The CMON program is not an HP-supplied process, however, no system should run without a $CMON process. When a $CMON process is present on the system messages are sent to the $CMON process to verify logon requests and process start requests .
If the $CMON message does not block the action or the wait for $CMON does not exceed the timeout parameter, processing continues. If the $CMON process returns a message blocking the action, the action is denied and an error is returned to whomever originated the action.
The $CMON process can perform many functions for both security reasons and performance reasons, such as:
Control the CPU and priority of the request
Control who can logon to a port
Verify a userid 's ability to run a requested program
Log the request
RISK If a $CMON is not present, an unauthorized $CMON can be added to the system. This $CMON might merely monitor system activity, but it could be designed with malicious intent.
RISK A 'malicious' $CMON could deny service entirely or force processes into the most inefficient mode in order to slow service, costing both user time and system resources.
RISK If an authorized $CMON is present and the process is not properly secured, the process can be stopped or debugged by an unauthorized party, causing timeout problems during the period when the process is unavailable.
RISK If unauthorized users are able to stop $CMON, it could be stopped and an unauthorized version started in its place.
The CMON program is either customer-written or provided by a third-party vendor.
AP-ADVICE-CMON-01 The object file should not reside in $SYSTEM.SYSTEM or $SYSTEM. SYSnn.
RISK Because CMON is not an HP NonStop server product; it must be tested with each new Operating System version to ensure that changes to TACL functionality do not cause it to be unable to interact correctly with CMON.
Each company should have procedures and utilities in place to both monitor the presence of $CMON and restart it automatically if it stops unexpectedly.
RISK When CMON is relied upon to rule on logon attempts and process starts, its continuous availability is imperative.
With a third party CMON product:
3P-PROCESS-CMON-01 Use a third party CMON product to perform the following functions:
The CMON program should provide an audit trail detailing its activity
Audit results can be researched and unauthorized access attempts can be captured for reviewed
CMON can deny access to certain ports
CMON can set inactivity timeouts on TACLs
Without a third party CMON product:
AP-ADVICE-CMON-02 Ensure that the source code for the CMON object file is secured appropriately to only those users responsible for making updates and performing compilations of the CMON program.
AP-ADVICE-CMON-03 Perform audit reviews of the CMON source code to verify functionality and correctness.
AP-ADVICE-CMON-04 Put procedures in place to keep CMON up-to-date with new Operating System releases.
If the CMON does not support the TACLCONF message, TACL must be configured to effectively work with CMON.
The following parameters must be bound into TACL for communication with CMON. See TACL later in the Gazette for more information on bound parameters.
RISK The TACL program resides in the $SYSTEM.SYSnn subvolume and is replaced with each new operating system upgrade. The parameters must be bound after each operating system upgrade or they will not be applied.
Safeguard software must be configured to effectively work with CMON. The following Safeguard globals must be set for communication with CMON.
BP-SAFEGARD-GLOBAL-50 The CMON parameter must be ON if CMON is installed on the system.
BP-SAFEGARD-GLOBAL-51 The CMONERROR parameter should be ACCEPT if CMON is installed on the system.
BP-SAFEGARD-GLOBAL-52 The CMONTIMEOUT parameter value depends on the speed of the system. For example, CMONTIMEOUT 30 seconds.
AP-ADVICE-CMON-04 Even if CMON isn't installed on the system, create a Safeguard PROCESS Protection Record to prevent anyone starting a process named $CMON.
BP-CMON-PROCESS-01 A $CMON process should running.
BP-FILE-CMON-01 CMON should be secured "UUUU".
BP-OPSYS-OWNER-03 CMON object file should be owned by the CMON administrator.
BP-OPSYS-FILELOC-03 CMON object file resides in $<vol>.<svol>
Is a $CMON process running on the system?
If $CMON is running, is TACLCONF configured to communicate with it?
If $CMON is running, is Safeguard software configured to communicate with it?
Who is authorized to start and stop the $CMON process?
Where is the object file for the $CMON process located?
Is CMON owned by the CMON administrator?
Is the CMON object file secured correctly?