Conference koolit::vms_curriculum

    Are the sections here labelled 'PHASES OF STARTUP', 'SPECIFYING THE
    SYSTEM CONFIGURATION', 'STARTING UP MULTIPROCESSOR SYSTEMS', and
    'SHUTDOWN' duplications of the sections in Chapter 14 of SysNet I with the
    same name and all the same subsection names?  If so, I don't believe
    review this detailed will be useful.  Since the estimation of the
    marketing folks is that people will tend to take Sysnet I and II con-
    secutively, this redundancy will not escape the students!
    
    Mark Thorne

    	A draft of the twelfth Sysnet II chapter entitled:

    		Maintaining System Security

    		is available for review in:

    	SUPER::ES$REVIEW:[SYSNET_II]SYSNETII_CHAP12.PS

    			Wendy

    Omissions 	- prefixed [O]
    Nits	- prefixed [N]
    Typos 	- prefixed [T] 
    
    Page	Comment
    -------------------
    1-3		[O] bullet 2: responsibilities VAXcluster ->
    			      responsibilities of VAXcluster ?
    
    1-6		Bullet 5: wasn't sure whether the file name
    		was intended to be SYSUAF.DAT or SYSUAF.LIS -
    		as printed. How would a System Manager be expected
    		to use SYSUAF.LIS? Might be printed (NOT on a
    		public printer). Might be left in a directory - why?
    		Don't know - I'm pondering aloud (allowed is it?)
    		Certainly the file would collect a WORLD READ access
    		by default on most systems I know.
    
    1-8		[O] Line 2: of file -> of the file
    
    1-13a	[O] Line 5: has be -> has to be
    
    1-22	Example 1-2: The different case of the messages
    		after RETURN - was that intentional?
    
    1-24	[O] The table makes references to ACL and identifier
    		SMITH but there are no ACLs shown. Am I missing something?
    
    1-29a	[T] subhead 3. resourse -> resource (phonetically sound,
    		if you don't mind the pun!)
    
    1-32a	[T] Line 14: command id the -> command in the
    
    1-33a	[N] How does one stop the quirky spacing indulged in
    		by VAX DOCUMENT in the second paragraph on this page?
    
    1-34a	[T] Line 4: system users is -> system user is
    
    1-37	[O] Summary: What Summary?

                       Chapter 12
               Maintaining system security


1-7 I really think cluster security will go in one ear and out the cluster
since we havent covered how to build a cluster yet

1-12 1. TTY_DEFCHAR2 (*Put something in instructor notes about this.)

1-14 You are using the sysgen utility here, but in Chapter 10 (customization)
you didnt show them sysgen, you only show them sysgen thru sysman. Be
consistent and continue to use sysman here, or put sysgen examples along with
sysman in chapter 10.

1-15 This si a great example and explaination. Now I finally understand it!!

1-28ince this chapter is security, maybe we should have ACL's in here.  We
mention them again, but not how to set them up.  Bad idea.

1-30 I'm glad you cover this here and not with Authorize in sysnetI.

1-35 Make an instructor note on Devour and what it means.

Wendy Mullenhoff

	Maintaining System Security

Introduction	Second bullet - wording is poor - what exactly do
		you mean?

Objectives	Second bullet - Where was this talked about within
		the chapter?
		Fourth bullet - Where did you actualy restrict a users
		quota?
		Quite a few pages were in regards to passwords.  Maybe 
		list an objective for passwords.

1-7		The first sentence "A VAXcluster system is a single
		management domain."  Not always true.

1-8		Might want to let the customer know that these are system
		overhead.

1-12		Would be nice to let the student know what TTY_DEFCHAR2
		is.

1-13		Tell the student what $SETUAI is.

1-14		I'm not sure what the example actually does in regards to the
		information printed on this page.

1-15		Not knowing this information, therefore being a student,
		I really don't know what you are talking about on this
		page.  Alot of pieces evidently but please tie them 
		together. Thanks.

1-16		Might be better to move this page after page 12.

1-22		What about showing the SHOW INTRUSTION command and also
		how to delete an entry?

1-35		Increase the print size.

1-36		Increase the print size.
		Have a list of the Dangerous privileges.  They always ask
		for this.

Lynn White
Washington D.C.

    
    	The two week time period for reviews is over.
    
    	Any comments entered after this note will be considered, time
    permitting.
    
    			Wendy

Thank you for all of your excellent comments. Most of the comments have been
implemented with a few exceptions. The end of this note is in response to
the comments that were not included. 

A new version of the chapter has been copied to the review directory. 

	SUPER::ES$REVIEW:[SYSNET_II]SYSNETII_CHAP12.PS

Feel free to make comments, but be aware that any comments made from this date 
on will only be considered after the pilot.

Thanks,
Bonnie Morgan

----------------------------------------
re: 85.4  - TEACH::WENDY

1-28 Since this chapter is security, maybe we should have ACL's in here.  We
mention them again, but not how to set them up.  Bad idea.

Reason for not making the change:

It was a necessary decision to move ACLs out to the System and Network Mgr III
due to the amount of material that needed to be covered in this course.
After the pilot, we may review this decision when we see how the material 
flows and how long it takes to teach this course.

---------------------------------------
re: 85.5  - TEACH::LYNN                                           

1-36		Increase the print size.
		Have a list of the Dangerous privileges.  They always ask
		for this.

Reason for not making the change:

Some work has been done on this section. Please let me know if there is more
information that you feel is needed in this section.

This reply is limited to technical errors only.  I'll refrain from making
comments one way or the other about content, style, etc....

Module 8 (Maintaining System Security) in SYSNET II

p. 8-39		This example for breaking into a system will NOT work if
		SYSTARTUP_V5.COM (or any procedure called from it) creates
		the SYSUAF logical name.

See the following attachment for two breakin methods that WILL work no matter
what has been put into place by the system manager.  NOTE: The second method 
does NOT invoke STARTUP.COM; therefore, you have NO logical names.



				Susan


_______________________________________________________________________________






                                EMERGENCY BREAKIN



First Method:

Halt the processor and boot conversationally.  The specific method for doing 
that will be processor specific.  Set the system parameter that points to an 
alternate SYSUAF.DAT file to true (1).  Also set a minimum bootstrap.  You 
will have an open system when the boot sequence is complete and will be able 
to log into a privileged account on OPA0:.

NOTE:  Since you specified a minimum boot, you will not invoke your 
site-specific startup procedures.  (No user disks will be mounted, etc.)

	SYSBOOT> SET UAFALTERNATE 1
	SYSBOOT> SET STARTUP_P1 "MIN"
	SYSBOOT> CONT


Log onto the system on OPA0: with any username and password.  Before you run 
the Authorize Utility, be sure to deassign the logical name of SYSUAF.

	$ SHOW LOGICAL SYSUAF
	$ DEASSIGN/SYSTEM/EXEC SYSUAF

	$ SET DEFAULT SYS$SYSTEM
	$ RUN AUTHORIZE
	UAF> MODIFY SYSTEM/PASS=IFORGOT
	UAF> EXIT


After you have modified the User Authorization File, run SYSGEN and reset the 
value of UAFALTERNATE to false (0) and reset STARTUP.  Otherwise, you will 
have an open system and a minimum system again when you shut down and re-boot.

	$ RUN SYS$SYSTEM:SYSGEN
	SYSGEN> USE CURRENT
	SYSGEN> SET UAFALTERNATE 0
	SYSBOOT> SET STARTUP_P1 ""
	SYSGEN> WRITE CURRENT
	SYSGEN> EXIT

	$ @SYS$SYSTEM:SHUTDOWN		!Select Auto Reboot




Second Method:

Halt the processor and boot conversationally.  Set your STARTUP file to 
be OPA0:

NOTE:  STARTUP.COM will not be invoked nor will any of your site-specific 
startup procedures.  You will not have any logical names available to you 
and you will not be able to execute any shareable images (ie AUTHORIZE.EXE).

	SYSBOOT> SET/STARTUP OPA0:
	SYSBOOT> CONT


When you see the message on OPA0: that says it is okay to enter commands:

	$ SET NOON
	$ SPAWN
	$ SPAWN
	$ SET DEFAULT ddcu:[VMS$COMMON.SYSEXE]	!Where ddcu is your System Disk
	$ DIR *STARTUP*		!If STARTUP.COM is found, invoke it.
	$ @STARTUP		

NOTE:  If STARTUP.COM is not in the common area, find it....


Reset the Startup file in SYSGEN:

	$ MC SYSGEN
	SYSGEN> USE CURRENT
	SYSGEN> SET/STARTUP "SYS$SYSTEM:STARTUP.COM"
	SYSGEN> WRITE CURRENT
	SYSGEN> EXIT

    This may not be the place to ask this but I have to show my ignorance
    here and give it a shot.
    
    I have questions on some of the statements in the book.  I hope some of
    you that have taught System Management more than I have (twice for me)
    will have the answers.
    
    Page 8-15  Mentions the sysgen parameters TTY_OWNER and TTY_PROT.
    
    The student guide says that "By default, all terminals have the owner
    specified by the system parameter TTY_OWNER and the protection
    specified by the system parameter TTY_PROT."
    
    When I look at these sysgen parameters, the values are 65540 and 65520,
    respectively.  (I realize they may be different on other systems.)
    
    How are you guys explain this statement in the student guide?  I know I
    am probably showing my ignorance here but I am stumped.
    
    Hope someone can clear this up for me.  If this is not the place for
    these questions, let me know where I should be entering them.
    
    Thanks much,
    
    Dee
    
    

    Since I am still prepping, I will ask another question. 
    
    Page 8-17   Talks about the sysgen parameter LGI_BRK_TERM and suggests
    if you are using terminal servers, that you might want to set this
    parameter to 0 (default is 1).
    
    What DCL command display does this change?  I changed the sysgen
    parameter and expected the Show Users/full command to only reflect the
    username and not have the LAT associated with it.  This did not happen. 
    Can someone give me an idea to use as an example for class?
    
    Dee

    
    How are you guys explaining page 8-26 the refers to
    
    Group mailbox logical names
    Group global section names
    Comment event flag clusters
    
    When I sat this class, we skipped this page.  
    In this class, so far, we have not even discussed much about processes
    and memory management.....how are some of you explaining data
    structures?
    
    Thanks again,
    
    Dee

     SYSGEN> SHOW TTY_PROT

     Parameter Name  Current  Default  Min.     Max.     Unit  Dynamic
     --------------  -------  -------  -------  -------  ----  -------
     TTY_PROT          65520    65520       0        -1 Protection

     Show device shows...

     Dev Prot                S:RWLP,O:,G:,W:

     Break down TTY_PROT to binary and the protection mask is read
     from Right to Left.  65520 is FFF0 in hex and is 1111111111110000 
     in Binary.  Please note that the '1' means that user is DENIED
     that access, so...
        
      World    Group   Owner   System
      -------|-------|-------|-------
      P L W R P L W R P L W R P L W R      
      1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 

      ...means that only system process can access the device by default.

  Hope this helps...

  $

    re .10  As far as I know, the only command where you'll see a
    difference is SHOW INTRUSION. 
    
    The SHOW INTRUSION example in that chapter doesn't list any LAT
    terminals, but you should be able to generate some login failures
    on your own system & look at the SHOW INTRUSION output.
    
    					Val

  re: .10 (page 8-17)  

   If LGI_BRK_TERM is set to 0 then it only records the Username used as the
   primary 'check' to see if someone is breaking into your system.  If only
   'hard' lines are used, like TXA1, TTB5, then if someone was dialing in
   the terminal number is always the same, thus Terminal/Username pair will
   match during the breaking attempt.  

   However, if someone is using a LAT connecting to the system, each time
   they reconnect to try and break in, the Terminal/Username pair will NOT
   match and the security routines will not think this is the 4th, 5th, or
   greater attempt at breaking in, since it is obviously a different line.
   With LATs we aren't concerned about which terminal line they are using,
   since it changes each time, just the Username.
  
  $

    Re  .10 and .14
    
    Since VMS 5.2(?), the intrusion database records the server name and
    port number, not the LTAnnn number.
    
    So with LGI_BRK_TERM at its default value of 1, we still get a unique
    terminal identified in a $SHOW INTRUSIONS display.  Some sites prefer 
    this as it identifies the physical location of the attempted breakin, and
    others are just concerned that they are "under attack", albeit from any
    terminal, so they set LGI_BRK_TERM to 0.
    
    Hope this helps...

    FYI:
    To delete a line in the intrusion, you must follow case of the object
    when you type it in.  We had to pay with that a while until some
    one stumbled onto it.

    Chuck    
    

    Page 8-28  I still would like to have the ACCOUT field = the Group
    
    UIC field in these examples.   We have to take the time to explain
    
    why they do not match and how [admin,smith] is developed.
    
    
    Page 9-4  Please add some other nodes to the Show network (for the
    routing node).  Make these notes more than 1 hop away.  If we have
    this we can build a map on the board of how the network is layed
    out.  I added 2 nodes to this for the students:
    
    	node		cost hops	next hop to node
    
    powers		 10    3	una-0	    rael
    jim			  9    2        una-0	    rael
    
    If I add this to what we have we can now develop the following on
    the board explaining hops and cost and how they are physically 
    layed out.  This diagram could go on page 9-4a if it is worthy
    
    
    
    |--------------------------------------------------------------------|
                |  /|\                  |                       |
    		|   |			|			|
    		| cost=8    		|			|
    	------------------   ----------------------   ------------------
        |    una-0       |   |                    |   |                |
        |   arakis       |   |       rael         |   |     aurora     |
        |                |   |                    |   |                |
        ------------------   ----------------------   ------------------
                                        | cost = 1
                                        |   |
                                        |  \|/
                             ----------------------
    		             |                    |
                             |        jim         |
                             |                    |
    			     ----------------------
    				        | cost = 1
    				        |   |
                                        |  \|/
    			     ----------------------
    			     |                    |
    			     |      powers        |
    			     |                    |
    			     ----------------------
    
                                                                 
    
    Doing the above gives them some idea of what they are looking at
    and a way to visualize it.  
          
    also Cost can be 1-63 and  Ethernet default is cost = 3
     this can go on the ins. page also.
    
    Page 9-6  "0 if the network is not divided into areas"  I am not
    a network person but I had not seen this before and question it/
    Is there anyone who knows for sure if this is correct.
    
    	nnnn is from 1 to 1023 not 1024.
    
    page 9-12 Could you put a note on the "a" page to explain 
    
    	Clear node Zodiac all
    
    What I am interested in is the "all".  I could not find "clear"
    in the s.m. Manual
    
    Chuck

  Good idea, but I'd suggest the diagram have DEFAULT costs displayed and
  allow the instructors to discuss changing from the default costs if it
  seems appropriate for the class.
  
  $