NETBATCH Subsystem


The NetBatch automates job scheduling, startup, and management on NonStop server systems to provide a method to manage automated job cycles.

The components of the NETBATCH subsystem are:

NETBATCH

BATCHCAL

BATCHCOM

BATCHCTL

BATCHIMU

BATCHLIB

BATCHUTL

NBEXEC

NetBatch Plus Pathway Application Interface

ATTACHMENT-SET

NETBATCH must be installed and started prior to using the NETBATCH subsystem. By default, the NETBATCH process runs non-stop as the named process $ZBAT. The following type of functions can be performed:

Running a job at a specified date/time

Running a job on a cyclical schedule; daily, weekly, or monthly

Running a job dependent upon completion of other jobs

Running a job based upon the outcome of other jobs

Running a job based on a calendar file

RISK NETBATCH provides a method for starting processes on the HP Non- Stop server system. Once a job is defined to NETBATCH, it is started according to the defined schedule without any additional terminal interaction.

RISK Jobs could be setup via NETBATCH that could damage the system integrity for some future date, even for a user that no longer exists.

RISK Jobs start automatically and possibly unexpectedly, based upon the parameters used in the job setup, and not necessarily current information. For instance, a NETBATCH job setup to start at 8:00 PM, starts regardless of the fact that a CPU might be down and causing system performance problems. Jobs are not released by operators.

RISK Once jobs are added to NETBATCH, they must be deleted to preclude subsequent processing.

NETBATCH

The NETBATCH program is the scheduler component. It schedules and starts the jobs, tracks and controls their execution, and records details of their termination. It also controls, through its classes and executors , the distribution of jobs among CPUs in the system.

BATCHCOM

BATCHCOM is NETBATCH's command interpreter. BATCHCOM enables interactive and non-interactive manipulation of commands for jobs to the scheduler, the scheduler's executors and classes, and attachment sets of jobs.

BATCHCAL

BATCHCAL is the NETBATCH calendar maintenance program. This program allows generation of a calendar file containing a series of dates and times called run times. Schedule a job to run automatically at those times by using the CALENDAR attribute to assign the file to the job. Old calendar files can also be updated or displayed.

BATCHCTL

The BATCHCTL file stores control information for the NETBATCH subsystem. Shutting down a scheduler results in the closure of its database files and log file and the status is stored in the BATCHCTL file so it can restart.

The scheduler keeps details of its configuration at shutdown in its BATCHCTL file for use during a warm start.

NBEXEC

NBEXEC is executor program started by NETBATCH to executes control file commands, supplies data to started processes, and logs process output. NBEXEC can run as a process pair and offers a simple job control language that includes error-testing and job-recovery facilities.

NetBatch Plus

NetBatch Plus is an optional Pathway application that is a screen-driven interface for managing NetBatch jobs. If NetBatch Plus is installed, the Pathway application should be secured as a secure application.

AP-SAFE-NETBATCH-01 Add a Safeguard Protection Record to grant appropriate access to the NetBatch Plus Pathway application equivalent to the Guardian file security listed below.

ATTACHMENT-SETs

An ATTACHMENT-SET is a named entity containing ASSIGN, DEFINE, and PARAM statements. This information is used as input to a job within NETBATCH.

See Securing Applications Chapter for more information on ASSIGNs, DEFINEs, and PARAMs.

Securing NETBATCH Components

BP-FILE-NETBATCH-01 BATCHCOM should be secured "UUNU".

BP-OPSYS-OWNER-02 BATCHCOM should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 BATCHCOM must reside in $SYSTEM.SYSTEM.

BP-FILE-NETBATCH-02 BATCHCAL should be secured "UUNU".

BP-OPSYS-OWNER-02 BATCHCAL should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 BATCHCAL must reside in $SYSTEM.SYSTEM.

BP-FILE-NETBATCH-03 BATCHCTL should be secured "NUUU".

BP-OPSYS-OWNER-02 BATCHCTL should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 BATCHCTL must reside in $SYSTEM.SYSTEM.

BP-FILE-NETBATCH-04 BATCHIMU should be secured "NUUU".

BP-OPSYS-OWNER-02 BATCHIMU should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 BATCHIMU must reside in $SYSTEM.SYSTEM.

BP-FILE-NETBATCH-05 BATCHLIB should be secured "UUNU".

BP-OPSYS-OWNER-02 BATCHLIB should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 BATCHLIB must reside in $SYSTEM.SYSTEM.

BP-FILE-NETBATCH-06 BATCHUTL should be secured "UUNU".

BP-OPSYS-OWNER-02 BATCHUTL should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 BATCHUTL must reside in $SYSTEM.SYSTEM.

BP-FILE-NETBATCH-07 NBEXEC should be secured "UUNU".

BP-OPSYS-OWNER-02 NBEXEC should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 NBEXEC must reside in $SYSTEM.SYSTEM.

BP-PROCESS-NETBATCH-01 $ZBAT process should be running.

BP-FILE-NETBATCH-08 NETBATCH should be secured "UUNU".

BP-OPSYS-LICENSE-01 NETBATCH is licensed.

BP-OPSYS-OWNER-02 NETBATCH should be owned by SUPER.SUPER.

BP-OPSYS-FILELOC-02 NETBATCH must reside in $SYSTEM.SYSTEM.

If available, use Safeguard software or a third party object security product to grant access to NETBATCH subsystem object files only to users who require access in order to perform their jobs.

BP-SAFE-NETBATCH-01 Add a Safeguard Protection Record to grant appropriate access to the BATCHCOM object file.

BP-SAFE-NETBATCH-02 Add a Safeguard Protection Record to grant appropriate access to the NETBATCH object file.

Discovery Questions

Look here:

PROCESS-NETBATCH-01

Is the $ZBAT process running?

Status

FILE-POLICY

Is NETBATCH being used as the batch job interface? Is $ZBAT running?

Policy

OPSYS-OWNER-02

Who owns the BATCHCOM object files?

Fileinfo

OPSYS-OWNER-02

Who owns the BATCHCAL object files?

Fileinfo

OPSYS-OWNER-02

Who owns the BATCHCTL object files?

Fileinfo

OPSYS-OWNER-02

Who owns the BATCHIMU object files?

Fileinfo

OPSYS-OWNER-02

Who owns the BATCHLIB object files?

Fileinfo

OPSYS-OWNER-02

Who owns the BATCHUTL object files?

Fileinfo

OPSYS-OWNER-02

Who owns the NBEXEC object files?

Fileinfo

OPSYS-OWNER-02

Who owns the NETBATCH object files?

Fileinfo

OPSYS-LICENSE-02

Is the NETBATCH object file licensed?

Fileinfo

FILE-POLICY

Who is allowed to execute BATCHCOM on the system?

Policy

FILE-NETBATCH-01 SAFE-NETBATCH-01

Is the BATCHCOM object file correctly secured with the Guardian or Safeguard system?

Fileinfo Safecom

FILE-NETBATCH-02

Is the BATCHCAL object file secured correctly?

Fileinfo

FILE-NETBATCH-03

Is the BATCHCTL object file secured correctly?

Fileinfo

FILE-NETBATCH-04

Is the BATCHIMU object file secured correctly?

Fileinfo

FILE-NETBATCH-05

Is the BATCHLIB object file secured correctly?

Fileinfo

FILE-NETBATCH-06

Is the BATCHUTL object file secured correctly?

Fileinfo

FILE-NETBATCH-07

Is the NBEXEC object file secured correctly?

Fileinfo

FILE-NETBATCH-08 SAFE-NETBATCH-02

Is the NETBATCH object file correctly secured with the Guardian or Safeguard system?

Fileinfo Safecom




HP NonStop Server Security 2004
HP NonStop Server Security 2004
ISBN: 159059035X
EAN: N/A
Year: 2004
Pages: 157

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net