 |
OpenVMS Guide to System Security
Appendix B
Protection for OpenVMS VAX System Files
This appendix lists OpenVMS VAX system files and their protections so
you can monitor them regularly to ensure that no tampering has
occurred. Section B.1 identifies the protection codes and ownership
assigned to the files and calls out any exceptions. Section B.2 lists
the system files supplied on OpenVMS VAX media.
See Chapter 8, particularly Section 8.9.2 for a discussion of how
to protect OpenVMS system files.
B.1 Standard Ownership and Protection
The system (SYSTEM) owns all OpenVMS system files except one. The
directory MOM$SYSTEM is owned by UIC [376,375].
All files in SYS$DEVICE:[VMS$COMMON], except those listed in
Table B-1, have a protection code of S:RWED,O:RWED,G:RWED,W:RE.
Table B-1 Exceptions to Standard OpenVMS VAX System File Protection
| Files |
Protection |
| [VMS$COMMON] |
|
|
|
DECW$DEFAULTS.DIR
|
MOM$SYSTEM.DIR
|
S:RWE,O:RWE,G:RE,W:RE
|
|
SYS$KEYMAP.DIR;
|
SYS$LDR.DIR
|
|
|
SYS$STARTUP.DIR
|
SYSCBI.DIR
|
|
|
SYSERR.DIR
|
SYSEXE.DIR
|
|
|
SYSFONT.DIR
|
SYSHLP.DIR
|
|
|
SYSLIB.DIR
|
SYSMAINT.DIR
|
|
|
SYSMGR.DIR
|
SYSMSG.DIR
|
|
|
SYSTEST.DIR
|
SYSUPD.DIR
|
|
|
VUE$LIBRARY.DIR
|
|
|
| [VMS$COMMON.SYS$KEYMAP] |
|
|
|
DECW.DIR
|
|
S:RWE,O:RWE,G:RE,W:RE
|
| [VMS$COMMON.SYS$KEYMAP.DECW] |
|
|
|
SYSTEM.DIR
|
USER.DIR
|
S:RWE,O:RWE,G:RE,W:RE
|
| [VMS$COMMON.SYSEXE] |
|
|
|
ISL_LVAX_061.SYS
|
ISL_SVAX_061.SYS
|
S:RWED,O:RWED,G:RE,W:RE
|
|
NETPROXY.DAT
|
|
S:RWE,O:RWE,G:RWE,W
|
|
NET$PROXY.DAT
|
|
S:RWE,O:RWE,G:RWE,W
|
|
MSGHLP$MAIN.EXE
|
|
S:RE,O:RE,G:RE,W:RE
|
|
RIGHTSLIST.DAT
|
|
S:RWED,O:RWED,G:R,W
|
|
SYSUAF.DAT
|
|
S:RWE,O:RWE,G:RWE,W
|
|
VMS$OBJECTS.DAT
|
|
S:RWE,O:RWE,G:RE,W
|
| [VMS$COMMON.SYSFONT] |
|
|
|
DECW.DIR
|
PS_FONT_METRICS.DIR
|
S:RWE,O:RWE,G:RE,W:RE
|
|
VWS.DIR
|
XDPS.DIR
|
|
| [VMS$COMMON.SYSFONT] |
|
|
|
DECW.DIR
|
PS_FONT_METRICS.DIR
|
S:RWE,O:RWE,G:RE,W:RE
|
|
VWS.DIR
|
XDPS.DIR
|
|
| [VMS$COMMON.SYSFONT.DECW] |
|
|
|
100DPI.DIR
|
75DPI.DIR
|
S:RWE,O:RWE,G:RE,W:RE
|
|
COMMON.DIR
|
CURSOR16.DIR
|
|
|
CURSOR32.DIR
|
USER_100DPI.DIR
|
|
|
USER_75DPI.DIR
|
USER_COMMON.DIR
|
|
|
USER_CURSOR16.DIR
|
USER_CURSOR32.DIR
|
|
| [VMS$COMMON.SYSHLP] |
|
|
|
DECW.DIR
|
VMSDOC.DIR
|
S:RWE,O:RWE,G:RE,W:RE
|
|
MSGHLP$ENGLISH.EXE
|
|
S:RE,O:RE,G:RE,W:RE
|
|
EXAMPLES.DIR
|
|
S:RWE,O:RWE,G:RE,W:RE
|
| [VMS$COMMON.SYSLIB] |
|
|
|
CDA$ACCESS.EXE
|
DECW$DWTLIBSHR.EXE
|
S:RW,O:RWED,G:R,W:R
|
|
DECW$PRINTWGTSHR.EXE
|
DECW$XLIBSHR.EXE
|
|
|
MSGHLP$ENGLISH.EXE
|
MSGHLP$SHARE.EXE
|
S:RE,O:RE,G:RE,W:RE
|
VMS$PASSWORD_DIC
TIONARY.DATA
|
|
S:RE,O:RE,G,W
|
|
XDPS$DPSBINDINGSSHR.EXE
|
XDPS$DPSCLIENTSHR.EXE
|
S:RW,O:RWED,G:R,W:R
|
|
XDPS$DPSLIBSHR.EXE
|
XNL$SHR.EXE
|
|
| [VMS$COMMON.SYSMGR] |
|
|
|
SECURITY.AUDIT$JOURNAL
|
|
S:RWED,O:RWED,G:RE,W
|
|
VMS$AUDIT_SERVER.DAT
|
|
S:RWE,O:RWE,G:RE,W
|
|
WELCOME.TEMPLATE
|
WELCOME.TXT
|
S:RWED,O:RWED,G:RE,W:RE
|
| [VMS$COMMON.VUE$LIBRARY] |
|
|
|
SYSTEM.DIR
|
USER.DIR
|
S:RWE,O:RWE,G:RE,W:RE
|
B.2 Listing of OpenVMS VAX System Files
The following sections display system files in the order produced by
the DCL command DIRECTORY.
B.2.1 Files in Top-Level Directories
The files in the top-level directory, VMS$COMMON on clustered systems,
contain the following files:
Directory SYS$SYSDEVICE:[VMS$COMMON]
DECW$DEFAULTS.DIR;1 MOM$SYSTEM.DIR;1
SYS$KEYMAP.DIR;1 SYS$LDR.DIR;1
SYS$STARTUP.DIR;1 SYSCBI.DIR;1
SYSERR.DIR;1 SYSEXE.DIR;1
SYSFONT.DIR;1 SYSHLP.DIR;1
SYSLIB.DIR;1 SYSMAINT.DIR;1
SYSMGR.DIR;1 SYSMSG.DIR;1
SYSTEST.DIR;1 SYSUPD.DIR;1
VUE$LIBRARY.DIR;1
Total of 17 files.
Directory SYS$SYSDEVICE:[VMS$COMMON.DECW$DEFAULTS]
SYSTEM.DIR;1 USER.DIR;1
Total of 2 files.
|
B.2.2 Files in DECW$DEFAULTS.SYSTEM and MOM$SYSTEM
The directories DECW$DEFAULTS.SYSTEM and MOM$SYSTEM contain the
following files:
Directory SYS$SYSDEVICE:[VMS$COMMON.DECW$DEFAULTS.SYSTEM]
DBG$HA_DEFAULTS.DAT;1 PCSI$MUI.UID;1
PCSI.DAT;1 VMSDEBUG.DAT;1
Total of 4 files.
Directory SYS$SYSDEVICE:[VMS$COMMON.MOM$SYSTEM]
READ_ADDR.SYS;1
Total of 1 file.
|
B.2.3 Files in SYS$KEYMAP
The directory SYS$KEYMAP contains the following files:
Directory SYS$SYSDEVICE:[VMS$COMMON.SYS$KEYMAP]
DECW.DIR;1
Total of 1 file.
Directory SYS$SYSDEVICE:[VMS$COMMON.SYS$KEYMAP.DECW]
SYSTEM.DIR;1 USER.DIR;1
Total of 2 files.
|
B.2.4 Files in SYS$KEYMAP.DECW.SYSTEM
The directory SYS$KEYMAP.DECW.SYSTEM contains the following files:
Directory SYS$SYSDEVICE:[VMS$COMMON.SYS$KEYMAP.DECW.SYSTEM]
AUSTRIAN_GERMAN_LK201LG_DP.DECW$KEYMAP;1 AUSTRIAN_GERMAN_LK201LG_TW.DECW$KEYMAP;1
AUSTRIAN_GERMAN_LK201NG_DP.DECW$KEYMAP;1 AUSTRIAN_GERMAN_LK201NG_TW.DECW$KEYMAP;1
AUSTRIAN_GERMAN_LK401AG_TW.DECW$KEYMAP;1 BELGIAN_FRENCH_LK201LP_DP.DECW$KEYMAP;1
BELGIAN_FRENCH_LK201LP_TW.DECW$KEYMAP;1 BELGIAN_FRENCH_LK401AP_DP.DECW$KEYMAP;1
BELGIAN_FRENCH_LK401AP_TW.DECW$KEYMAP;1 BELGIAN_LK444_VT.DECW$KEYMAP;1
BRITISH_LK201LE_DP.DECW$KEYMAP;1 BRITISH_LK201LE_TW.DECW$KEYMAP;1
BRITISH_LK401AA_DP.DECW$KEYMAP;1 BRITISH_LK401AA_TW.DECW$KEYMAP;1
CANADIAN_FRENCH_LK201LC_DP.DECW$KEYMAP;1 CANADIAN_FRENCH_LK201LC_TW.DECW$KEYMAP;1
CANADIAN_FRENCH_LK401AC_DP.DECW$KEYMAP;1 CANADIAN_FRENCH_LK401AC_TW.DECW$KEYMAP;1
CZECH_LK401_BV.DECW$KEYMAP;1 DANISH_LK201LD_DP.DECW$KEYMAP;1
DANISH_LK201LD_TW.DECW$KEYMAP;1 DANISH_LK201RD_DP.DECW$KEYMAP;1
DANISH_LK201RD_TW.DECW$KEYMAP;1 DANISH_LK401AD_DP.DECW$KEYMAP;1
DANISH_LK401AD_TW.DECW$KEYMAP;1 DENMARK_LK444_VT.DECW$KEYMAP;1
DUTCH_LK201LH_DP.DECW$KEYMAP;1 DUTCH_LK201LH_TW.DECW$KEYMAP;1
DUTCH_LK201NH.DECW$KEYMAP;1 DUTCH_LK401AH.DECW$KEYMAP;1
FINNISH_LK201LF_DP.DECW$KEYMAP;1 FINNISH_LK201LF_TW.DECW$KEYMAP;1
FINNISH_LK201NX_DP.DECW$KEYMAP;1 FINNISH_LK201NX_TW.DECW$KEYMAP;1
FINNISH_LK401AF_DP.DECW$KEYMAP;1 FINNISH_LK401AF_TW.DECW$KEYMAP;1
FLEMISH_LK201LB_DP.DECW$KEYMAP;1 FLEMISH_LK201LB_TW.DECW$KEYMAP;1
FLEMISH_LK401AB_DP.DECW$KEYMAP;1 FLEMISH_LK401AB_TW.DECW$KEYMAP;1
FRANCE_LK444_VT.DECW$KEYMAP;1 GERMANY_LK444_VT.DECW$KEYMAP;1
HUNGARIAN_LK401_BQ.DECW$KEYMAP;1 ICELANDIC_LK201LU_DP.DECW$KEYMAP;1
ICELANDIC_LK201LU_TW.DECW$KEYMAP;1 ITALIAN_LK201LI_DP.DECW$KEYMAP;1
ITALIAN_LK201LI_TW.DECW$KEYMAP;1 ITALIAN_LK401AI_DP.DECW$KEYMAP;1
ITALIAN_LK401AI_TW.DECW$KEYMAP;1 ITALY_LK444_VT.DECW$KEYMAP;1
NORTH_AMERICAN_LK201LA.DECW$KEYMAP;1 NORTH_AMERICAN_LK401AA.DECW$KEYMAP;1
NORWAY_LK444_VT.DECW$KEYMAP;1 NORWEGIAN_LK201LN_DP.DECW$KEYMAP;1
NORWEGIAN_LK201LN_TW.DECW$KEYMAP;1 NORWEGIAN_LK201RN_DP.DECW$KEYMAP;1
NORWEGIAN_LK201RN_TW.DECW$KEYMAP;1 NORWEGIAN_LK401AN_DP.DECW$KEYMAP;1
NORWEGIAN_LK401AN_TW.DECW$KEYMAP;1 POLISH_LK401_BP.DECW$KEYMAP;1
PORTUGAL_LK444_VT.DECW$KEYMAP;1 PORTUGUESE_LK201LV.DECW$KEYMAP;1
PORTUGUESE_LK401AV.DECW$KEYMAP;1 RUSSIAN_LK401_BT.DECW$KEYMAP;1
SLOVAK_LK401_CZ.DECW$KEYMAP;1 SPAIN_LK444_VT.DECW$KEYMAP;1
SPANISH_LK201LS_DP.DECW$KEYMAP;1 SPANISH_LK201LS_TW.DECW$KEYMAP;1
SPANISH_LK401AS_DP.DECW$KEYMAP;1 SPANISH_LK401AS_TW.DECW$KEYMAP;1
SWEDEN_LK444_VT.DECW$KEYMAP;1 SWEDISH_LK201LM_DP.DECW$KEYMAP;1
SWEDISH_LK201LM_TW.DECW$KEYMAP;1 SWEDISH_LK201NM_DP.DECW$KEYMAP;1
SWEDISH_LK201NM_TW.DECW$KEYMAP;1 SWEDISH_LK401AM_DP.DECW$KEYMAP;1
SWEDISH_LK401AM_TW.DECW$KEYMAP;1 SWISS_FRENCH_LK201LK_DP.DECW$KEYMAP;1
SWISS_FRENCH_LK201LK_TW.DECW$KEYMAP;1 SWISS_FRENCH_LK401AK_DP.DECW$KEYMAP;1
SWISS_FRENCH_LK401AK_TW.DECW$KEYMAP;1 SWISS_GERMAN_LK201LL_DP.DECW$KEYMAP;1
SWISS_GERMAN_LK201LL_TW.DECW$KEYMAP;1 SWISS_GERMAN_LK401AL_DP.DECW$KEYMAP;1
SWISS_GERMAN_LK401AL_TW.DECW$KEYMAP;1 SWISS_LK444_VT.DECW$KEYMAP;1
UK_LK201RE.DECW$KEYMAP;1 UK_LK401AA.DECW$KEYMAP;1
UK_LK444_VT.DECW$KEYMAP;1 US_LK201RE.DECW$KEYMAP;1
US_LK401AA.DECW$KEYMAP;1 US_LK443_VT.DECW$KEYMAP;1
Total of 92 files.
|
B.2.5 Files in SYS$LDR
The directory SYS$LDR contains the following files:
Directory SYS$SYSDEVICE:[VMS$COMMON.SYS$LDR]
CLASS_SCHEDULER.EXE;1 CNDRIVER.EXE;1
CONINTERR.EXE;1 CPULOA.EXE;1
CRDRIVER.EXE;1 CS9AQDRIVER.EXE;1
CSDRIVER.EXE;1 CTDRIVER.EXE;1
CVDRIVER.EXE;1 CWDRIVER.EXE;1
DBDRIVER.EXE;1 DDDRIVER.EXE;1
DDIF$RMS_EXTENSION.EXE;1 DKDRIVER.EXE;1
DLDRIVER.EXE;1 DMDRIVER.EXE;1
DQDRIVER.EXE;1 DRDRIVER.EXE;1
DSDRIVER.EXE;1 DUDRIVER.EXE;1
DVDRIVER.EXE;1 DXDRIVER.EXE;1
DYDRIVER.EXE;1 DZDRIVER.EXE;1
ECDRIVER.EXE;1 EFDRIVER.EXE;1
EPDRIVER.EXE;1 ERRORLOG.EXE;1
ESDRIVER.EXE;1 ESS$DADDRIVER.EXE;1
ESS$LADDRIVER.EXE;1 ESS$LASTDRIVER.EXE;1
ESS$MADDRIVER.EXE;1 ETDRIVER.EXE;1
EVENT_FLAGS_AND_ASTS.EXE;1 EXCEPTION.EXE;1
EXDRIVER.EXE;1 EXEC_INIT.EXE;1
EZDRIVER.EXE;1 FBDRIVER.EXE;1
FCDRIVER.EXE;1 FPEMUL.EXE;1
FQDRIVER.EXE;1 FTDRIVER.EXE;1
FXDRIVER.EXE;1 FYDRIVER.EXE;1
GAADRIVER.EXE;1 GABDRIVER.EXE;1
GBBDRIVER.EXE;1 GCADRIVER.EXE;1
GCBDRIVER.EXE;1 GDDRIVER.EXE;1
GEBDRIVER.EXE;1 GECDRIVER.EXE;1
GFBDRIVER.EXE;1 GKDRIVER.EXE;1
IKDRIVER.EXE;1 IMAGE_MANAGEMENT.EXE;1
IMDRIVER.EXE;1 INDRIVER.EXE;1
IO_ROUTINES.EXE;1 LADRIVER.EXE;1
LCDRIVER.EXE;1 LIDRIVER.EXE;1
LMF$GROUP_TABLE.EXE;1 LOCKING.EXE;1
LOGICAL_NAMES.EXE;1 LPDRIVER.EXE;1
LTDRIVER.EXE;1 MBXDRIVER.EXE;1
MESSAGE_ROUTINES.EXE;1 MKDRIVER.EXE;1
NDDRIVER.EXE;1 NET$CSMACD.EXE;1
NET$FDDI.EXE;1 NETDRIVER.EXE;1
NODRIVER.EXE;1 PADRIVER.EXE;1
PAGE_MANAGEMENT.EXE;1 PBDRIVER.EXE;1
PDDRIVER.EXE;1 PEDRIVER.EXE;1
PIDRIVER.EXE;1 PKBDRIVER.EXE;1
PKCDRIVER.EXE;1 PKIDRIVER.EXE;1
PKNDRIVER.EXE;1 PKRDRIVER.EXE;1
PKSDRIVER.EXE;1 PKXDRIVER.EXE;1
PRIMITIVE_IO.EXE;1 PROCESS_MANAGEMENT.EXE;1
PUDRIVER.EXE;1 PWDRIVER.EXE;1
RECOVERY_UNIT_SERVICES.EXE;1 RMS.EXE;1
RTTDRIVER.EXE;1 RXDRIVER.EXE;1
SECURITY.EXE;1 SHDRIVER.EXE;1
SNAPSHOT_SERVICES.EXE;1 SODRIVER.EXE;1
SYS$CLUSTER.EXE;1 SYS$IPC_SERVICES.EXE;1
SYS$NETWORK_SERVICES.EXE;1 SYS$SCS.EXE;1
SYS$TRANSACTION_SERVICES.EXE;1 SYS$UTC_SERVICES.EXE;1
SYS.EXE;2 SYSDEVICE.EXE;1
SYSGETSYI.EXE;1 SYSLDR_DYN.EXE;1
SYSLICENSE.EXE;1 SYSLOA1202.EXE;1
SYSLOA1302.EXE;1 SYSLOA1303.EXE;1
SYSLOA1701.EXE;1 SYSLOA410.EXE;1
SYSLOA41D.EXE;1 SYSLOA41W.EXE;1
SYSLOA420.EXE;1 SYSLOA42D.EXE;1
SYSLOA42S.EXE;1 SYSLOA42W.EXE;1
SYSLOA43.EXE;1 SYSLOA43D.EXE;1
SYSLOA43S.EXE;1 SYSLOA43W.EXE;1
SYSLOA440.EXE;1 SYSLOA46.EXE;1
SYSLOA49.EXE;1 SYSLOA520.EXE;1
SYSLOA60.EXE;1 SYSLOA600.EXE;1
SYSLOA640.EXE;1 SYSLOA64D.EXE;1
SYSLOA650.EXE;1 SYSLOA65D.EXE;1
SYSLOA660.EXE;1 SYSLOA66D.EXE;1
SYSLOA670.EXE;1 SYSLOA67D.EXE;1
SYSLOA690.EXE;1 SYSLOA69D.EXE;1
SYSLOA700.EXE;1 SYSLOA70D.EXE;1
SYSLOA730.EXE;1 SYSLOA750.EXE;1
SYSLOA780.EXE;1 SYSLOA790.EXE;1
SYSLOA8NN.EXE;1 SYSLOA8PS.EXE;1
SYSLOA8SS.EXE;1 SYSLOA9AQ.EXE;1
SYSLOA9CC.EXE;1 SYSLOA9RR.EXE;1
SYSLOAUV1.EXE;1 SYSLOAUV2.EXE;1
SYSLOAWS1.EXE;1 SYSLOAWS2.EXE;1
SYSLOAWSD.EXE;1 SYSTEM_DEBUG.EXE;1
SYSTEM_PRIMITIVES.EXE;1 SYSTEM_PRIMITIVES_MIN.EXE;1
SYSTEM_SYNCHRONIZATION.EXE;1 SYSTEM_SYNCHRONIZATION_MIN.EXE;1
SYSTEM_SYNCHRONIZATION_SPC.EXE;1 SYSTEM_SYNCHRONIZATION_UNI.EXE;1
TFDRIVER.EXE;1 TMDRIVER.EXE;1
TSDRIVER.EXE;1 TTDRIVER.EXE;1
TUDRIVER.EXE;1 TVDRIVER.EXE;1
VAXCLUSTER_CACHE.EXE;1 VAXEMUL.EXE;1
VBSS.EXE;1 VECTOR_PROCESSING.EXE;1
VMS$SYSTEM_IMAGES.DATA;1 VVIEF_BOOTSTRAP.EXE;1
WORKING_SET_MANAGEMENT.EXE;1 WPDRIVER.EXE;1
WSDRIVER.EXE;1 XADRIVER.EXE;1
XDDRIVER.EXE;1 XEDRIVER.EXE;1
XFDRIVER.EXE;1 XIDRIVER.EXE;1
XMDRIVER.EXE;1 XQDRIVER.EXE;1
XTDRIVER.EXE;1 YCDRIVER.EXE;1
YEDRIVER.EXE;1 YFDRIVER.EXE;1
YIDRIVER.EXE;1
Total of 195 files.
|
|
