OWNER    LAST-MODIFIED   LAST-LOGON     STATUS ABCO.PAM            222,77 \*.253,1   12APR02, 11:00  23DEC02, 7:45   THAWED   REMOTEPASSWORD = \LA     xxxx   REMOTEPASSWORD = \SYDNEY xxxx   REMOTEPASSWORD = \LONDON xxxx

Example 3 shows only the remote passwords in a user record.

Example 4:

  INFO OBJECTTYPE VOLUME

 LAST-MODIFIED    OWNER  STATUS VOLUME                 30SEP02, 15:10 \*.255,255 THAWED          253,001              C,O       \*.253,001              C,O   AUDIT-ACCESS-PASS = ALL       AUDIT-MANAGE-PASS = ALL   AUDIT-ACCESS-FAIL = ALL       AUDIT-MANAGE-FAIL = ALL

Example 4 shows an OBJECTTYPE VOLUME record.

Example 5:

  INFO DISKFILE $DATAA.PAM.*,WARNINGS OFF

 LAST-MODIFIED    OWNER   STATUS $DATAA.PAM  MYFILE          13AUG01, 10:08     20,245 THAWED        \*.020,245       R,W,E,P,C,O        \*.222,077       R        \*.222,210       R,W   AUDIT-ACCESS-PASS = ALL         AUDIT-MANAGE-PASS = ALL   AUDIT-ACCESS-FAIL = ALL         AUDIT-MANAGE-FAIL = ALL   LICENSE = OFF PROGID = OFF CLEARONPURGE = OFF PERSISTENT = ON

Example 5 shows a diskfile record.

Example 6:

  INFO SECURITY-GROUP SECURITY-ADMINISTRATOR

 LAST-MODIFIED    OWNER    STATUS SECURITY-ADMINISTRATOR                   7JAN03, 11:12    255,255  THAWED           222,233           E,   O           222,250           E,   O           253,001           E,   O

Example 6 shows a SECURITY-GROUP record.

Example 7:

  INFO GROUP NAME TEST,DETAIL

 GROUP NAME                 NUMBER    OWNER        LAST-MODIFIED test                          300    255,255       8DEC00, 17:53 AUTO-DELETE = OFF DESCRIPTION = "aaa;bbb" MEMBER      = Manuel MEMBER      = sec-bryan MEMBER      = daryl1

Example 7 shows a FILE-SHARING Group record.

Gathering Information about the Safeguard Audit Trail

There are two commands used to display the configuration of Safeguard audit trails:

INFO AUDIT POOL

INFO AUDIT SERVICE

INFO AUDIT POOL Command

The INFO AUDIT POOL displays parameters that determine the name and size of any Audit Pools.

If the command is entered without a specific Audit Pool name, the Current Audit Pool is assumed.

Example 1:

  NFO AUDIT POOL

 AUDIT POOL $SYSTEM.SAFE   CONFIGURATION      MAXFILES                 5      MAXEXTENTS              16      EXTENTSIZE             128,    128

Example 1 shows the configuration of the Current Audit Pool.

Example 2:

  INFO AUDIT POOL $DATAA.TEMPPOOL

 AUDIT POOL $DATAA.TEMPPOOL   CONFIGURATION      MAXFILES                   15      MAXEXTENTS                 32      EXTENTSIZE                256, 256

Example 2 shows the configuration of a secondary Audit Pool.

INFO AUDIT SERVICE Command

The INFO AUDIT SERVICE Command displays parameters that determine Safe- guard's RECOVERY OPTIONS and the manner in which audit records are written to the Audit Trail.

Example 3:

  INFO AUDIT SERVICE

 CURRENT AUDIT POOL  $SECURE.SAFE CURRENT AUDIT FILE  $SECURE.SAFE.A0007739 NEXT AUDIT POOL     $WORK.SFGAUDIT RECOVERY            RECYCLE FILES CURRENT STATE       RECYCLING FILES WRITE-THROUGH CACHE OFF EOF REFRESH         OFF

Example 3 shows the AUDIT SERVICE parameters. The current Audit Pool is $SECURE.SAFE. The next Audit Pool is $WORK.SFGAUDIT. Audit files are being RECYCLED. Audit records are held in memory before being written to disk and the End of File pointer is not updated until the records are actually written to disk.

SQL Commands

The SQLCI program is used to interact with the SQL database system. To find the SQL system catalog and version, start SQLCI:

Syntax:

  SQLCI

SQLCI has two prompt levels. A prompt of two right carets (>>) is displayed when SQLCI is ready to start processing a command. A prompt of a plus sign and a right caret is displayed when SQLCI is in the middle of processing an extended line command. All commands in SQLCI are terminated with a semi- colon ; otherwise , SQLCI assumes extended line commands and continues processing for input.

Example 1:

  SQLCI

 SQL Conversational Interface - T9191G07 - (05AUG02) COPYRIGHT COMPAQ COMPUTER CORPORATION 1987-2002

  GET CATALOG OF SYSTEM;

 CATALOG: \LA.$DSMSCM.SQL -- SQL operation complete.

  GET VERSION OF CATALOG $DSMSCM.SQL;

 VERSION: 345 -- SQL operation complete.

To view the file label information for SQL objects, use FUP INFO or FILEINFO at the TACL prompt in the same manner as any other file on the system.

  FILEINFO $DSMSCM.SQL.*;

 $DSMSCM.SQL             CODE      EOF   LAST MODIFIED OWNER   RWEP  PExt  SExt BASETABS O   572A    6384 06AUG2002 15:49 255,255 NNNU    16   128 CATALOGS     571A   16384 18JUN2003 14:09 255,255 NNUU    16   128 CATDEFS  O   900A   12288 12OCT1999 10:08 255,255 AA-A    16    64 COLUMNS  O   573A  159744 06AUG2002 15:49 255,255 NNNU    16   128 COMMENTS     574A       0 04DEC1998  7:02 255,255 NNNU    16   128 CONSTRNT     575A       0 04DEC1998  7:02 255,255 NNNU    16   128 CPRLSRCE     587A       0 04DEC1998  7:02 255,255 NNNU    16   128 CPRULES      586A       0 04DEC1998  7:02 255,255 NNNU    16   128

Researching SQL catalog information is performed using the SQL query language to execute queries against the SQL catalogs. Generally, research of this type requires extensive knowledge of SQL and SQL query format. A large number of queries can be performed against the SQL catalogs. Some examples are:

To display a list of catalog names from the System Catalog;

Example 2:

  select * from $dsmscm.sql.catalogs for browse access;

 CATALOGNAME             SUBSYSTEMNAME                   VERSION ---------------------------------------------------------------- VERSIONUPGRADETIME   CATALOGCLASS CATALOGVERSION ------------------------------------------------ \LA.$DATA1.AMACATL   SQL                           A350              0 U                     350 \LA.$DATA1.AMATEST   SQL                           A350              0 U                     350 \LA.$DATA1.P05AACAT  SQL                           A350              0 U                     350 \LA.$DATA1.TAPECAT   SQL                           A350

To display a list of tables from a specified catalog:

Example 3:

  select * from $dsmscm.tapecat.tables for browse access;

 TABLENAME TABLETYPE TABLECODE COLCOUNT GROUPID ---------------------------------------------- USERID  CREATETIME         REDEFTIME              SECURITYVECTOR SECURITYMODE ------------------------------------ OBJECTVERSION SIMILARITYCHECK ----------------------------- \LA.$DSMSCM.TAPECAT.BASETABS      TA              572     9     255    255    211793825082668460  211793824964685790  NNCC       G             1 DISABLED \LA.$DSMSCM.TAPECAT.COLUMNS       TA              573    26     255    255 211793825082824170        211793824964685790  NNCC       G             1 DISABLED

To discover the security and owner of catalog tables, query the TABLES table as shown:

Syntax:

  LOG <log-file> CLEAR;   SELECT TABLENAME, SECURITYVECTOR, GROUPID, USERID   FROM <catalog-name>.TABLES   WHERE TABLENAME = "\SYSTEM.$<VOLUME>.<CATALOG-NAME>.TABLES";

To find out the security and owner of the USAGES, TRANSIDS, and PROGRAMS tables:

Syntax:

  SELECT TABLENAME, SECURITYVECTOR, GROUPID, USERID   FROM <catalog-name>.TABLES   WHERE TABLENAME = "\SYSTEM.$<VOLUME>.<CATALOG-NAME>.USAGES"   OR TABLENAME = "\SYSTEM.$<VOLUME>.<CATALOG-NAME>.TRANSIDS"   OR TABLENAME = "\SYSTEM.$VOLUME.<CATALOG-NAME>.PROGRAMS";

Gathering System Information

SYSINFO

To display information such as System Name, Number and Operating System release numbers and the current SYSnn, use the SYSINFO command.

On NonStop K-series servers, the System number displayed using SYSINFO may not be correct. The RLSEID file is a more reliable reference.

Example 1:

  SYSINFO

 SYSINFO - T9268D37 - (27 Nov 97) SYSTEM \LONDON Date 23 Apr 2003, 13:08:28 COPYRIGHT TANDEM COMPUTERS INCORPORATED 1985, 1987-1997          System name   \LONDON   EXPAND node number   153        Current SYSnn   SYS01        System number   045422  Software release ID   G06.18

Example 1 shows a SYSINFO on a NonStop S-series system.

Example 2:

  SYSINFO

 SYSINFO - T9268D37 - (27 Nov 97) SYSTEM \TORONTO Date 07 May 2003, 07:07:38 COPYRIGHT TANDEM COMPUTERS INCORPORATED 1985, 1987-1997          System name   \TORONTO   EXPAND node number   152        Current SYSnn   SYS04        System number   B29625  Software release ID   D48.03

Example 2 shows a SYSINFO on a NonStop K-series system. Note that the System number displayed here differs from that in the RLSEID file shown below.

RLSEID File

The system number and Operating System and Release Version can be found in the file called RLSEID. This file is located in the current $SYSTEM.SYSnn.

Example 1:

  FUP COPY $SYSTEM.SYS01.RLSEID

 R24 045422 G06.18 1 RECORDS TRANSFERRED

Example 1 shows the RLSEID file on a NonStop S-series server. The system number is '045422"; the software release number is Release Version Update G06.18.

Example 2:

  FUP COPY $SYSTEM.SYS04.RLSEID

 Q11 064421 D48.03 1 RECORDS TRANSFERRED

Example 2 shows the RLSEID file on a NonStop K-series system. The system number is '064421", the software release number is D48.03.

Researching TACL Configuration

ASSIGNs

In an interactive TACL session:

Enter the keyword ASSIGN at a TACL prompt to display ASSIGNs that are added as part of the authentication and TACL initialization process or after the execution of a TACL macro or OBEY file.

In the Pathway Environment:

Enter the command: INFO SERVER *

Manually examine the TACLLOCL file and any TACLCSTM files located for the keyword ASSIGN.

Manually examine all OBEY files for the keyword ASSIGN.

ASSIGNs and DEFINEs In NETBATCH

In the NETBATCH Environment:

Within an ATTACHMENT-SET

Use the BATCHCOM utility to research ATTACHMENT-SETs.

To start BATCHCOM:

Syntax:

  BATCHCOM

The prompt for BATCHCOM is a right curly brace ("}").

Example 1:

  BATCHCOM

First locate a job to examine using the STATUS JOB command:

Example 2:

  STATUS JOB *

 JOB STATUS JOB  JOBNAME                  USERID  LOG  STATE     CLASSNAME --------------------------------------------------------------    1 AUTOBACKUP               255,255 5487 18:00:00  DEFAULT    5 INCREMENTAL-BACKUP       255,255 6094 31MAR03   DEFAULT   29 SETTIME                  255,255 6170 29MAR03   DEFAULT   45 NIGHTLY-MAINTENANCE      222,250 6163 29MAR03   DEFAULT

Then examine the job using the INFO JOB command:

Example 3:

  INFO 29

 JOB ATTRIBUTES for SETTIME                       jobnumber: 29                          volume: \LA.$SYSTEM.TIME, "NUNU"                              in:                             out: \LA.$S.#BATCH.SETTIME                executor-program: \LA.$SYSTEM.SYSPROBJ.ADJTIME                             pfs: 0                             pri: 120                          selpri: 3                   maxprintlines: None                   maxprintpages: None                           class: DEFAULT                            hold: Off                           stall: Off                   stop-on-abend: Off                           every: 1 DAYS                              at: 14DEC99 04:00:00                         iffails: On attachment-set: (SUPER.SUPER)STANDARD   highpin: Of                          submit: 14DEC99 10:22:04                           alter: 30APR02 08:41:33                            user: 255,255                    next-runtime: 29MAR03 04:00:00

Look for an entry such as: "attachment-set: "(SUPER.SUPER)STANDARD", in the example above.

Finally, to see the contents of the ATTACHMENT-SET, enter the following command:

Example 4:

  INFO ATTACHMENT-SET (SUPER.SUPER) STANDARD

 The items contained in the ATTACHMENT-SET will be displayed ATTACHMENT-SET ATTRIBUTES for (SUPER.SUPER)STANDARD      security: "UUUU"      temporary: Off

DEFINEs:

In an interactive TACL session:

Example 1:

  INFO DEFINE =*

 Define Name      =TCPIP^PROCESS^NAME CLASS            MAP FILE             \LA.$ZTCP2 Define Name      =ABOPS_EMS_COLLECTOR CLASS            MAP FILE             \LA.  Define Name =TCPIP^PROCESS^NAME CLASS MAP FILE \LA.$ZTCP2 Define Name =ABOPS_EMS_COLLECTOR CLASS MAP FILE \LA.$0 Define Name =ABOPS_XOUT CLASS MAP FILE \LA.$XOUT Define Name =_DEFAULTS CLASS DEFAULTS VOLUME $DATAA.MARK 
 Define Name      =ABOPS_XOUT CLASS            MAP FILE             \LA.$XOUT Define Name      =_DEFAULTS CLASS            DEFAULTS VOLUME           $DATAA.MARK

Displays all DEFINEs that may have been added as part of the authentication and TACL initialization process or after the execution of a TACL macro or OBEY file.

In the Pathway Environment enter the command:

Example 2:

  INFO SERVER *

 SERVER XPLS000   PROCESSTYPE GUARDIAN   AUTORESTART 0   CPUS (1:0)   CREATEDELAY 1 MINS   DEBUG OFF   DELETEDELAY 10 MINS   HIGHPIN OFF   HOMETERM \LA.$VHS   LINKDEPTH 1   MAXSERVERS 1   NUMSTATIC 1   OWNER \LA.255,255   PRI 120   PROGRAM \LA.$DATAA.XPLPROBJ.XPLS000   SECURITY "N"   TMF OFF   VOLUME \LA.$DATAA.XPLPRDAT

Manually examine the TACLLOCL file and any TACLCSTM files located for the keyword DEFINE.

Manually examine all OBEY files for the keyword DEFINE.

PARAMs:

In an interactive TACL session:

Example 1:

  PARAM

Displays PARAMs that may have been added as part of the authentication and TACL initialization process or after the execution of a TACL macro or OBEY file.

In the Pathway Environment enter the command:

Example 2:

  PATHCOM   INFO SERVER *

Manually examine the TACLLOCL file and any TACLCSTM files located.

Manually examine all OBEY files.

Manually examine all ATTACHMENT-SETs

Viewing the TACLCONF Parameters

Use the following TACL commands to display the values of the TACLCONF parameters.

Syntax:

  #getconfiguration/<parameter>/

The parameters are:

  #getconfiguration/BLINDLOGON/   #getconfiguration/NOCHANGEUSER/   #getconfiguration/AUTOLOGOFFDELAY/   #getconfiguration/LOGOFFSCREENCLEAR/   #getconfiguration/NAMELOGON/   #getconfiguration/CMONTIMEOUT/   #getconfiguration/REMOTECMONTIMEOUT/   #getconfiguration/REMOTESUPERID/   #getconfiguration/CMONREQUIRED/   #getconfiguration/REMOTECMONREQUIRED/   #getconfiguration/STOPONFEMODEMERR /

Example 1:

  #getconfiguration/BLINDLOGON/

 #getconfiguration/BLINDLOGON/ expanded to: 0

Example 2:

  #getconfiguration/NOCHANGEUSER/

 #getconfiguration/NOCHANGEUSER/ expanded to: 0

Example 3:

  #getconfiguration/AUTOLOGOFFDELAY/

 #getconfiguration/AUTOLOGOFFDELAY/ expanded to: -1

The value returned from each query is 0 for false, 1 for true or a numeric value for those parameters like CMONTIMEOUT that require a count. A count of “1 for a timeout value means that there is no timeout.

PASSWORD BIND Settings

The BIND program displays values from inside a compiled program. To start BIND:

Syntax:

  BIND

The BINDER Command Interpreter prompt will be an "@".

Use the following BIND commands to display the PASSWORD Program parameters.

  DUMP DATA <PARAMETER-NAME> * FROM $SYSTEM.SYS<NN>.PASSWORD

Four parameters control PASSWORD's behavior:

  PROMPTPASSWORD   BLINDPASSWORD   MINPASSWORDLEN   ENCRYPTPASSWORD

Example 1:

  BIND

 BINDER - OBJECT FILE BINDER - T9621D30 - (31MAY02) SYSTEM \LA Copyright Compaq Computers Corporation, 1988-2002

  DUMP DATA PROMPTPASSWORD * FROM $SYSTEM.SYS03.PASSWORD

 000000: 000001

  DUMP DATA BLINDPASSWORD * FROM $SYSTEM.SYS03.PASSWORD

 000000: 000001

  DUMP DATA MINPASSWORDLEN * FROM $SYSTEM.SYS03.PASSWORD

 000000: 000006

  DUMP DATA ENCRYPTPASSWORD * FROM $SYSTEM.SYS03.PASSWORD

 000000: 000001

The value returned from each query is either 000000 (false) or 0000001 (true), except for MINPASSWORDLEN, which returns a number between 000000 and 000008, representing the minimum length acceptable.

SCF (Subsystem Control Facility) Commands

Use SCF LISTDEV to display all processes that have a device type and are known to SCF. To start SCF:

SCF Syntax:

  SCF (to enter the SCF command interpreter).

The SCF command interpreter prompt will be a number, dash, and a greater than sign "n->".

Example 1:

  LISTDEV

 LDev  Name      PPID   BPID    Type    RSize Pri Program    0  LDev Name PPID BPID Type RSize Pri Program 0 $0 0,5 1,5 (1,0) 102 201 \LA.$SYSTEM.SYS01.OSIMAGE 1 $NCP 0,16 1,13 (62,6) 1 199 \LA.$SYSTEM.SYS01.NCPOBJ 3 $YMIOP 0,256 1,256 (6,4) 80 205 \LA.$SYSTEM.SYS01.OSIMAGE 5 $Z0 0,7 1,7 (1,2) 102 200 \LA.$SYSTEM.SYS01.OSIMAGE 6 $SYSTEM 0,257 1,257 (3,41) 4096 104 \LA.$SYSTEM.SYS01.OSIMAGE 7 $ZOPR 0,8 1,8 (1,0) 102 201 \LA.$SYSTEM.SYS01.OSIMAGE 63 $MPATH 0,284 1,284 (63,1) 0 199 \LA.$SYSTEM.SYS01.LHOBJ 64 $ZZKRN 0,15 1,23 (66,0) 132 180 \LA.$SYSTEM.SYS01.OZKRN 65 $ZZWAN 0,277 1,289 (50,3) 132 180 \LA.$SYSTEM.SYS01.WANMGR 66 $ZZW01 1,266 0,0 (50,0) 0 199 \LA.$SYSTEM.SYS01.CONMGR 246 $QA0 1,357 0,363 (1,0) 4024 130 \LA.$SYSTEM.SYS01.EMSACOLL 247 $DV0 1,358 0,369 (1,0) 4024 130 \LA.$SYSTEM.SYS01.EMSACOLL 253 $ZPHI 0,375 1,356 (1,0) 4024 130 \LA.$SYSTEM.SYS01.EMSACOLL 264 $Z03H 0,104 0,0 (1,30) 132 150 \LA.$SYSTEM.SYS01.EMSDIST 270 $NMTRM 1,380 0,0 (46,0) 6144 150 \LA.$SYSTEM.SYSOPR.ENFORM 280 $Z6ND 1,390 0,0 (46,0) 6144 150 \LA.$SYSTEM.SYSOPR.ENFORM 282 $Z0WY 0,216 0,0 (1,30) 132 100 \LA.$SYSTEM.SYS01.EMSDIST 284 $Z6NJ 1,378 0,0 (46,0) 6144 150 \LA.$SYSTEM.SYSOPR.ENFORM 338 $X7MX 1,392 0,0 (1,30) 132 130 \LA.$SYSTEM.SYS01.EMSDIST Total Errors = 0 Total Warnings = 0 
 0,5    1,5     (1,0)   102 201 \LA.$SYSTEM.SYS01.OSIMAGE    1  $NCP      0,16   1,13    (62,6)     1 199 \LA.$SYSTEM.SYS01.NCPOBJ    3  $YMIOP    0,256  1,256   (6,4)    80 205 \LA.$SYSTEM.SYS01.OSIMAGE    5  $Z0       0,7    1,7     (1,2)   102 200 \LA.$SYSTEM.SYS01.OSIMAGE    6  $SYSTEM   0,257  1,257   (3,41)  4096 104 \LA.$SYSTEM.SYS01.OSIMAGE    7  $ZOPR     0,8    1,8     (1,0)   102 201 \LA.$SYSTEM.SYS01.OSIMAGE   63  $MPATH    0,284  1,284   (63,1)     0 199 \LA.$SYSTEM.SYS01.LHOBJ   64  $ZZKRN    0,15   1,23    (66,0)   132 180 \LA.$SYSTEM.SYS01.OZKRN   65  $ZZWAN    0,277  1,289   (50,3)   132 180 \LA.$SYSTEM.SYS01.WANMGR   66  $ZZW01    1,266  0,0     (50,0)     0 199 \LA.$SYSTEM.SYS01.CONMGR  246  $QA0      1,357  0,363   (1,0)  4024 130 \LA.$SYSTEM.SYS01.EMSACOLL  247  $DV0      1,358  0,369   (1,0)  4024 130 \LA.$SYSTEM.SYS01.EMSACOLL  253  $ZPHI     0,375  1,356   (1,0)  4024 130 \LA.$SYSTEM.SYS01.EMSACOLL  264  $Z03H     0,104  0,0     (1,30)   132 150 \LA.$SYSTEM.SYS01.EMSDIST  270  $NMTRM    1,380  0,0     (46,0)  6144 150 \LA.$SYSTEM.SYSOPR.ENFORM  280  $Z6ND     1,390  0,0     (46,0)  6144 150 \LA.$SYSTEM.SYSOPR.ENFORM  282  $Z0WY     0,216  0,0     (1,30)   132 100 \LA.$SYSTEM.SYS01.EMSDIST  284  $Z6NJ     1,378  0,0     (46,0)  6144 150 \LA.$SYSTEM.SYSOPR.ENFORM  338  $X7MX     1,392  0,0     (1,30)   132 130 \LA.$SYSTEM.SYS01.EMSDIST Total Errors = 0   Total Warnings = 0

Use LISTDEV TCPIP to display all TCPIP processes.

Example 2:

  LISTDEV TCPIP

 LDev Name       PPID    BPID  Type    RSize Pri Program  145 $ZTC0      0,329   1,308  (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP  161 $ZTC2      1,54    0,75   (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP  164 $ZTC1      1,318   0,334  (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP  175 $ZB018     0,345   1,328  (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP  176 $ZB01B     0,340   1,322  (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP  182 $ZTC3      0,351   1,333  (48,0) 32000 200 \LA.$SYSTEM.SYS01.TCPIP Total Errors = 0    Total Warnings = 0

Use SCF INFO SUBNET to display TCPIP SUBNET information. This information is particularly useful to determine what TCPIP addresses are configured for access to the system.

Example 3:

  INFO SUBNET $ZTC0.*

 TCPIP Info SUBNET \LA.$ZTCP0.* Name     Devicename     *IPADDRESS      TYPE     *SUBNETMASK SuName QIO *R #LOOP0   \NOSYS.$NOIOP  127.0.0.1       LOOP-BACK %HFF000000        OFF N #SN1     \LA.LANX       192.168.55.32   ETHERNET  %HFFFFFF00        ON  N 2->

Use SCF LISTDEV TELSERV to display all TELSERV processes.

Example 4:

  LISTDEV TELSERV

 LDev Name    PPID   BPID   Type RSize Pri Program  147 $ZTN0   0,324  1,293 (46,0) 6144 170 \LA.$SYSTEM.SYS01.TELSERV  165 $ZTN1   1,319  0,336 (46,0) 6144 170 \LA.$SYSTEM.SYS01.TELSERV  179 $ZN018  0,339  1,330 (46,0) 6144 150 \LA.$SYSTEM.SYS01.TELSERV  210 $ZTN2   1,341  0,361 (46,0) 6144 170 \LA.$SYSTEM.SYS01.TELSERV  211 $ZTNPX  1,337  0,352 (46,0) 6144 170 \LA.$SYSTEM.SYS01.TELSERV

Use SCF ASSUME and INFO to display a list of services associated with a TELSERV process.

Example 5:

  ASSUME PROCESS $ZTN1   INFO SERVICE *

 TELSERV Info SERVICE \LA.$ZTN1.* Name        *Type        *Subtype *Access *Display *Program TACL        CONVERSATION DYNAMIC  ALL     ON       $SYSTEM.SYSTEM.TACL ZVTL        VTL          STATIC   N/A     OFF      N/A ZTELNET     CONVERSATION DYNAMIC  N/A     OFF      N/A ZBLOCK      BLOCK        STATIC   N/A     OFF      N/A ZCONV       CONVERSATION STATIC   N/A     OFF      N/A ZPRINT      PRINT        STATIC   N/A     OFF      N/A ZSPI        SPI          STATIC   N/A     OFF      N/A

Use SCF INFO SERVICE to display details of a TELSERV service.

Example 6:

  INFO SERVICE TACL,DETAIL

 TELSERV Detailed Info SERVICE \LA.$ZTN1.tacl *Type................... CONVERSATION *Subtype................ DYNAMIC *Display................ ON           *Autodelete............. OFF *Owner.................. N/A          *Access................. ALL *CPU.................... N/A          *Pri.................... N/A *Swap................... N/A *Program................ $SYSTEM.SYSTEM.TACL *Lib.................... N/A *Resilient.............. OFF *Param.................. N/A *Assigned Window........ OFF *Default Service........ OFF

Use SCF to list all nodes on the network. Compare list to network diagram provided by operations.

Example 7:

  INFO PROCESS $NCP,DETAIL

 EXPAND   Detailed Info PROCESS $NCP       AT \LA (253)  Max System Number..            254  *Aborttimer.........  0:02:30.00  Algorithm..........   SPLITHORIZON  AutomaticMaptimer..                ON *Connecttime........     0:00:00.00  Framesize..........               132 *Maxtimeouts........              3 *Maxconnects........                10 *NetworkDiameter....             15  Type...............            (62,0) *Message 43.........            OFF  Message 44.........                ON  Message 45.........             ON *Message 46.........               OFF  Message 47.........             ON *Message 48.........               OFF *Message 49.........            OFF *AutoRebal..........               OFF  Next Rebalance Time     0/00:00:00 *AutoRebalTime......        1/00:00:00  Trace File Name....  none

Use SCF maps to list all nodes on the network. Compare this list to a network diagram provided by operations.

Example 8:

  INFO PROCESS $NCP,NETMAP

 EXPAND  Info  PROCESS  $NCP, NETMAP        NETMAP AT \LA (253) #LINESETS=2 TIME: DEC 13,2002 15:38:01 SYSTEM           TIME       (DISTANCE)  BY  PATH                      INDEX 252 \CHICAGO  190K(01)* inf()                                       [ 2] 254 \ABCO      inf() 380K(01)*                                       [ 2] ---------------------------------------------------              LINESETS AT \LA (253) #LINESETS=2 LINESET    NEIGHBOR     LDEV    TF    PID    LINE LDEV STATUS FileErr# 1  \CHICAGO    (252) 117 190K (0, 330)                                        1   117   READY 2  \ABCO       (254) 63 380K (0, 285)                                        1   119   READY                                        2   118   READY

Use SCF to check the PASSTHRU setting.

   SCF Syntax:    INFO PROFILE $ZZWAN.#< profile-name >

Example 9:

  INFO PROFILE $ZZWAN.#EXPIP

 WAN MANAGER Info profile \LA.$ZZWAN.#EXPIP   Devices using this profile   Device.......... 1 : $EXPIP DEVICE SPECIFIC MODIFIERS:   NEXTSYS 253   L4CONGCTRL_ON L4RETRIES 3 L4TIMEOUT 2000 COMPRESS_ON  PASSTHRU_ON    L4EXTPACKETS_ON   SUPERPATH_OFF   L4SENDWINDOW 254   PATHBLOCKBYTES 0   PATHPACKETBYTES 1024   RXWINDOW 7   TXWINDOW 7   ALGORITHM 1   AUTOMATICMAPTIMER 1   CONNECTTIME 0   FRAMESIZE 132   MAXTIMEOUTS 3   MAXCONNECTS 5   NETWORKDIAMETER 15   ABORTTIMER 15000

NonStop TMF Software

The TMFCOM program is used to monitor and control NonStop TMF software. Use the STATUS command to determine current active conditions.

TMF Syntax:

  TMFCOM

The NonStop TMF command interpreter prompt will be TMF, a number, and a right caret "TMF n>".

Example 1:

  TMFCOM

 TMFCOM - T8652G07 - (29NOV2002 - TMF) COPYRIGHT COMPAQ COMPUTER CORPORATION 2002 TMF 1>

Example 2:

  STATUS AUDITTRAIL

 AuditTrail Status:   Master     Active audit trail capacity used: 24%     First pinned file: $AUDIT.ZTMFAT.AA002978     Reason: Current File     Current file: $AUDIT.ZTMFAT.AA002978

Example 3:

  STATUS DATAVOLS

 Audit Recovery

 Volume   Trail   Mode   State ----------------------------------- $DATAA   Mat   Online   Started $DATAB   Mat   Online   Started $DATAC   Mat   Online   Started $DATAD   Mat   Online   Started $DATAE   Mat   Online   Started $DSMSCM  Mat   Online   Started $SYSTEM  Mat   Online   Started

Example 4:

  STATUS AUDITDUMP

 AuditDump Status: Master: State: enabled, Status: inactive

Example 4:

  STATUS CATALOG

 Catalog Status:     Status: active

Example 5:

  STATUS SERVER

 TMF Server Status:     System:      \LA (253)     Date-Time:   17-Jun-2003 23:55:03     Process:     $Y5WB (0,269)     Creator ID:  (222,230)     Process ID:  (222,230)     Priority:    130     Object Name: \LA.$SYSTEM.SYS01.TMFSERVE     HomeTerm:    \LA.$ZTNP2     Swap Volume: $AUDIT     Version:     TMFSERVE - T8694G07 - (29NOV2002 - TMF)

Example 6:

  STATUS TMF

 TMF Status: System: \LA, Time: 17-Jun-2003 16:53:57 State: started Transaction Rate: 0.88 TPS   AuditTrail Status: Master     Active audit trail capacity used: 5%     First pinned file: $AUDIT.ZTMFAT.AA003070       Reason: Current File     Current file: $AUDIT.ZTMFAT.AA003070 AuditDump Status:   Master: State: enabled, Status: inactive BeginTrans Status: ENABLED Catalog Status:      Status: active

Example 7:

  STATUS TRANSACTIONS

 Transaction Identifier      Process      State  Parent Children ----------------------------------------------------------------      \LA.1.22978248           $Z5WF (1,454)  Active \LA.1.22978154           $Z5WA (1,415)  Active \CHICAGO.1.3813572       $Y9X6 (1,294)  Active  \CHICAGO

Use the INFO command to determine configuration settings.

Example 8:

  INFO AUDITTRAIL

 AuditTrail Configuration:  Master    ActiveVols: $AUDIT    Subvolume ZTMFAT, Prefix AA, filesize 180, filespervolume 4,    auditdump On, overflowthreshold 80%, begintransdisable 90%    OverflowVols: $AUDIT    RestoreVols: $SYSTEM

Example 9:

  INFO CATALOG

 Catalog Configuration:  retaindepth 3, released Off

Example 10:

  INFO TMF

 Configuration Volume:   $SYSTEM AuditTrail Configuration:  Master    ActiveVols: $AUDIT    Subvolume ZTMFAT, Prefix AA, filesize 180, filespervolume 4,    auditdump On, overflowthreshold 80%, begintransdisable 90%    OverflowVols: $AUDIT    RestoreVols: $SYSTEM Auditdump Configuration:  Master: enabled, medium tape, Copies 1, verifytape Off , blocksize 28,  system \LA

 Catalog Configuration:  retaindepth 3, released Off BeginTrans Configuration:  TransCountThresh (1500,1600)  TmfLibMemThresh (85,90)  TmpMemThresh (90,95)  TransPerCpu (1024,1024)  AutoAbort 7200 Seconds  RecRMCount 256  RMOpenPerCpu 128  BranchesPerRM 128 After the next START TMF, the BeginTrans Configuration will be:  TransPerCpu (1024,1024)  RecRMCount 256  RMOpenPerCpu 128  BranchesPerRM 128

NonStop TMF software regularly copies its audit dumps to tape. To display information about the auditdump:

Example 11:

  INFO AUDITDUMP

 Auditdump Configuration: Master:  enabled, medium tape, Copies 1, verifytape Off , blocksize 28,system \LA

Example 12:

  INFO DUMPS

 Dump                   Dump   Media     FileName    Serial   Date-Time       Type Type    Media Name ---------------------------------------------------------------- $ZTMFAT.ZTMFAT  AA003067          66 17-Jun-2003 15:06 audit tape TMF001  AA003068          67 17-Jun-2003 15:49 audit tape TMF002  AA003069          68 17-Jun-2003 16:20 audit tape TMF003

Example 13:

  INFO TAPEMEDIA

 Media Name Media Type Media Status ------------------------------------ TEST          tape      released TMF001        tape      assigned TMF002        tape      assigned TMF003        tape      assigned TMF004        tape      assigned

NonStop TMF software can also create audit dumps by copying the information to disk:

Example 14:

  INFO AUDITDUMP

 Auditdump Configuration:  Master: enabled, medium disk     DiskMedia \LA.$DATAD.ZT

USERS Program

The USERS program lists all or some of the users on the system. Enter an exact user name or user number or replace either the group name or member name with an asterisk (*).

Syntax:

  USERS { [ groupname.  group#,  *. ] [ membername.  member#,  * ] }

Example:

  USERS 222,*

 GROUP .USER       I.D. #   SECURITY  DEFAULT VOLUMEID ABCO  .NOREMOTE   222,001    NNNN    $DATAA.P15QATST ABCO  .BANKING    222,005    OOOO    $SYSTEM.NOSUBVOL ABCO  .JULIE      222,007    OOOO    $USERS.JULIEC ABCO  .STEVE      222,008    CCCC    $DATAA.STEVE

The display includes the following information:

User Name and User Number, the user's default security vector and default volume.

SPOOLCOM

The SPOOLCOM program allows management and display of information in a data output spooler. To start SPOOLCOM:

Syntax:

  SPOOLCOM

The SPOOLER command interpreter will be a right parenthesis ")"

Example 1:

  SPOOLCOM

 SPOOLCOM - T9101D48 - (25JUL2002) SYSTEM \LA Copyright Tandem Computers Incorporated 1978, 1982, 1983, 1984, 1985, 1986, 1987, 1988, 1989, 1990, 1991)

Use the COLLECT command to display the status of spooler collector configurations.

Example 2:

  COLLECT

 COLLECT STATE     FLAGS CPU   PRI UNIT DATA FILE                 %FULL $S      ACTIVE          0 , 1 170 8    $SYSTEM.SYSPRSPL.SPLDATA  56 $TLH    ACTIVE          1 , 0 145 4    $DATAA.P09QATH.SPLDATA    0

Use the JOB command to display a list of jobs in the spooler subsystem.

Example 2:

JOB

 JOB BATCH STA FLAGS OWNER   TIME  COPY PAGE REPORT          LOCATION 12  1310  RDY 3     222,210 06/08 1    5    QED ARCH222 210 #REPORT.TARCH 13  1310  RDY 3     222,210 06/08 1    1    ABCO   LEE      #REPORT.TARCH 14  1310  RDY 3     222,210 06/08 1    1    ABCO   LEE      #REPORT.TARCH 15  1310  RDY 3     222,210 06/08 1    1    ABCO   LEE      #REPORT.TARCH 16  1310  RDY 3     222,210 06/08 1    1    ABCO   LEE      #REPORT.TARCH 17  1311  RDY 3     222,210 06/08 1    8    QED ARCH222 210 #REPORT.TADEL 18  1311  RDY 3     222,210 06/08 1    2    ABCO   LEE      #REPORT.TADEL 19  1311  RDY 3     222,210 06/08 1    1    ABCO   LEE      #REPORT.TADEL 20  1311  RDY 3     222,210 06/08 1    1    ABCO   LEE      #REPORT.TADEL 21  1311  RDY 3     222,210 06/08 1    1    ABCO   LEE      #REPORT.TADEL 22  1311  RDY 3     222,210 06/08 1    1    ABCO   LEE      #REPORT.TADEL 23  1311  RDY 3     222,210 06/08 1    1    ABCO   LEE      #REPORT.TADEL 39  1317  RDY 3     222,11  06/09 1    5    BFMA ADD222 11  #BFMA.ADDARC 40  1317  RDY 3     222,11  06/09 1    1    ABCO   MARK     #BFMA.ADDARC 41  1317  RDY 3     222,11  06/09 1    1    ABCO   MARK     #BFMA.ADDARC

PERUSE

The PERUSE program is used to display the contents of an output job in the spooler.

   Syntax:    PERUSE

The PERUSE command interpreter will be an underscore "_".

Example 1:

  PERUSE

 PERUSE - T9101D48 - (25JUL2002)    SYSTEM \LA Copyright Tandem Computers Incorporated 1978, 1982, 1983, 1984, 1985, 1986, 1987, 1988, 1989, 1990, 1991

Use the JOB command to display a list of spooled jobs.

Example 2:

JOB

 JOB BATCH STATE PAGES COPIES PRI HOLD LOCATION        REPORT 39  1317  READY 5     1      3        #BFMA   ADDARC  BFMA ADD222 11 40  1317  READY 1     1      3        #BFMA   ADDARC  ABCO   MARK 41  1317  READY 1     1      3        #BFMA   ADDARC  ABCO   MARK 42  1317  READY 1     1      3        #BFMA   ADDARC  ABCO   MARK 43  1317  READY 1     1      3        #BFMA   ADDARC  ABCO   MARK 46  1319  READY 6     1      3        #BFMA   DELARC  BFMA DEL222 11 47  1319  READY 1     1      3        #BFMA   DELARC  ABCO   MARK 48  1319  READY 1     1      3        #BFMA   DELARC  ABCO   MARK 49  1319  READY 1     1      3        #BFMA   DELARC  ABCO   MARK 50  1319  READY 1     1      3        #BFMA   DELARC  ABCO   MARK 51  1319  READY 1     1      3        #BFMA   DELARC  ABCO   MARK 222 1328  READY 5     1      3        #BFMA   ADDARC  BFMA ADD222 11

Use the JOB n command to set the current job.

Example 3:

  JOB 7676

Use the LIST n command to display pages from the current job to the screen.

Example 4:

  LIST 1

 ABCompany AUDITLOG Report Date Produced: 05-Jun-2003 at 06:38 AM Criteria:2003-06-04 00:00 to 2003-06-05 23:59 Subvol:$DATAD.BFMADAT Oper:LOGON, ------------------------------------------------------------------------------ F 2003-06-04 08:12:31 Subsystem: \LA.SAFEGUARD Alerted: N   Subject User: 222,210 ABCO.LEE   Term: \LA.$VHS             Process: \LA.$X5PX   Op: AUTHENTICATE    Object: USER ABCO.LEE   Result: WRONG-PASSWORD Wrong-password Authenticate to User ABCO.LEE

BATCHCOM

The BATCHCOM program is used to manage the NetBatch subsystem. To start the BATCHCOM program:

Syntax:

  BATCHCOM

The NetBatch command interpreter will be a number and close bracket "n}".

Example 1:

  BATCHCOM

Use the STATUS JOB command to display a list of jobs.

Example 2:

  STATUS JOB *

 JOB STATUS JOB JOBNAME                   USERID  LOG  STATE     CLASSNAME ---------------------------------------------------------------    1 AUTOBACKUP               255,255 2264 04JUL03   DEFAULT    5 INCREMENTAL-BACKUP       255,255 2232 18:00:00  DEFAULT   29 SETTIME                  255,255 2518 01JUL03   DEFAULT   45 NIGHTLY-MAINTENANCE      222,250 2504 01JUL03   DEFAULT 2746 QED-ARCH-TST             222,210 2486 20:00:00  DEFAULT 2747 QED-ARCH-TDEL            222,210 2491 23:00:00  DEFAULT 2894 QED-ARCH-STEVE           222,9   2481 19:00:00  DEFAULT 2895 QED-ARCHDEL-STEVE        222,9   2498 23:30:00  DEFAULT 3183 BFMA-ADD-ARC             222,11  2513 01JUL03   DEFAULT 3184 BFMA-DEL-ARC             222,11  2520 01JUL03   DEFAULT 3246 SW20030610092752-COLLECT 222,233 2459 09:30:00  DEFAULT 3301 TESTJOB                  222,8   1879 06JUL03   DEFAULT

Use the INFO JOB command to details about a job.

Example 3:

  INFO JOB 1

 JOB ATTRIBUTES for AUTOBACKUP                       jobnumber: 1                          volume: \LA.$SYSTEM.OPER, "NUNU"                              in: \LA.$SYSTEM.OPERBACK.LABACK                             out: \LA.$S.#BACKUP.RUNLOG                executor-program: \LA.$SYSTEM.SYSTEM.TACL                             pfs: 0                             pri: 10                          selpri: 3                   maxprintlines: None                   maxprintpages: None                           class: DEFAULT                            hold: Off                         restart: On                           stall: Off                   stop-on-abend: Off                        calendar: \LA.$SYSTEM.SYSBATCH.LAFBACKC                         highpin: Off                          submit: 23JUN99 08:46:04                           alter: 03FEB03 10:46:41                            user: 255,255                    next-runtime: 04JUL03 18:00:00