-+-+-+-+-+-+-+-+ START OF PART 3 -+-+-+-+-+-+-+-+ X$endif X$ today = 7-'f$CVTIME(p3,,"WEEKDAY")' X$ time = f$CVTIME(p3+":0:0:0.0+"+f$STRING(today)+"-0:","ABSOLUTE","DATE") X$ goto exit X$LASTWEEK: ! Monday is beginning of week X$ if f$edit(f$ext(0,1,p4),"UPCASE").eqs."H" X$then X$ sunday = 1 X$ monday = 2 X$ tuesday = 3 X$ wednesday = 4 X$ thursday = 5 X$ friday = 6 X$ saturday = 0 X$else X$ sunday = 6 X$ monday = 0 X$ tuesday = 1 X$ wednesday = 2 X$ thursday = 3 X$ friday = 4 X$ saturday = 5 X$endif X$ today = 7+'f$CVTIME(p3,,"WEEKDAY")' X$ time = f$CVTIME(p3+":0:0:0.0-"+f$STRING(today)+"-0:","ABSOLUTE","DATE") X$ goto EXIT X$!Last Modified: 29-JUN-1989 17:09:29.50, By: RLB`20 $ CALL UNPACK CVTIME.COM;12 2137918295 $ create 'f' X$! getnode.com -- get current cpu node name X$ vfl = f$ver(0) X$ set noon X$ @utl:setver 4 6 ge X$ if p1.eqs."" then $ p1 = "NODE" X$ mess = f$env("message") X$ set mess/nofac/nosev/noid/notext X$ if f$type('p1').nes."" then $ del/sym/glo 'p1' X$ set mess'mess' X$ if f$type('p1').nes."" then $ goto already_def X$getit: X$'if_ge_v4' node = f$getsyi("nodename") X$'if_ge_v4' if node.eqs."" then $ node = f$trnlnm("sys$node","lnm$system")-" V_"-"::" X$'if_ge_v4' if node.eqs."" then $ node = f$getsyi("scsnode") X$ if node.eqs."" then $ node = f$fao("!8XL",f$getsyi("sid")) X$ node = f$edit(node,"trim,compress") X$ if node.nes."" then $ 'p1' == node X$exit: X$ exit ! 'f$ver(vfl)' X$already_def: X$ write sys$Output "GETNODE-W-Symbol ",p1," is already defined above level " V,f$env("depth") X$ write sys$Output "GETNODE-I-",p1," currently has the value """,'p1',"""" X$ write sys$Output "GETNODE-W-value returned to NODENAME instead of NODE" X$ p1 = "NODENAME" X$ goto getit X$!Last Modified: 12-JUL-1988 11:01:36.12, By: RLB`20 $ CALL UNPACK GETNODE.COM;4 845686728 $ create 'f' X$! Procedure to convert SYS$STARTUP:SYLOGICALS.TEMPLATE to SYS$COMMON:`5BSYS V$STARTUP`5DLOC$OPC_LOGICALS.TEMPLATE; X$! p1 -- output file name X$! X$! Execute this file with @ X$! generated by RLB at 23-JUL-1990 22:51:42.39 X$! X$ set noon X$ default_file = "SYS$COMMON:`5BSYS$STARTUP`5DLOC$OPC_LOGICALS.TEMPLATE" X$ if p1.eqs."" then inquire p1 "Output file name `5B'default_file'`5D" X$ if p1.eqs."" then $ p1 = default_file X$ write sys$Output "Updating SYS$STARTUP:SYLOGICALS.TEMPLATE to produce ",p1 V," X$ edit/sum SYS$STARTUP:SYLOGICALS.TEMPLATE/update=sys$Input:/output='p1' X$ DECK/dollars="$*EOD*SUM" X- 1, 99 X$ if f$type(my_node).eqs."" then $ @utl:getnode my_node X$ network_logger1 = "NODEA" X$ network_logger2 = "NODEB" X$! no_network_logging = 1 ! uncomment this line to disable all network logg Ving X$!`09`09`09 ! to the operator log file. X$ cluster_console_node = "NODEC" X$ defsys = "define/system/executive/name_attribute=no_alias" X- 134 X$`09defsys opc$opa0_enable 1 X- 140 X$! If you want to make 1 node your cluster console system then`20 X$!`09leave this code intact and set the cluster_console_node symbol`20 X$!`09to the appropriate node name above. X$! X$`09console_classes = "tape,printer" X$`09if my_node.eqs.cluster_console_node`20 X$`09then`20 X$ `09 cluster_class = ",cluster" X$`09else X$`09 cluster_class = ",central" X$`09endif X$`09defsys opc$opa0_classes 'console_classes''cluster_class' X$! X$! X- 156 X$`09defsys opc$logfile_enable 1 X$ X$! X- 161 X$! Since security is being handled by the AUDIT_SERVER, it is best to`20 X$! leave SECURITY turned off for all of the OPERATOR LOG FILEs. X$! X$ base_logfile_classes = "central,cluster,disk,tape,printer,license,devices V" X$! X$! If you want 1 or more nodes to log network messages to the operator X$! log file (I think at least 1 should) then modify the symbol definitions X$! at the beginning of the file X$! X$! If you want to turn off network logging altogether, then define the X$! symbol NO_NETWORK_LOGGING by uncommenting the line below the node`20 X$! symbol definitions. X$! X$ if NO_NETWORK_LOGGING X$ then X$`09network_log = "" X$ else X$ if my_node.eqs.network_logger1 .or. my_node.eqs.network_logger2 X$ then X$`09network_log = ",network" X$ else X$`09network_log = "" X$ endif X$ endif X$`09defsys opc$logfile_classes - X`09`09'base_logfile_classes''network_log' X$! X- 169 X$ mydate = f$cvtime("",,"date") X$ logfile_name = "MGRLOG:"+mydate+"_"+my_node+"_operator.log" X$! X$! mgrlog is defined in SYS$STARTUP:LOC$SYLOGNAM.COM which is called X$! from SYS$STARTUP:SYLOGICALS.COM X$! X$ defsys`09opc$logfile_name`09'logfile_name' X$! X- 177, 177 X$!`09NOTE: only OPC$LOGFILE_NAME is used for more than the initial X- 181 X$! You must use the associated LOC$OPC_UPDATE.COM to get an update X$!`09that reflects your logical name settings. X$! X- 198, 212 X$!Last Modified: 23-JUL-1990 23:09:08.18, By: RLB`20 X/ X$*EOD*SUM X$ write sys$output "Completed Conversion" $ CALL UNPACK LOC$OPC_LOGICALS_BLD.COM;3 293464924 $ create 'f' X$! Procedure to convert VMS$BASEENVIRON-050_VMS.COM to SYS$COMMON:`5BSYS$STA VRTUP`5DLOC$OPC_UPDATE.COM; X$! p1 -- output file name X$! X$! Execute this file with @ X$! generated by RLB at 14-MAY-1990 08:48:30.22 X$! X$ set noon X$ default_file = "SYS$COMMON:LOC$OPC_UPDATE.COM" X$ if p1.eqs."" then inquire p1 "Output file name `5B'default_file'`5D" X$ if p1.eqs."" then $ p1 = default_file X$ write sys$Output "Updating VMS$BASEENVIRON-050_VMS.COM to produce ",p1," X$ edit/sum VMS$BASEENVIRON-050_VMS.COM/update=sys$Input:/output='p1' X$ DECK/dollars="$*EOD*SUM" X- 3, 33 X$comma = "," X$null = "" X$trimup = "upcase,trim" X$opc$all_classes = "CARDS,CENTRAL,CLUSTER,DEVICES,DISKS,"+- X`09`09"LICENSE,NETWORK,PRINTER,SECURITY,TAPES,"+- X`09`09"OPER1,OPER2,OPER3,OPER4,OPER5,OPER6,"+- X`09`09"OPER7,OPER8,OPER9,OPER10,OPER11,OPER12" X$workstation = "FALSE" X$if f$GETDVI("_GA","EXISTS") then workstation = "TRUE" X$if f$GETDVI("_GB","EXISTS") then workstation = "TRUE" X$if f$GETDVI("_GC","EXISTS") then workstation = "TRUE" X$if f$GETDVI("_VA","EXISTS") then workstation = "TRUE" X$if f$GETDVI("_VC","EXISTS") then workstation = "TRUE" X$if f$GETDVI("_VK","EXISTS") then workstation = "TRUE" X$cluster_member = (f$TRNLNM("STARTUP$CLUSTER_MEMBER","LNM$STARTUP_TABLE") .e Vqs. "TRUE") X- 44, 48 X$opc$disable_classes == comma + opc$all_classes X$call DECODE_OVERRIDE_CLASSES OPC$OPA0_CLASSES X$opc$disable_classes == opc$disable_classes - comma X$if f$VER() then $ show symbol opc* X$if opc$disable_classes.nes.""`20 X$then ! disable some opa0 X$disable_opa0_classes = "/disable=(" + opc$disable_classes + ")" X$endif ! disable some opa0 X$if opc$override_classes .nes. "" X$then ! enable some opa0 X$enable_opa0_classes = "/enable=(" + opc$override_classes + ")" X$endif ! enable some opa0 X- 55, 55 X$opc$disable_classes == comma+opc$all_classes X$call DECODE_OVERRIDE_CLASSES OPC$LOGFILE_CLASSES X$opc$disable_classes == opc$disable_classes - comma X$if opc$disable_classes.nes.""`20 X$then X$disable_logfile_classes = "/disable=(" + opc$disable_classes + ")" X$endif X- 67 X$if f$TYPE(disable_opa0_classes) X$then X$reply 'disable_opa0_classes' X$endif X- 76 X$reply /log 'disable_logfile_classes' X$define /user sys$command OPA0: X- 85, 95 X$DECODE_OVERRIDE_CLASSES: subroutine X$if f$trnlnm (p1) .eqs. "" then goto DECODE_DONE X$max_index = f$trnlnm (p1,,,,,"MAX_INDEX") X$index = 0 X$DECODE_LOOP: X$nxt_class_set = f$EDIT(f$trnlnm (p1,,index),trimup) X$set_index = 0 X$UNRAVEL_LOOP: X$nxt_class = f$EDIT(f$ELEMENT(set_index,comma,nxt_class_set),trimup) X$if nxt_class.nes.comma X$then ! not comma X$ set_index = 1+set_index X$ if nxt_class.nes.null X$ then ! not null X$call IN_SET nxt_class opc$all_classes class_name "," X$if $status X$then ! found it X$opc$disable_classes == opc$disable_classes -(","+class_name) X$opc$override_classes == opc$override_classes + "," + class_name X$endif ! found it X$endif ! not null X$goto UNRAVEL_LOOP X$endif ! not comma X$index = index + 1 X$if index .le. max_index then goto DECODE_LOOP X$DECODE_DONE: X$opc$override_classes == opc$override_classes - "," X$exit X$ ! Subroutine section X$ ! X$IN_SET:subroutine X$if p4.eqs.null then $p4="," X$n=f$LOCATE(p4+f$EDIT('p1',trimup),p4+f$EDIT('p2',trimup)) X$if n.gt.f$LENGTH('p2') then $return %X10040004 !not found X$if p3.nes.null then $'p3'==f$ELEMENT(0,p4,f$EXTRACT(n,999,'p2')) X$exit X$endsubroutine X$! IN_SET subroutine -- determine if a string matches any member X$!`09`09`09of a set of strings. Optionally returns the matched X$!`09`09`09member of the set. Ambiguous matches return the X$!`09`09`09first string matched. X$! X$!`09`09`09If p1 is null then the first element is matched. X$! Parameters: X$! p1 -- string to search for in the set. X$! p2 -- the set of strings that is being checked against. X$! p3 -- Optional global symbol to return the matched string to. X$!`09 If p3 is null then only a success status is returned. X$! p4 -- Optional string delimiter character, default is "," X$! X$!Last Modified: 23-JUL-1990 23:07:25.85, By: RLB`20 X/ X$*EOD*SUM X$ write sys$output "Completed Conversion" $ CALL UNPACK LOC$OPC_UPDATE_BLD.COM;2 2018071639 $ create 'f' X$! SECURITY.COM X$! Turn on security alarm capabilities as specified below X$! X$ set noon X$ req_privs = "security,sysprv,cmkrnl" X$ save_privs = f$SETPRV(req_privs) X$ show sym $status X$! X$! make sure the logical name(s) are defined X$! X$ if f$TRNLNM("mgrlog").eqs."" then - X$`09define/sys mgrlog scratch_device:`5Bsysmgr`5D,soft_device:`5Bsysmgr`5D/e Vxec X$! X$! We want to turn on alarms capability for file accesses. X$! This is normally only used to force errors from invalid attempts to X$! access various things around the system. X$! X$ ACL_enable = "ACL" X$! X$! Audit all changes to AUDIT settings X$! X$ audit_enable = "AUDIT" X$! X$! Audit all login failures in the listed modes X$! X$ logfailure_enable = "LOGFAILURE=(NETWORK,BATCH,DETACHED,REMOTE)" X$! X$! Alarm all classes of detected breakin attempts. See SYSGEN parameters X$! for related information. The parameters defining what constitutes a X$! breakin are system/security manager controllable. X$! X$ BREAKIN_enable = "BREAKIN=(ALL)" X$! X$! Alarm all failures to access files X$! X$ FILE_enable = "FILE=(FAILURE:ALL)" X$! X$! create the list of classes from those defined above X$! X$ ENABLE_list = acl_enable+","+breakin_enable+","+logfailure_enable+","+- X`09`09file_enable+","+audit_enable X$! X$! turn on alarms for the selected list of classes X$! and enable resource monitoring. X$! X$ show audit/all X$ status = $status X$ if status X$ then X$ `09set audit/alarm/enable=('enable_list') X$`09set audit/journal=security/resource=enable X$ endif X$ @security_audit_root:`5Bexe`5Daudit_log STARTUP X$! X$! show what we've got unless in STARTUP X$! X$ if f$EDIT(f$GETJPI("","PRCNAM"),"trim") .nes."STARTUP" then $ show audit X$ X$EXIT: X$ if save_privs.nes."" then $ x = f$SETPRV(save_privs) X$ exit X$ALARM: X$ request/to=SECURITY "Unauthorized access to ''f$ENV("procedure")'" X$ stop/id=0 X$!Last Modified: 22-MAR-1990 13:11:06.62, By: RLB`20 $ CALL UNPACK LOC$SECURITY.COM;23 1913670754 $ create 'f' X$! setup new operator log file X$! keep it purged to 7 to 14 days worth of log files. X$! p1 -- flag to skip new log file and just to the cleanup portion. X$! X$ vfl = f$VER(0.or.f$trnlnm("debug$daily")) X$ set noon X$ if f$TYPE(my_node).eqs."" then $ @utl:getnode my_node X$ set proc/priv=all X$ oper_log_file_name = f$parse("opc$logfile_name:","sys$manager:operator.log V") X$ show symbol oper_log_file_name X$ if p1.nes."" then $ goto NEW_LOG_SKIP X$ reply/enable=(central,cluster,cards) X$! definite overkill here, but what else could we do? X$! definitely want to be sure we get the right one. X$ if f$getdvi("OPA0","PID").eqs."" then - X$ `09set term/perm/nomodem OPA0: X$! X$! Set logicals to reflect new date and any changes X$! X$ @sys$startup:loc$opc_logicals X$ define/user sys$input OPA0: X$ define/user sys$command OPA0: X$ define/user TT opa0: X$ reply/log X$ define/user sys$input OPA0: X$ define/user sys$command OPA0: X$ define/user TT opa0: X$ reply/status X$ @sys$startup:loc$opc_update X$NEW_LOG_SKIP: X$ if f$SEARCH(f$parse(";-1",oper_log_file_name)).eqs."" then $ goto SKIP_REN VAME X$RENAME_DO_LOOP: X$ rename 'oper_log_file_name'-0 'f$parse(".old;",oper_log_file_name)'/log X$ if f$SEARCH(f$parse(";-1",oper_log_file_name)).nes."" then $ goto RENAME_D VO_LOOP X$! X$SKIP_RENAME: X$ job_name = my_node+"OPERATOR_LOG_"+f$CVTIME("",,"WEEKDAY")+"_"+- X`09f$CVTIME("",,"YEAR")+"_"+f$CVTIME("",,"MONTH")+"_"+f$CVTIME("",,"DAY") X$! do not print them any more -- go to BACKUPS X$ goto EXIT X$'if_rtpvv1' print sys$manager:operator.old;* - X`09/name="''job_name'"- X`09/header/flag/trailer/modified/since=today - X`09/note="''my_node' OPERATOR LOG(S) " X$EXIT: X$ delete 'f$parse("*"+my_node+"_operator.*;*",oper_log_file_name)'- X`09/created/before="today-14-0:"/log X$ exit !'f$VER(vfl)' X$!Last Modified: 14-MAY-1990 12:09:11.50, By: RLB`20 $ CALL UNPACK OPERLOG.COM;32 795752982 $ create 'f' X$! X$! This command procedure is run prior to starting up the security auditing X$! server process. Its purpose is to mount or define any disks which will b Ve X$! used to hold security auditing log files (primarily the system security X$! audit journal file) or local security archive files. X$! X$!======================================================================== X$! SITE SPECIFIC PARAMETERS X$!======================================================================== X$ site_name = f$trnlnm("SITE_NAME","lnm$system","executive") X$ if site_name .eqs."" then $ site_name = "Your_Site_Name_Here" X$! X$! Directory Root for the Security Audit Files X$! X$ security_audit_root = "Security_Journal_Disk:`5BAudit_Directory.`5D" X$! X$! Set the archive type to A, B, or C X$! X$! Type C should only be used when the AUDIT_SERVER code is modified to`20 X$! support shared access to a cluster common security audit archive file. X$! X$ archive_type = "B" X$! X$!======================================================================== X$! X$! Get the node name into a symbol X$! X$ if f$type(my_node).eqs."" then $ @utl:getnode my_node X$! X$ defgrp = "define/table=lnm$group_000001/executive_mode" X$ defsys = "define/system/executive_mode" X$ credir = "create/directory/own=parent/prot=(s:rw,o:rw,g,w)" X$! +-+-+-+-+-+-+-+- END OF PART 3 +-+-+-+-+-+-+-+-