ETrust Access Control For UNIX And Linux Utilities Guide
eTrust Access Control for UNIXand Linux Utilities Guider8 SP1
This documentation and any related computer software help programs (hereinafter referred to as the“Documentation”) is for the end user’s informational purposes only and is subject to change or withdrawal by CA atany time.This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or inpart, without the prior written consent of CA. This Documentation is confidential and proprietary information of CAand protected by the copyright laws of the United States and international treaties.Notwithstanding the foregoing, licensed users may print a reasonable number of copies of the documentation fortheir own internal use, and may make one copy of the related software as reasonably required for back-up anddisaster recovery purposes, provided that all CA copyright notices and legends are affixed to each reproduced copy.Only authorized employees, consultants, or agents of the user who are bound by the provisions of the license forthe product are permitted to have access to such copies.The right to print copies of the documentation and to make a copy of the related software is limited to the periodduring which the applicable license for the Product remains in full force and effect. Should the license terminate forany reason, it shall be the user’s responsibility to certify in writing to CA that all copies and partial copies of theDocumentation have been returned to CA or destroyed.EXCEPT AS OTHERWISE STATED IN THE APPLICABLE LICENSE AGREEMENT, TO THE EXTENT PERMITTED BYAPPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDINGWITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSEOR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANYLOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUTLIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLYADVISED OF SUCH LOSS OR DAMAGE.The use of any product referenced in the Documentation is governed by the end user’s applicable licenseagreement.The manufacturer of this Documentation is CA.Provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to therestrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.2277014(b)(3), as applicable, or their successors.All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.Copyright 2006 CA. All rights reserved.
CA Product ReferencesThis document references the following CA products: eTrust Access Control (eTrust AC) eTrust Single Sign-On (eTrust SSO) eTrust Web Access Control (eTrust Web AC) eTrust CA-Top Secret eTrust CA-ACF2 eTrust Audit Unicenter TNG Unicenter Network and Systems Management (Unicenter NSM) Unicenter Software DeliveryContact Technical SupportFor online technical assistance and a complete list of locations, primary servicehours, and telephone numbers, contact Technical Support athttp://ca.com/support.
ContentsChapter 1: Utilities by Category9eTrust AC Utilities . 9Categories . 9User Utilities . 10Administrator Utilities . 11Installation Utilities . 13Support Utilities . 14Password Utilities . 14Daemons . 14Chapter 2: Utilities in Detail17ChangeEncryptionMethod . 17dbmgr . 17dbmgr -create Function—Create a Database . 18dbmgr -dump Function—Display Database Information . 20dbmgr -export Function—Create Script . 23dbmgr -migrate Function—Copy Data to a Flat File . 25dbmgr -util Function—Manage Existing Database. 27dbmgr -backup Function—Backup a Database . 29dbmgr -restore Function—Restore a Database . 29defclass . 30DictImport . 31dmsmgr. 31-create Function—Create a DMS or a DMA . 32-remove Function—Remove a DMS or a DMA . 33-cleanup Function—Remove Obsolete Nodes . 33eacpg gen . 34exporttngdb . 37issec . 38migopts . 39policydeploy . 40policyreport . 42seagent . 46seaudit . 47seauxd . 59sebuildla . 60sechkey . 65Contents v
seclassadm . 68secompas . 72secons . 74secrepsw . 85sedbpchk . 86seerrlog . 88segrace . 89segracex . 91seini . 93selang . 96seldapcred . 103seload . 104selock . 106selockcom . 112selogmix . 114selogrcd . 116selogrd . 118semsgtool . 133senable . 135senone. 137SEOS load . 138SEOS syscall . 139seosd . 140seostngd . 147seoswd . 150sepass . 153sepmd . 163Administering Subscribers . 164Truncating the Update File. 166Dual Control . 167Managing the Policy Model Log File . 169Other PMDB Administration . 170sepmdadm . 172sepmdd . 177sepropadm . 183sepurgdb. 185sereport . 186seretrust . 191serevu . 193sessfgate . 199sesu . 200sesudo . 202vi Utilities Guide
seuidpgm . 207seversion . 210sewhoami . 211uninstall eTrustAC. 212UxImport . 213Appendix A: Trace Messages217Conventions . 217Messages . 217Appendix B: The lang.ini File239lang.ini File Tokens . 240general . 240history . 241newres. 242newusr . 243properties . 244User-Defined Properties . 244The Definition Files. 244The Tokens File . 245The Attributes File . 246unix . 247Appendix C: String Matching249Wildcard Expressions . 249Wildcard Matching . 249Character Lists . 250Examples: Wildcard Matching . 251Index253Contents vii
Chapter 1: Utilities by CategoryThis section contains the following topics:eTrust AC Utilities (see page 9)Categories (see page 9)User Utilities (see page 10)Administrator Utilities (see page 11)Installation Utilities (see page 13)Support Utilities (see page 14)Password Utilities (see page 14)Daemons (see page 14)eTrust AC UtilitieseTrust AC has many utilities. As a convenient overview, this chapter classifiesthem by category. Some utilities are listed more than once. For a descriptionof the utilities arranged alphabetically, see the chapter “Utilities in Detail.”CategoriesThis chapter groups the eTrust AC utilities into the following categories: User utilities for typical users of the system Administrator utilities for administrators to manage and configureeTrust AC Installation utilities for product installation, system startup, or theremoval of eTrust AC from the system Support utilities for technical support Password utilities for replacing passwords Daemons for performing eTrust AC functionsUtilities by Category 9
User UtilitiesUser UtilitiesdefclassDefines basic Unicenter TNG asset types in each database and every newPMDB that is defined.exporttngdbMigrates the current Unicenter Security data into a local eTrust ACdatabase or PMDB.segraceDisplays various login and password settings for a user.segracexAllows user to replace an expired password.selockLocks the user's screen and displays a screen saver.selockcomControls the selock utility.senoneExecutes a shell as if it were invoked by a non eTrust AC user.sepassServes in place of the UNIX passwd and yppasswd commands.sesuServes in place of the UNIX su command.sesudoExecutes commands for one user with the permissions of another user.sewhoamiServes in place of the UNIX whoami command and reports the eTrust ACusername, which is harder to change than the UNIX username.10 Utilities Guide
Administrator UtilitiesAdministrator UtilitiesdbmgrCreates, manages, and maintains the eTrust AC database.dmsmgrCreates or removes a DMS or a DMA from an eTrust AC computer, ormaintains the DMS database to remove obsolete objects.eacpg genAutomatically generates eTrust AC control policies.ChangeEncryptionMethodChanges the encryption method of existing policy models.issecDisplays the eTrust AC security daemons' status.policydeployDeploys or removes a policy from a Policy Model hierarchy or on an eTrustAC end-point.policyreportGenerates offline (static) HTML reports based on information in a DMS.seauditDisplays selected data from the eTrust AC audit log.sebuildlaCreates a lookaside database.sechkeyChanges the encryption key for various eTrust AC programs.seclassadmAdds new classes to the eTrust AC database.seconsControls the eTrust AC daemons.secrepswCreates password file without shadowing.sedbpchkChecks the integrity of the eTrust AC database. Backs up the database ifthe database passes the check.Utilities by Category 11
Administrator UtilitiesseerrlogLists records in the eTrust AC error log.selangInvokes the selang command shell.seldapcredEncrypts and stores a provided credential for use by LDAP-enabled eTrustAC utilities (such as sebuildla) for retrieving data from an LDAP DirectoryInformation Tree (DIT). Together with the value of the ldap userdn tokenin the [seos] section of the seos.ini file, it lets the utility authenticate tothe LDAP service.selogmixSplits and merges audit files.semsgtoolMaintains, decodes, and creates eTrust AC message files.senableRe-enables a previously disabled user account.sepmdAdministers PMDBs.sepmdadmCreates PMDBs.sepurgdbPurges the eTrust AC database.sereportProvides reports-accessible from a web browser-of database and PolicyModel information.seretrustRetrusts untrusted programs.seversionDisplays the version information of an eTrust AC module.uninstall eTrustACRemoves eTrust AC from the station.12 Utilities Guide
Installation UtilitiesInstallation UtilitiesDictImportImports an external dictionary to the eTrust AC database for passwordchecks.exporttngdbMigrates the current Unicenter Security data into a local eTrust ACdatabase or PMDB.migoptsThe eTrust AC program run at installation that translates the currentUnicenter Security environment into the global settings of either a localeTrust AC database or PMDB.seloadThe utility that loads the eTrust AC extension to the UNIX kernel andexecutes the eTrust AC daemons.SEOS loadThe eTrust AC interception module loader for all stations except SunSolaris.SEOS syscallThe eTrust AC interception module.seostngdeTrust AC synchronization daemon (for Unicenter TNG).sepropadmThe administrator of eTrust AC database properties.seuidpgmThe extractor of the setuid programs in a UNIX file system.UxImportThe extractor of the user, group, and host information in a UNIX systemand, if installed, in NIS.uninstall eTrustACThe utility for removing eTrust AC from the station.Utilities by Category 13
Support UtilitiesSupport UtilitiessedbpchkChecks the integrity of the eTrust AC database, and if it passes, backs upthe database.seiniDisplays information about the eTrust AC database and initialization filesand sets the values of tokens in the initialization files.Password UtilitiessecompasCompares UNIX and eTrust AC passwords for all eTrust AC users.sepassServes in place of the UNIX passwd and yppasswd commands.DaemonsmfsdDaemon for mainframe synchronization.seagenteTrust AC agent daemon (the Agent).seauxdeTrust AC auxiliary daemon.selogrcdCollector daemon for the eTrust AC log routing system.selogrdTransmitter daemon for the eTrust AC log routing system.seosdeTrust AC authorization daemon (the Engine).seoswdeTrust AC watchdog daemon (the Watchdog).sepmddPolicy model daemon.14 Utilities Guide
DaemonsserevuDaemon for dealing with users who have committed too many loginfailures.sersvdDaemon enabling the Remote Status View (RSV).sessfgateDaemon to route reformatted Unicenter Security APIs through themessage queue to eTrust AC.Utilities by Category 15
Chapter 2: Utilities in DetailChangeEncryptionMethodChanges the encryption methods of policy models. Three encryption methodsare available. When you run this utility, you are asked to choose one of thefollowing encryption methods: AES (128bit, 192bit, or 256bit) DES TRIPLEDES SCRAMBLEAfter you choose the method, the utility searches for existing Policy Models inthe system, decrypts them by running "sepmd -de pmd name", and thenchanges the encryption method by linking libcrypt to the new shared library:libdes, libtripledes, or libscramble.Note: To run ChangeEncryptionMethod eTrust AC needs to be running. Tochange the encryption method, the utility asks you whether it can temporarilyshut down eTrust AC.dbmgrCreates, manages, and maintains the eTrust AC database files.Note: This utility replaces the following utilities from previous versions:dbdump, rdbdump, dbutil, secredb, sedb2scr, and semigrate.The dbmgr utility handles several tasks, each described separately in thissection: Creating a new database Generating reports on database records Creating a script that defines a database Copying data from a database to a flat file Managing and maintaining a databaseUtilities in Detail 17
dbmgrdbmgr -create Function—Create a DatabaseThe dbmgr -create function generates a new empty database. Use thisfunction only at installation time, or when you want to create a database orPMDB. eTrust AC creates the database in the current directory. When you rundbmgr with the -create function, it automatically adds a user called root, withthe ADMIN, AUDITOR, and IGN HOL attributes.Notes: Use this function only for creating a new database. If you want to add user-defined classes to the new database, first run theseclassadm utility after creating the new database. This utility saves dataabout the new classes in the registry file. However, before adding theclasses to the database, be sure the CreateNewClasses token (in the[seosdb] section of the seos.ini file) is set to the default value: yes.Syntaxdbmgr {-create -c} switch [option]Switches-cCreates a new database.-cqCreates a new database without a user prompt.-hLists the help screen.Options-dPrints database layout documentation. The output contains a fulldescription of the structure and property formats used in the database.You cannot use this option with the -v option.-f filenameDirects output to the specified file, instead of the standard outputdevice. You must include this option when working from the UNIX GUI.18 Utilities Guide
dbmgr-nSpecifies the location (full path) of the eTrust AC database to back up.When you are creating a new database, a basic class scheme isgenerated. When you are adding new classes to the database usingthe seclassadm utility, the class information is stored in a file in thedatabase directory. In order to back up a specific database with itsclass scheme (such as a policy model database), specify its locationwith the -n option. The user-defined class information is taken fromthat location. If you do not specify the -n option, the class informationfile is searched for in the local directory were the database is to becreated. If it is not found there, the file is taken from the active eTrustAC security database directory.-oAdds Unicenter TNG classes to an existing database.-t terminalNameCreates the specified terminals in the database and authorizes them tothe users specified with -u.-u userNamesCreates the specified users in the database and defines them asadministrators.-vDisables the progress messages. You cannot use this option with the-d option.-wCreates a new database that includes Unicenter TNG classes.FilesThe -create function uses the following files:seos.ini lang.ini seos new.clsUtilities in Detail 19
dbmgrdbmgr -dump Function—Display Database InformationThe dbmgr -dump function reports on the records in the database. If youinclude the -r switch, the function operates on the database currently beingused by the authorization daemon; otherwise, it operates on the databaselocated in the current directory. This function performs the followingoperations: Displays information for records of a specified class Displays information for a single record of a specified class Displays information for all records of a class, except a specified one Generates lists of classes and property definitions Generates a list of groups that a user belongs to Generates a list of records of a particular classSyntaxdbmgr {-dump -d} switches [options]Switches-rDisplays information about the database currently being used by theauthorization daemon.If you omit this switch, dbmgr displays information about the databasein the current directory.cLists the names of all classes defined in the database.d class property / dn class propertyDisplays the values of selected properties for all records of a class. Theclass parameter specifies the class. The property parameter specifiesthe list of properties whose values are to be displayed. To specify morethan one property, separate the property names with a space. To readthe property list from a file, replace property with an “at” sign (@)followed by the name of the file. Leave a space before the “at” sign.Each property must appear on a separate line. If you omit the propertyparameter, the values of all the properties are listed.If you specify the dn switch, properties with unknown values are notdisplayed.20 Utilities Guide
dbmgre class record property / en class record propertyDisplays the values of selected properties for all records of a classexcept for a single, specified record. The class parameter specifies theclass. The record parameter specifies the name of the record to omitfrom the list. The property parameter specifies the list of propertieswhose values are to be displayed. To specify more than one property,separate the property names with a space. To read the property listfrom a file, replace property with an “at” sign (@) followed directly(with no intervening space) by the name of the file. Each propertymust appear on a separate line. If you omit the property parameter,the values of all the properties are listed.If you specify the en switch, properties with unknown values are notdisplayed.fcLists all class information for all classes in the database.fp classLists all property information on properties of the specified class.g userLists the groups that the specified user is a member of.l classLists all the records in the specified class.o class record property / on class record propertyDisplays the values of selected properties for a single record of a class.The class parameter specifies the class. The record parameter specifiesthe record. The property parameter specifies the list of propertieswhose values are to be displayed. To specify more than one property,separate the property names with a space. To read the property listfrom a file, replace property with an “at” sign (@) followed directly(with no intervening space) by the name of the file. Each propertymust appear on a separate line. If you omit the property parameter,the values of all the properties are listed.If you specify the on switch, properties with unknown values are notdisplayed.p classLists the names of the properties of the specified class.Options-f filenameDirects output to the specified file, instead of the standard outputdevice. You must include this option when working from the UNIX GUI.Utilities in Detail 21
dbmgrFilesThe -dump function uses the database files, if these files are located in thecurrent directory. The -dump function also uses the seos.ini file.Notes:22 Utilities Guide Only technical support personnel should use this function. Specify only one switch with the -dump or -dump -r function. This function assumes that the seosd daemon is not running; you mustinvoke it from the directory where the database resides. If you use the -r switch, the seosd daemon must be running, and youmust have the ADMIN, AUDITOR, or SERVER attribute. To execute this function, you must have READ and WRITE permission onthe database files eTrustACdir/seosdb/seos * (where eTrustACdir is thedirectory in which you installed eTrust AC). By using the full year token, you can display the year in two or four digits.The default is “yes,” which means four digits.
dbmgrdbmgr -export Function—Create ScriptThe dbmgr -export function generates a script that consists of the selangcommands required to define an existing database. These commands arewritten to standard output. Use this function to replicate a database on otherstations.To write the generated commands to a file, use redirection. You can thencreate a new database from the file, by instructing selang to read thecommands from the file.Notes: Rather than piping the output from this function to selang, you shouldexamine the script before it executes. Using Policy Manager, you cannot export a database remotely.Syntaxdbmgr -export -e switch [option]Switches-lDumps the database in the current directory.-rDumps the database currently being used by seosd.Options-c className(s)Dumps the database for the specified class or classes. To use thisoption, you must precede it, in the same command line, with eitherthe -l or -r switch.-f filenameDirects output to the specified file, instead of the standard outputdevice. You must include this option when working from the UNIX GUI.FilesThe -export function uses the database files; it does not use the seos.inifile.Note: When you invoked this function with the -l switch, it assumes theeTrust AC daemons are not running. If the daemons are running, then itassumes you are operating on a different database from the one beingused by the daemons. To use the -r switch, you must have the ADMIN or SERVER attribute,and the eTrust AC daemons must be running.Utilities in Detail 23
dbmgr You cannot copy database files from one architecture to another whenusing UNIX commands such as cp or tar, if the files do not use thesame byte order. For example, you cannot copy a database from aSparc based machine to an Intel based machine, because each uses adifferent byte order.See AlsoThe seclassadm, selang, and seerrlog utilities in this chapter.24 Utilities Guide
dbmgrdbmgr -migrate Function—Copy Data to a Flat FileThe dbmgr -migrate function copies data from user and program records in anexisting database to a flat file. It can also copy the data from the flat file into anew database. The database from which the data is imported must be version1.21 or later.When you copy a flat file into a new database, it is important to use the sameversion of this function that you used to create the flat file. If you have morethan one version, it is strongly recommended that you use the most recentversion.Syntaxdbmgr migrate -m switch [option]Switches-r filenameRead the database in the current directory and copy certain data intothe flat file specified in the command line.-w filenameRead the flat file specified in the command line and copy the data intothe database in the current directory.Options-f filenameDirects output to the specified file, instead of the standard outputdevice. You must include this option when working from
Serves in place of the UNIX passwd and yppasswd commands. sesu Serves in place of the UNIX su command. sesudo Executes commands for one user with the permissions of another user. sewhoami Serves in place of the UNIX whoami command and reports the eTrust AC username, which is harder to change than the UNIX username.
Unix 101: Introduction to UNIX (i.e. Unix for Windows Users) Mark Kegel September 7, 2005 1 Introduction to UNIX (i.e. Unix for Windows Users) The cold hard truth · this course is NOT sponsored by the CS dept. · you will not receive any credit at all introduce ourselv
TOE Identification: Computer Associates eTrust Single Sign-On V7.0 with patch QO67747 ST Title: Computer Associates eTrust Single Sign-On V7.0 Security Target ST Version: Version 2.0 ST Author: CygnaCom Solutions, Inc. ST Date: October 20, 2005 Assurance level: EAL2 Registration: To be filled in upon registration
Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original
UNIX and POSIX APIs: The POSIX APIs, The UNIX and POSIX Development Environment, API Common Characteristics. UNIT – 2 6 Hours UNIX Files: File Types, The UNIX and POSIX File System, The UNIX and POSIX File Attributes, Inodes in UNIX
Unix was originally developed in 1969 by a group of AT&T employees Ken Thompson, Dennis Ritchie, Douglas McIlroy, and Joe Ossanna at Bell Labs. There are various Unix variants available in the market. Solaris Unix, AIX, HP Unix and BSD are a few examples. Linux is also a flavor of Unix which is freely available.
This is a standard UNIX command interview question asked by everybody and I guess everybody knows its answer as well. By using nslookup command in UNIX, you can read more about Convert IP Address to hostname in Unix here. I hope this UNIX command interview questions and answers would be useful for quick glance before going for any UNIX or Java job interview.
UNIX Files: File Types, The UNIX and POSIX File System, The UNIX and POSIX File Attributes, Inodes in UNIX System V, Application Program Interface to Files, UNIX Kernel Support for Files, Relationship of C Stream Pointers and File Descriptors, Directory Files, Hard and Symbolic Links. UNIT – 3 7 Hours
ANSI A300 standards are intended to guide work practices for the care of trees, palms, shrubs, and other woody landscape plants. They apply to arborists, horticulturists, landscape architects, and other professionals who provide for or supervise the management of these plants for property owners, property managers, businesses, government agencies, utilities, and others who use these services .
