 |
Index for Section 8 |
|
 |
Alphabetical listing for X |
|
XIsso(8)
NAME
XIsso - Windows interface for audit, default account parameters, and device
assignments (Enhanced Security)
SYNOPSIS
/usr/tcb/bin/XIsso
DESCRIPTION
Note
The functions performed with the XIsso program have been moved to
other GUIs. The XIsso program in this release is an interface to
the old /usr/tcb/bin/dxaccounts program. Support for XIsso will
be discontinued after this release.
Use the /usr/tcb/bin/dxaudit program to perform the audit
functions documented in this reference page. The dxaudit program
can be run in the default CDE (Common Desktop Environment) as
well as the optional DECwindows environment. See the dxaudit(8X)
reference page for more information.
The account functions documented in this reference page are
performed in CDE using the Account Manager program found under
Application Manager --> System Management Utilities. See the
Account Manager's online help for more information.
If you are using the DECwindows environment, use the new
/usr/bin/X11/dxaccounts program (this is actually the Account
Manager) to perform the accounts functions documented in this
reference page. See the dxaccounts(8X) reference page and the
Account Manager's online help for more information.
Use the /usr/tcb/bin/dxdevices program to perform the device
functions documented in this reference page. The dxdevices
program can be run in the default CDE (Common Desktop
Environment) as well as the optional DECwindows environment. See
the dxdevices(8X) reference page for more information.
The XIsso program is a windowed interface that provides the capabilities to
administer the audit, default account parameters, and device subsystems
(the Information System Security Officer role functions). To use the XIsso
program you need to log in as root.
Audit
You must start, setup, and stop auditing from the command line. See the
auditd(8) and auditmask(8) reference pages for details. The functions
supported by the main Audit menu are as follows:
Modify Selection Files
This screen allows the administrator to create, modify, or delete
selection files. Selection files contain parameters that indicate how
audit records are selected from the raw audit trail during report
generation. The selection parameters include things like time interval,
audit events, and user ID. Any audit record matching the selection
criteria is displayed.
Modify Deselection Files
This screen allows the administrator to create, modify, or delete
deselection files. A deselection file consists of tuples. The tuple is
comprised of a host, audit ID, real UID, event, file pathname, and
access mode. A deselection file can be used to further reduce audit
records when generating reports. It can be used in combination with a
selection file. Any audit record matching the deselection criteria is
filtered out from the report stream.
Generate Reports
This screen allows the administrator to view an audit report. A
selection file, a deselection file, and an audit log can be selected to
generate a report. Output options include generating a report to a
file, to a series of files sorted by audit ID, to a window on the
screen, or if audit is currently enabled, to follow the current
activity. Report records can be in brief format or long format. If in
brief format, the administrator can double click on the record and get a
pop-up of the long format.
Accounts
The XIsso program controls the authentication subsystem. The ISSO is
generally responsible for setting the system-wide default account
parameters and modifying the account parameters of all non-ISSO users.
The functions supported by the main Accounts menu are as follows:
Modify User Account
Allows you to select a non-ISSO account and to modify the account
parameters. These parameters override any system-wide defaults that you
have specified. You can select
the groups that the user can belong to, the login control parameters,
the audit events, and the password parameters.
Modify User Account Template
Allows you to modify any user account template. Account templates can
be created to specify account attributes for many user accounts. The
system default template, SYS_DFLT, is always present.
Devices
The XIsso program provides control over the device assignment database and
the terminal control database. The ISSO is generally responsible for
setting the system-wide default device parameters and modifying the device
and terminal parameters of all devices.
The functions supported by the main Devices menu are as follows:
Modify/Create Device
Allows you to select a device and to create or modify the device
parameters. These parameters override any system-wide defaults that you
have specified. Currently terminals can be added to your secure
configuration. (Printers and removable devices can be added or modified
with the XIsso interface, but the operating system only deals with
terminals.)
Defaults
Allows you to specify the system-wide default device control parameters.
Resources
*auditMaxMemoryPages
This resource specifies the maximum number of 256-kilobyte pages that
are allocated by XIsso when receiving report data from the audit_tool
command. Once this threshold is reached, XIsso discards the oldest data
page to make room for new data. The default value is 20. This means
that up to 5 megabytes of report data is accessible at any one time
while viewing a report.
If the Brief Report mode is selected, less data is available because
XIsso stores both the brief and the full records to expand a brief
format into a long format. This memory is freed after each report is
finished, so it is not a cumulative amount.
FILES
/usr/tcb/bin/XIsso
Specifies the command path.
/usr/lib/X11/app-defaults/XIsso
Resource file.
/etc/auth/system/default
System Default database.
/etc/auth/system/ttys
Terminal Control database.
/etc/auth/system/devassign
Device Assignment database.
/tcb/files/auth/[a-z]/*
Protected Password database.
/usr/lib/X11/help/xif.decw_book
Bookreader help file.
/etc/sec/site_events
Site-specific audit events.
/etc/sec/event_aliases
Audit event alias specification file.
/var/tcb/audit/selection
Directory containing the audit selection files.
/var/tcb/audit/deselection
Directory containing the audit deselection files.
/var/tcb/audit/base_events
Base system audit events.
RELATED INFORMATION
Commands:dxaccounts(8X), dxaudit(8X), dxdevices(8X), auditd(8), audgen(8),
audit_setup(8), audit_tool(8), auditmask(8), secsetup(8), XSysAdmin(8)
Security