CXL

©2009 CXL - VScan

 

 

 

Report for
Company
Business Unit
Location
System .

Report name reports\myrepv.html
Report date 12-Oct-2009

Key to colors
RISKS low risk medium risk high risk
RESULTS correct medium impact major problem

No Code Test Results
1 SUMMARY Summary .
1.1 PRIVS privileges 14high users.
1.2 LEVELS levels level 0 - 0 level 1 - 0 level 2 - 0 level 3 - 48 level 4 - 4 level 5 - 0 level 6 - 10
1.3 FLAGS flags -
1.4 NETLI network logins -
2 PWDS Passwords .
2.1 PWDLIFE password life 91 days.
2.2 PWDLIFESTD password life vs. standards 26
2.3 PWDCHANGES distribution of password changes 170 average days.
2.4 PWDLEN password length 6 chrs.
2.5 PWDLENSTD password length vs. standards 23
3 A/C Accounts .
3.1 UNA/C unused accounts 10
3.2 NOOWN no owners 12
4 SPAC Specific accounts .
4.1 AC-SYSTEM system account done
4.2 AC-FIELD field account done
4.3 AC-DEFAULT default account done
5 LOGINS Logins .
5.1 LINOI non-interactive logins 2
5.2 LIBOT both types of login 5
5.3 LIINT interactive logins 44
5.4 LLOGINS last logins 99 days.
5.5 LIFAIL login failures 15 users.
5.6 DEFDIR default directories 5 users.
5.7 CLI cli 21 users.
5.8 LGICMD lgicmd 15 users.
5.9 NCAPTIVE non-captive 10 users.
6 UICS UICs .
6.1 SHUICS shared uics 8 uics
6.2 LOWUICS low value uics 13
7 SYSSET System settings .
7.1 UNLCPU unlimited cpu 0
7.2 PRCLM prclm 0
7.3 MXDETACH max detached 58
8 FLAGS Flags .
8.1 CAPTIVE captive 52 users.
8.2 DISWELCOME diswelcome 0 users.
8.3 DISNEWMAIL disnewmail 0 users.
8.4 DISMAIL flag - dismail 4 users.
8.5 GENPWD flag - genpwd 0 users.
8.6 DISIMAGE flag - disimage 0 users.
8.7 DISRECONNECT flag - disreconnect 0 users.
8.8 DISREPORT flag - disreport 0 users.
8.9 DISUSER flag - disuser 6 users.
8.10 LOCKPWD flag - lockpwd 4 users.
8.11 PWD_EXPIRED flag - pwd_expired 0 users.
8.12 RESTRICTED flag - restricted 47 users.
8.13 DISPWDDIC flag - dispwddic 61 users.
8.14 DEFCLI flag - defcli 0 users.
8.15 DISCTLY flag - disctly 48 users.
8.16 AUDIT flag - audit 2 users.
8.17 AUTOLOGIN flag - autologin 0 users.
8.18 DISFORCE_PWD_CHANGE flag - disforce_pwd_change 0 users.
8.19 DISPWDHIS flag - dispwdhis 0 users.
8.20 PWD2_EXPIRED flag - pwd2_expired 3 users.
8.21 EXTAUTH flag - external authentication 0 users.
8.22 VMSAUTH flag - vmsauth 0 users.
8.23 PWDMIX flag - pwdmix 2 users.
8.24 DISPWDSYNCH flag - dispwdsynch 3 users.
9 LEVELS Levels .
9.1 LEVELS4-6 levels 4 to 6 14 users.
10 PRIVS Privileges .
10.1 ACNT privilege - acnt 1 users.
10.2 ALLSPOOL privilege - allspool 1 users.
10.3 ALTPRI privilege - altpri 2 users.
10.4 BUGCHK privilege - bugchk 2 users.
10.5 BYPASS privilege - bypass 5 users.
10.6 CMEXEC privilege - cmexec 1 users.
10.7 CMKRNL privilege - cmkrnl 2 users.
10.8 DETACH privilege - detach 1 users.
10.9 DIAGNOSE privilege - diagnose 1 users.
10.10 EXQUOTA privilege - exquota 1 users.
10.11 GROUP privilege - group 1 users.
10.12 GRPNAM privilege - grpnam 1 users.
10.13 GRPPRV privilege - grpprv 1 users.
10.14 LOGIO privilege - logio 2 users.
10.15 MOUNT privilege - mount 1 users.
10.16 NETMBX privilege - netmbx 1 users.
10.17 OPER privilege - oper 12 users.
10.18 PFNMAP privilege - pfnmap 1 users.
10.19 PHYIO privilege - phyio 2 users.
10.20 PRMCEB privilege - prmceb 2 users.
10.21 PRMGBL privilege - prmgbl 2 users.
10.22 PRMMBX privilege - prmmbx 2 users.
10.23 PSWAPM privilege - pswapm 1 users.
10.24 READALL privilege - readall 4 users.
10.25 PSECY privilege - security 2 users.
10.26 SETPRV privilege - setprv 2 users.
10.27 SHARE privilege - share 1 users.
10.28 SHMEM privilege - shmem 1 users.
10.29 SYSGBL privilege - sysgbl 1 users.
10.30 SYSLCK privilege - syslck 1 users.
10.31 SYSNAM privilege - sysnam 2 users.
10.32 SYSPRV privilege - sysprv 3 users.
10.33 TMPMBX privilege - tmpmbx 3 users.
10.34 VOLPRO privilege - volpro 2 users.
10.35 WORLD privilege - world 2 users.
10.36 AUDIT privilege - audit 1 users.
10.37 DGRADE privilege - downgrade 1 users.
10.38 PIMPT privilege - import 1 users.
10.39 UGRADE privilege - upgrade 1 users.
10.40 IPNATE privilege - impersonate 3 users.
10.41 OVERALL flags/privilege - overall -

 

 

 

1 SUMMARY Summary
Risk
The following sections summarise the key areas of this review.

1.1 PRIVS Privileges
risk
Privileges determine what a user can and cannot do on a system. They determine what processes will work for a user.
The most important privileges are the ones which permit the user to run the AUTHORIZE program which then enables them to create accounts with whatever privileges they wish.
Such an account will have full access to all the data, software and even the logs recording the activity of the users.
Actions
With these privileges a user can do anything to your system and cover their tracks. Privileges at or above level 4 fall into this category.
results
 Number of users with the following privileges:

Level Privilege No. %
1 Mount 1 2
1 Netmbx 62 100
1 Tmpmbx 62 100
2 Group 62 100
2 Grpprv 1 2
3 Acnt 1 2
3 Allspool 1 2
3 Bugchk 0 0
3 Exquota 1 2
3 Grpnam 62 100
3 Prmceb 2 3
3 Prmgbl 0 0
3 Prmmbx 2 3
3 Shmem 1 2
4 Altpri 2 3
4 Oper 12 19
4 Pswapm 1 2
4 Security 2 3
4 Syslck 1 2
4 World 2 3
4 Audit 1 2
5 Diagnose 1 2
5 Sysgbl 0 0
5 Volpro 2 3
5 Import 0 0
6 Bypass 5 8
6 Cmexec 1 2
6 Cmkrnl 2 3
6 Detach 1 2
6 Log_IO 2 3
6 Pfnmap 1 2
6 Phy_IO 2 3
6 Readall 4 6
6 Setprv 2 3
6 Share 1 2
6 Sysnam 2 3
6 Sysprv 3 5
6 Downgrade 0 0
6 Upgrade 0 0
6 Impersonate 3 5

1.2 LEVELS Levels
risk
Each of the privileges shown previously has been categorised into 7 levels (0-6).
These are in order of the 'damage' they are capable of doing to a system.
Actions
Users at levels 4 to 6 are considered to be dangerous and the number of such accounts should be strictly limited.
We would not expect to see more than about 7 accounts at these levels.
results

 number of users at each level:

level name no. %
------------------------------------
0 none 0 0
1 normal 0 0
2 group 0 0
3 devour 48 77
4 system 4 6
5 files 0 0
6 all 10 16

1.3 FLAGS Flags
risk
A section of the SYSUAF record details the flags set for each user. Flags, like privileges, limit the facilities available to a user. In general, they tend to prevent users doing certain actions or receiving certain information.
Actions
Examine the flags set for users and ensure that they are appropriate.
results
 Number of users with the following flags set:

Flag No. %
----------------------------------
NONE 0 0
Captive 52 84
Diswelcome 0 0
Disnewmail 0 0
Dismail 4 6
Genpwd 0 0
Disimage 0 0
Disreconnect 0 0
Disreport 0 0
Disuser 6 10
Lockpwd 4 6
Ppwd_expired 0 0
Restricted 47 76
Dispwddic 61 98
Defcli 0 0
Disctly 48 77
Audit 2 3
Autologon 0 0
Disforce_pwd_change 0 0
Dispwdhis 0 0
Pwd2_expired 3 5
ExtAuth 0 0
VMSAuth 0 0
PwdMix 2 3
DisPwdSynch 3 5

1.4 NETLI Network Logins
risk
A NETWORK login is usually made to your system by a user doing a remote file access to it using DECNET. Many DCL commands specify a file or operation which can be performed across DECNET. They are non-interactive.
A BATCH login occurs when a user runs a batch job on the system using SUBMIT.
A LOCAL login is one that occurs from a terminal that is connected directly to the computer, or is on a Local Area Network and has CONNECT access to it. LOCAL logins are always interactive.
A DIALUP login is one that occurs from a terminal connected to a telephone line via a modem. If LOGINOUT sees that the line has the permanent characteristic /DIALUP, it automatically classifies the login as DIALUP. The most secure systems do not have ANY dial-up lines. If your system MUST have some form of dial-up, then VMS provides you with some security tools which counter someone trying to guess a password on your system over a dial-up line, and make dialling-in easier for authorised users.
A REMOTE login is made to your system by a remote user typing the command:
o $ SET HOST
This causes DECNET, to make a connection between them. If the node is reachable, the login sequence will be interactive.
Actions
Examine the numbers of users in each category and ensure that it is appropriate.
Dialup access is frequently given without good reason.
results

 number of users with different methods of access:

method no. %
----------------------------------
network 44 71
batch 44 71
local 46 74
dial-up 0 0
remote 43 69

 

 

 

2 PWDS Passwords
Risk
To list the users without passwords you need to issue this DCL instruction:
uaf/sel=password=''/display=(user)
This will list all users without passwords.

2.1 PWDLIFE Password life
risk
The default length of time that a password is usable before it has to be changed.
EVERY account should have a password life set.
A password which is not changed frequently can become widely known.
Actions
We consider 90 days to be too long for most commercial systems and we would recommend 30 days.
Thus any passwords with a life of longer than 60 days should be changed immediately.
results

 distribution of password lifetimes.
-----------------------------------

password never expires.
-----------------------
cxl_pjm never
cxl_system general system x never
default ggm default never
gen_pjm never
gen_system general system never
ggm_train1 training 1 never
system system manager never
xgm_default xgm default bt never
xgm_train1 training 1x never
users in this range = 9 ( 15% )

password life greater than 301 days.
------------------------------------
no users fall into this range.

password life between 151 and 300 days.
---------------------------------------
cxl_jmm j. moleson 235 days.
users in this range = 1 ( 2% )

password life between 91 and 150 days.
--------------------------------------
cxl_aft 99 days.
cxl_jmjc 135 days.
cxl_pt p.telly 135 days.
gen_pm dep - p.smith 99 days.
ygen_pm dep - p.smith 99 days.
zen_pm dep - p.smith 99 days.
zzn_pm dep - p.smith 99 days.
users in this range = 7 ( 11% )

password life between 61 and 90 days.
-------------------------------------
no users fall into this range.

password life between 31 and 60 days.
-------------------------------------
cxl_ags 35 days.
cxl_ajl 35 days.
cxl_bg dep - b.golds 35 days.
cxl_bgl 35 days.
cxl_bpb b.p.brown 35 days.
cxl_jc ibm - j.cooper 35 days.
cxl_jhm j.h.martin 35 days.
cxl_jlp j. peters 35 days.
cxl_jmh j. howell 35 days.
cxl_jmi j. ivy 35 days.
cxl_jml j. leadbetter 35 days.
cxl_jmn j. norton 35 days.
cxl_jnm 35 days.
cxl_jo j.oxshot 35 days.
cxl_jpc j.p.crompton 35 days.
cxl_jpj 35 days.
cxl_jpl j. lent 35 days.
cxl_jrd j. rover 35 days.
cxl_js j.smiley 35 days.
cxl_jth j. harry 35 days.
cxl_mdm m.d.manta 35 days.
cxl_mez m.e.zent 35 days.
cxl_mjc m.j.collins 35 days.
cxl_mkb m.k.brown 35 days.
cxl_mlw m.webster 35 days.
cxl_mnh m.n.hunter 35 days.
cxl_nh n.howell 35 days.
cxl_pac p.a.chin 35 days.
cxl_pjr fx2 - p.j.royce 35 days.
cxl_pm fx1 - p.moon 35 days.
cxl_prn 35 days.
cxl_prt tnt_oper2 35 days.
cxl_ps 35 days.
cxl_ret r.taylor 35 days.
cxl_rh 35 days.
cxl_rt r.tull 35 days.
users in this range = 36 ( 58% )

password life of less than 31 days.
-----------------------------------
cxl_jms j. smith 30 days.
cxl_mc dep - m.cool 0 days.
cxl_njm n.j.milton 20 days.
field field 30 days.
gen_mc dep - m.collins 0 days.
users in this range = 5 ( 8% )

2.2 PWDLIFESTD Password life vs. standards
risk
Company standards are not being applied to these users.
We recommend that passwords for 'system' users should be set to 30 days or less and for 'ordinary' users, it should be set to 60 days or less.
Actions
Set password life times to your company standards.
results
 The following 'system' users have password lifetimes below your company standards.

User Life Std
---------------------------------------|------|-----
CXL_AJL 35 30
CXL_BPB B.P.BROWN 35 30
CXL_JMJC 135 30
CXL_JML J. LEADBETTER 35 30
CXL_JPJ 35 30
CXL_JPL J. LENT 35 30
CXL_MKB M.K.BROWN 35 30
CXL_PJM None 30
CXL_PRN 35 30
CXL_PRT TNT_OPER2 35 30
CXL_RT R.TULL 35 30
CXL_SYSTEM GENERAL SYSTEM X None 30
GEN_PJM None 30
GEN_SYSTEM GENERAL SYSTEM None 30
SYSTEM SYSTEM MANAGER None 30
15'system' users do not have a password life of at least 30 days.

The following 'ordinary' users have password lifetimes below your company standards.

User Life Std
---------------------------------------|------|-----
CXL_AFT 99 60
CXL_JMM J. MOLESON 235 60
CXL_PT P.TELLY 135 60
DEFAULT GGM DEFAULT None 60
GEN_PM DEP - P.SMITH 99 60
GGM_TRAIN1 TRAINING 1 None 60
XGM_DEFAULT XGM DEFAULT BT None 60
XGM_TRAIN1 TRAINING 1X None 60
YGEN_PM DEP - P.SMITH 99 60
ZEN_PM DEP - P.SMITH 99 60
ZZN_PM DEP - P.SMITH 99 60
11'ordinary' users do not have a password life of at least 60 days.

2.3 PWDCHANGES Distribution of password changes
risk
Detailed below are the times when the users' passwords were last changed.
A password may be set to PRE-EXPIRED and when a user first logs on they will be forced to change it. The system behaves as if the password had reached its expiration date.
A password which is not changed frequently can become widely known.
Actions
Any passwords which have not been changed for a long time either belong to accounts which have a long password expiry set (reduce it) or the account has not been used for a long time (delete it).
results

 distribution of password changes.
---------------------------------

password pre-expired.
---------------------
cxl_ags pre-expired
cxl_ajl pre-expired
cxl_bpb b.p.brown pre-expired
cxl_mnh m.n.hunter pre-expired
default ggm default pre-expired
xgm_default xgm default bt pre-expired
users in this range = 6 ( 10% )

password changed more than 301 days.
------------------------------------
no users fall into this range.

password changed between 151 and 300 days.
------------------------------------------
cxl_bgl 297 days.
cxl_jhm j.h.martin 266 days.
cxl_jpc j.p.crompton 251 days.
cxl_mdm m.d.manta 239 days.
cxl_mjc m.j.collins 192 days.
cxl_mlw m.webster 152 days.
cxl_ret r.taylor 186 days.
cxl_rh 153 days.
gen_pjm 166 days.
users in this range = 9 ( 15% )

password changed between 91 and 150 days.
-----------------------------------------
cxl_jms j. smith 111 days.
cxl_nh n.howell 141 days.
cxl_pjm 135 days.
cxl_system general system x 117 days.
users in this range = 4 ( 6% )

password changed between 61 and 90 days.
----------------------------------------
cxl_aft 64 days.
cxl_bg dep - b.golds 70 days.
cxl_jc ibm - j.cooper 67 days.
cxl_jml j. leadbetter 64 days.
cxl_jnm 64 days.
cxl_jo j.oxshot 62 days.
cxl_jpj 69 days.
cxl_mc dep - m.cool 68 days.
cxl_ps 64 days.
cxl_rt r.tull 69 days.
gen_mc dep - m.collins 68 days.
gen_pm dep - p.smith 61 days.
gen_system general system 86 days.
ggm_train1 training 1 61 days.
system system manager 62 days.
xgm_train1 training 1x 61 days.
zen_pm dep - p.smith 61 days.
zzn_pm dep - p.smith 61 days.
users in this range = 18 ( 29% )

password changed between 31 and 60 days.
----------------------------------------
cxl_jlp j. peters 43 days.
cxl_jmh j. howell 43 days.
cxl_jmi j. ivy 48 days.
cxl_jmjc 55 days.
cxl_jmm j. moleson 43 days.
cxl_jmn j. norton 48 days.
cxl_jpl j. lent 46 days.
cxl_jrd j. rover 49 days.
cxl_js j.smiley 48 days.
cxl_jth j. harry 54 days.
cxl_mez m.e.zent 55 days.
cxl_mkb m.k.brown 55 days.
cxl_njm n.j.milton 56 days.
cxl_pac p.a.chin 49 days.
cxl_pjr fx2 - p.j.royce 48 days.
cxl_pm fx1 - p.moon 49 days.
cxl_prn 54 days.
cxl_prt tnt_oper2 55 days.
cxl_pt p.telly 56 days.
field field 48 days.
users in this range = 20 ( 32% )

password changed of less than 31 days.
--------------------------------------
ygen_pm dep - p.smith 0 days.
users in this range = 1 ( 2% )

2.4 PWDLEN Password length
risk
This is the minimum length required for a user's password.
Short passwords are easy to guess.
Actions
We recommend that passwords are at least 6 characters in length. Any shorter and they become too easy to guess. Much past 8 characters and users will tend to write them down. You may consider it beneficial for 'system' accounts to have passwords of at least 8 characters.
results
   
Users with min. password length= 0
CXL_MC DEFAULT GEN_MC XGM_DEFAULT
4 users.


Users with min. password length= 2
CXL_JTH GEN_PM
2 users.


Users with min. password length= 3
CXL_JMM CXL_SYSTEM GEN_SYSTEM
3 users.


Users with min. password length= 6
CXL_AFT CXL_AGS CXL_AJL CXL_BG CXL_BGL
CXL_BPB CXL_JC CXL_JHM CXL_JLP CXL_JMH
CXL_JMI CXL_JMJC CXL_JML CXL_JMN CXL_JMS
CXL_JNM CXL_JPC CXL_JPJ CXL_JPL CXL_JRD
CXL_JS CXL_MDM CXL_MEZ CXL_MJC CXL_MKB
CXL_MLW CXL_MNH CXL_NH CXL_NJM CXL_PAC
CXL_PJM CXL_PJR CXL_PM CXL_PRN CXL_PRT
CXL_PS CXL_PT CXL_RET CXL_RH CXL_RT
FIELD GEN_PJM GGM_TRAIN1 XGM_TRAIN1
44 users.


Users with min. password length= 8
SYSTEM
1 users.


Users with min. password length= 9
YGEN_PM ZEN_PM ZZN_PM
3 users.


Users with min. password length= 44
CXL_JO
1 users.

2.5 PWDLENSTD Password length vs. standards
risk
Shown here are users with passwords below your company standards.
Actions
We recommend that passwords are at least 6 characters in length. Any shorter and they become too easy to guess.
Longer than 8 characters and 'ordinary'users will tend to write them down.
You may consider it beneficial for 'system' accounts to have passwords of at least 8 characters.
results
 The following 'system' users have password lengths below your company standards.

User Len Std
---------------------------------------|------|-----
CXL_AJL 6 8
CXL_BPB B.P.BROWN 6 8
CXL_JMJC 6 8
CXL_JML J. LEADBETTER 6 8
CXL_JPJ 6 8
CXL_JPL J. LENT 6 8
CXL_MC DEP - M.COOL 0 8
CXL_MKB M.K.BROWN 6 8
CXL_NJM N.J.MILTON 6 8
CXL_PJM 6 8
CXL_PRN 6 8
CXL_PRT TNT_OPER2 6 8
CXL_RT R.TULL 6 8
CXL_SYSTEM GENERAL SYSTEM X 3 8
FIELD FIELD 6 8
GEN_MC DEP - M.COLLINS 0 8
GEN_PJM 6 8
GEN_SYSTEM GENERAL SYSTEM 3 8
18'system' users do not have a password length of at least 8 chrs.

The following 'ordinary' users have password length below your company standards.

User Len Std
---------------------------------------|------|-----
CXL_JMM J. MOLESON 3 6
CXL_JTH J. HARRY 2 6
DEFAULT GGM DEFAULT 0 6
GEN_PM DEP - P.SMITH 2 6
XGM_DEFAULT XGM DEFAULT BT 0 6
5'ordinary' users do not have a password length of at least 6 chrs.

 

 

 

3 A/C Accounts
Risk
This section reviews the users' accounts for specific problems. Problems may be trivial in themselves but when combined with some of the other problems or facilities available to a user, may become very significant.

3.1 UNA/C Unused accounts
risk
The following accounts have never been used.
Unused accounts represent a security risk, particularly if a default password has been assigned to them, pending a change by the legitimate user.
Someone else may gain access before the real user if the initial password assigned to the account is a standard format (e.g. user's surname).
Actions
Determine whether they are new accounts or the users have just never signed on to them.
results
 Users with unused accounts:

CXL_SYSTEM GENERAL SYSTEM X | DEFAULT GGM DEFAULT
GEN_PM DEP - P.SMITH | GEN_SYSTEM GENERAL SYSTEM
GGM_TRAIN1 TRAINING 1 | XGM_DEFAULT XGM DEFAULT BT
XGM_TRAIN1 TRAINING 1X | YGEN_PM DEP - P.SMITH
ZEN_PM DEP - P.SMITH | ZZN_PM DEP - P.SMITH

10 users.

3.2 NOOWN No owners
risk
A user has not been defined for these accounts.
Any actions performed by these accounts may not be able to be traced back to a particular person.
Actions
Every account should have an owner, someone who is responsible for the actions of whoever signs on with that user-ID. When a problem arises then hopefully the System Manager will be able to question the user. Often, it is not possible to identify a specific terminal or a user-ID and so a name is vital. Some companies also include in this field the telephone extension of the user or their payroll number. These help in both locating a user quickly and identifying a user explicitly.
results
 The following accounts do not have owners.

CXL_AFT | CXL_AGS | CXL_AJL
CXL_BGL | CXL_JMJC | CXL_JNM
CXL_JPJ | CXL_PJM | CXL_PRN
CXL_PS | CXL_RH | GEN_PJM
12 users.

 

 

 

4 SPAC Specific accounts
Risk
In this section we review in detail the accounts of certain standard 'system' users which appear on all similar systems. These include SYSTEM, FIELD and DEFAULT. Each has a purpose and can also be copied to make other accounts with different names but similar properties.
Every hacker knows that these accounts exist and also that some of them are the most powerful on the system. For that reason we have chosen to pay particular attention to them in this section.
Any hacker using a terminal can enter a user name of SYSTEM or FIELD and be almost certain that there is an account on the system with that name. They then only have to determine the password which should be a difficult job.
However, if these accounts are DISUSERED then even with the correct password he could not enter the system.
Full details are given for each account followed by a list of identified problems.
If these accounts are not shown in the following pages, they were not found in your SYSUAF file and this is unusual and needs investigating.

4.1 AC-SYSTEM SYSTEM Account
risk
This is the main Systems Manager account. His own account can be used to re-establish it when needed.
Actions carried out by the SYSMAN account could have been performed by every person who knows the password.
Actions
The system manager should produce his own NAMED account which is used for day-to-day work and reserve this account for special occasions.
Most managers can work perfectly well with an account which has SYSPRV and they should disuser this account.
results
 System   SYSTEM MANAGER 

UIC:1,4
Password length: 8 Password lifetime: Never expires
Password last changed: 62 days.
Account expiry: None
Last interactive login: 62 days. Last non-interactive login: 60 days.
Connections: None.

Privileges:
Mount Netmbx Tmpmbx Group Grpprv Acnt Allspool Exquota Grpnam Prmceb
Prmmbx Shmem Altpri Oper Pswapm Security Syslck World Diagnose Volpro
Bypass Cmexec Cmkrnl Detach Log_IO Pfnmap Phy_IO Readall Setprv Share
Sysnam Sysprv

Flags:
Dispwddic

4.2 AC-FIELD FIELD Account
risk
The FIELD account is used by service engineers when they call to do routine maintenance or in an emergency.
Since most systems have this account a hacker will try to guess this password and if they succeed, will have full control of your system. If it is DISUSERED then even guessing the password will not permit access. Try to ensure that the password has not been left as FIELD.
Actions
This account should be left as DISUSERed until the engineer calls.
results
 Field   FIELD 

UIC:100,0
Password length: 6 Password lifetime: 30 days.
Password last changed: 48 days.
Account expiry: 7 days.
Last interactive login: Never Last non-interactive login: 43 days.
Connections: None.

Privileges:
Netmbx Tmpmbx Group Grpnam Prmceb Prmmbx Altpri Oper Security World Volpro
Bypass Cmkrnl Log_IO Phy_IO Readall Setprv Sysnam Sysprv

Flags:
Dispwddic

4.3 AC-DEFAULT DEFAULT Account
risk
This account is often used as a template to create new users from. Instead of having to define all the settings for a user, this account is used as a basis and then copied and modified slightly to create a new user account.
The privileges on this account could be increased thus affecting all users subsequently created.
Actions
This account should be set up to have the minimum privileges available to a normal user (probably just TMPMBX).
results
 Default   GGM DEFAULT 

UIC:100,30
Password length: 0 Password lifetime: Never expires
Password last changed:Pre-expired
Account expiry: None
Last interactive login: Never Last non-interactive login: Never
Connections: None.

Privileges:
Netmbx Tmpmbx Group Grpnam

Flags:
Captive Dismail Restricted Dispwddic Disctly

 

 

 

5 LOGINS Logins
Risk
This section details how users connect to the system.

5.1 LINOI Non-interactive Logins
risk
NON-INTERACTIVE Logins require no input from the user during the login, even though LOGINOUT still runs. These logins can be made by typing the SPAWN command or by using DECNET between network nodes.
A SUBPROCESS login occurs when a user types the DCL command RUN with any qualifiers other than /DEBUG, /DETACH or /UIC, the DCL command SPAWN, or runs a program which contains either the system routine LIB$SPAWN or $CREPRC. A SUBPROCESS login is always non-interactive.
Actions
Most normal application users will not need to login non-interactively. Examines the users shown below and decide if they have appropriate access to the system.
results
 The following users have logged in non-interactively:

CXL_PM | FIELD
2 users.

5.2 LIBOT Both types of login
risk
Users generally login either interactively or non-interactively. It is usually only IT staff who use both methods.
Actions
We would suggest that you review the users shown below and ensure that they are all legitimate IT users.
results
 The following users have logged in interactively AND non-interactively:

CXL_JMJC | CXL_MC | CXL_RT
GEN_MC | SYSTEM
5 users.

5.3 LIINT Interactive logins
risk
With INTERACTIVE Logins there is some communication between the program LOGINOUT.EXE and the user. The user provides LOGINOUT with responses to the 'Username' and 'Password' prompts, and, depending on the answers received, LOGINOUT will either grant or deny access to VMS.
Actions
This is not a high-risk issue and most users will have interactive logins. It is shown here for completeness.
results
 Of the 62 users, 44 have logged in interactively (ie from a terminal).
This is perfectly normal but we would suggest that you review the
non-interactive users too.

5.4 LLOGINS Last logins
risk
Shown below are when users last logged in by any means. If the system is actively in use then most should have done so in the last 30 days. Those accounts which have not logged in for several months may no longer be needed and should be deleted by first issuing a written warning to the user.
Lots of unused accounts may indicate that when users are leaving or moving jobs, no one is informing the IT department or User Administration department.
Users who have left the company could still gain unauthorised access.
Actions
A 'leavers procedure' should be established and anyone leaving the company should have their account deleted IMMEDIATELY.
Review any accounts older than 60 days.
results
 You consider 'old' accounts to be those which have not been used for more
than 90 days for ordinary users and 90 days for 'system' users.
This review showed that there were 0 such accounts.

We suggest that you consider designating 'old' accounts to be those which
have not been used for more than 60 days.

Distribution of last logins.
----------------------------

Users who have never logged in.

Last login between 151 and 300 days.
CXL_JPC J.P.CROMPTON 255

Last login between 61 and 90 days.
CXL_AGS 64
CXL_BG DEP - B.GOLDS 70
CXL_BPB B.P.BROWN 64
CXL_JC IBM - J.COOPER 63
CXL_MC DEP - M.COOL 68
CXL_MNH M.N.HUNTER 70
GEN_MC DEP - M.COLLINS 68

Last login between 31 and 60 days.
CXL_AFT 43
CXL_AJL 53
CXL_BGL 46
CXL_JHM J.H.MARTIN 43
CXL_JLP J. PETERS 43
CXL_JMH J. HOWELL 43
CXL_JMI J. IVY 46
CXL_JMJC 43
CXL_JML J. LEADBETTER 56
CXL_JMM J. MOLESON 43
CXL_JMN J. NORTON 46
CXL_JMS J. SMITH 43
CXL_JNM 48
CXL_JO J.OXSHOT 43
CXL_JPJ 46
CXL_JPL J. LENT 43
CXL_JRD J. ROVER 43
CXL_JS J.SMILEY 46
CXL_JTH J. HARRY 50
CXL_MDM M.D.MANTA 43
CXL_MEZ M.E.ZENT 43
CXL_MJC M.J.COLLINS 43
CXL_MKB M.K.BROWN 43
CXL_MLW M.WEBSTER 43
CXL_NH N.HOWELL 43
CXL_NJM N.J.MILTON 43
CXL_PAC P.A.CHIN 47
CXL_PJM 43
CXL_PJR FX2 - P.J.ROYCE 43
CXL_PM FX1 - P.MOON 43
CXL_PRN 43
CXL_PRT TNT_OPER2 43
CXL_PS 43
CXL_PT P.TELLY 43
CXL_RET R.TAYLOR 43
CXL_RH 43
CXL_RT R.TULL 43
FIELD FIELD 43
GEN_PJM 43
SYSTEM SYSTEM MANAGER 60

5.5 LIFAIL Login failures
risk
A high number of login failure attempts indicates that:
o you have a forgetful user
o a process is trying to connect unsuccessfully
o the account is under attack from someone guessing passwords
Actions
You may care to discuss a sample of these with the users concerned.
A very high number of failures may indicate a failing program or batch job.
Remember, an account with NO login failures may mean a hacker has succeeded.
results
 The following users have had login failures:

User-ID Owner Fails Last used
-----------------------------------------------------------
CXL_AGS 12 64
CXL_BPB B.P.BROWN 3 64
CXL_JMH J. HOWELL 126 43
CXL_JMJC 30 43
CXL_MC DEP - M.COOL 9 68
CXL_PJM 100 43
CXL_RT R.TULL 6 43
CXL_SYSTEM GENERAL SYSTEM X 20 Never
GEN_MC DEP - M.COLLINS 9 68
GEN_PJM 100 43
GEN_PM DEP - P.SMITH 17 Never
GEN_SYSTEM GENERAL SYSTEM 20 Never
YGEN_PM DEP - P.SMITH 22 Never
ZEN_PM DEP - P.SMITH 22 Never
ZZN_PM DEP - P.SMITH 22 Never

5.6 DEFDIR Default Directories
risk
Default directories are the initial storage areas assigned to users.
Where people share directories they will also share data and the idea of accountability is destroyed.
Actions
Ensure that users do not share default directories.
results
 The following users do no have a default directory set:
CXL_JHM J.H.MARTIN
CXL_JMJC
CXL_MC DEP - M.COOL
CXL_PJR FX2 - P.J.ROYCE
GEN_MC DEP - M.COLLINS

5 users.

5.7 CLI CLI
risk
The Command Line Interpreter (CLI) is used to enter commands directly to the system. It is a standard product but others can be specified.
This is a standard product which is well known and any other CLI may behave in an unpredictable manner. It may even have malicious purposes.
Actions
The CLI specified in user records should be the standard one supplied with the system.
results
 41 accounts use the standard CLI called DCL and 21 accounts do not.

CLI = DCL2
CXL_AJL

CLI = DCL2
CXL_JLP J. PETERS

CLI = No CLI
CXL_JMH J. HOWELL

CLI = No CLI
CXL_JO J.OXSHOT

CLI = No CLI
CXL_JPJ

CLI = DCLX
CXL_MC DEP - M.COOL

CLI = DCL2
CXL_MJC M.J.COLLINS

CLI = DCL2
CXL_MKB M.K.BROWN

CLI = DCL2
CXL_MNH M.N.HUNTER

CLI = DCL2
CXL_NH N.HOWELL

CLI = DCL2
CXL_NJM N.J.MILTON

CLI = DCLY
CXL_PJM

CLI = No CLI
DEFAULT GGM DEFAULT

CLI = DCLX
GEN_MC DEP - M.COLLINS

CLI = DCLY
GEN_PJM

CLI = DCL2
GGM_TRAIN1 TRAINING 1

CLI = No CLI
XGM_DEFAULT XGM DEFAULT BT

CLI = DCL2
XGM_TRAIN1 TRAINING 1X

CLI = DCL3
YGEN_PM DEP - P.SMITH

CLI = DCL3
ZEN_PM DEP - P.SMITH

CLI = DCL3
ZZN_PM DEP - P.SMITH

5.8 LGICMD LGICMD
risk
LGICMD is the name of a special file which is executed whenever a user gains access to the system.
A malicious user with access to another user's User File Directory (UFD) could copy another LOGIN.COM which contained a time-bomb or Trojan horse.
Actions
It is best if these files are not called LOGIN or LOGIN.COM. A user without a LGICMD file is in a similar position.
results
 The following users have bad LGICMDs:


CXL_AGS LOGIN.COM
CXL_BGL No LGICMD
CXL_JC IBM - J.COOPER No LGICMD
CXL_JNM No LGICMD
CXL_JPC J.P.CROMPTON No LGICMD
CXL_JS J.SMILEY No LGICMD
CXL_MC DEP - M.COOL LOGIN
FIELD FIELD No LGICMD
GEN_MC DEP - M.COLLINS LOGIN
GGM_TRAIN1 TRAINING 1 No LGICMD
SYSTEM SYSTEM MANAGER LOGIN
XGM_TRAIN1 TRAINING 1X No LGICMD

5.9 NCAPTIVE Non-Captive
risk
An account which is CAPTIVE cannot gain access to the operating system and so cannot use DCL commands directly.
Access to the command line could let a user do serious damage to the system.
Actions
Most users should be CAPTIVE and you ought to investigate those listed below. They may be system accounts or development staff but you should satisfy yourself that each one HAS to be non-CAPTIVE.
A CAPTIVE user will normally run an application program and then will be logged out when they are finished. Even when a user is CAPTIVE them may still modify files using an application such as a WP or spreadsheet so make sure you know which applications CAPTIVE users can run.
results
 Accounts which are not captive:


CXL_AJL | CXL_BPB B.P.BROWN
CXL_MC DEP - M.COOL | CXL_PJM
CXL_SYSTEM GENERAL SYSTEM X | FIELD FIELD
GEN_MC DEP - M.COLLINS | GEN_PJM
GEN_SYSTEM GENERAL SYSTEM | SYSTEM SYSTEM MANAGER

 

 

 

6 UICS UICs
Risk
User Identification Codes (UICs) determine a users rights on the system.

6.1 SHUICS Shared UICs
risk
These accounts share User Identification Codes (UICs).
Users who have a common UIC will have access to each others data and the file protection scheme may not work as intended.
Actions
Ensure that all users have unique UICs.
results
 The same UICs are shared by the following users:

UIC 100,10:-
CXL_AFT CXL_AJL CXL_BG CXL_BGL
CXL_BPB CXL_JC CXL_JHM CXL_JLP
CXL_JMH CXL_JMI CXL_JML CXL_JMM
CXL_JMS CXL_JNM CXL_JO CXL_JPC
CXL_JRD CXL_JS CXL_JTH GEN_PM
YGEN_PM ZEN_PM ZZN_PM

UIC ?,?:-
CXL_AGS CXL_JMN

UIC 7,10:-
CXL_JMJC CXL_MC

UIC 1,10:-
CXL_JPJ CXL_NJM

UIC 2,10:-
CXL_JPL CXL_PRN CXL_RT GEN_MC

UIC 200,10:-
CXL_MDM CXL_MEZ CXL_MJC CXL_MKB
CXL_MLW CXL_MNH CXL_NH CXL_PAC
CXL_PJR CXL_PM CXL_PRT CXL_PS
CXL_PT CXL_RET CXL_RH

UIC 5,0:-
CXL_PJM GEN_PJM

UIC 100,30:-
DEFAULT GGM_TRAIN1 XGM_DEFAULT XGM_TRAIN1

6.2 LOWUICS Low value UICs
risk
These accounts all have low group numbers in their UIC. The UIC is in the format [group,member]. Usually, group numbers of 10 (octal) and less fall into the category of SYSTEM and effectively are the same as users with SYSPRV.
These users thus have the potential to completely control the system. Only operators and system managers should have these UICs.
Actions
Examine users with low UICs and ensure that these are appropriate.
results
 The following users have system UICs:

CXL_JMJC [7,10]
CXL_JPJ [1,10]
CXL_JPL J. LENT [2,10]
CXL_MC DEP - M.COOL [7,10]
CXL_NJM N.J.MILTON [1,10]
CXL_PJM [5,0]
CXL_PRN [2,10]
CXL_RT R.TULL [2,10]
CXL_SYSTEM GENERAL SYSTEM X [3,0]
GEN_MC DEP - M.COLLINS [2,10]
GEN_PJM [5,0]
GEN_SYSTEM GENERAL SYSTEM [7,0]
SYSTEM SYSTEM MANAGER [1,4]
13 users have system UICs.

 

 

 

7 SYSSET System settings
Risk
This section looks at system settings.

7.1 UNLCPU Unlimited cpu
risk
These users do not have their CPU time restricted.
A user performing an unusual task can 'grab' most of the CPU time and make the performance of the system become unusable for everyone else.
Actions
Every user should have some form of CPU limit set. This is often felt to be difficult to do by System Managers but with careful monitoring of the systems, a reasonable limit can be established.
A good starting point might be 10 hours and work down from there.
results
 No users have unlimited CPU usage.

7.2 PRCLM PRCLM
risk
This is the AUTHORIZE qualifier /PRCLM sub process limit. Users can spawn programs from a restricted account.
Actions
This should be set to 0 to prevent a user from spawning out of a restricted account.
Also ensure that the SYSGEN parameter, PQL_MPRCLM the minimum sub process limit, is set to 0.
results
 The following users do not have PRCLM set to zero.

ALL users have a PRCLM limit set to zero.

7.3 MXDETACH Max Detached
risk
A DETACHED login occurs when a user enters either the DCL command:
$ RUN/DETACH or $ RUN/UIC=.......
This creates a separate job running on the system. These jobs can have their own quotas and limits without sharing other resources like CPU time and can continue to exist after the original process has stopped.
Actions
Unless a user has a very good reason to create a detached process it is important to limit them by NOT allowing them to create detached processes unless they have a very good reason for doing so.
Users should therefore have a MAXDETACH limit of 'None'.
This is not the same as 0. A MAXDETACH value of 0 (zero) permits UNLIMITED detached processes to be created which could totally disrupt your system. No privilege is required to create detached processes under a user's own UIC, but with DETACH privilege a user is allowed to create processes under ANY UIC (including System UICs).
You may find that some programs will not run without a MAXDETACH of zero. This is due to lazy programming and should be discussed appropriately.
results
 The following users have a MAXIMUM DETACHED limit NOT set to NONE.

More than 94% of users (58) have a MAXIMUM DETACHED limit NOT set to NONE.

 

 

 

8 FLAGS Flags
Risk
Flags are used to set a variety of user facilities. They can be turned on or off either by the system manager or the system itself.

8.1 CAPTIVE Captive
risk
A CAPTIVE account limits the activities of the users and denies the user access to the DCL command level. Any attempt to get to DCL will result in the user being logged out (e.g. pressing Control-Y). The user cannot specify any account qualifiers when logging in such as /NOCOMMAND or /DISK.
Test accounts which are not set to CAPTIVE with the following:
Ask the user to logon as normal but with their user name, add /NOCOMMAND
Username: MyUserID/NOCOMMAND
Password: --------
The user may then get to VMS and be able to look around, delete files etc.
Actions
We STRONGLY recommend that this flag is used on every user account possible and certainly on any account where a user simply runs an application and is then logged out (i.e. most normal users).
results
 More than 84% of all users (52) have this flag set.

8.2 DISWELCOME Diswelcome
risk
This will disable the display of the welcome message as a user logs onto the system.
Actions
Do not use this flag on most users.
results
 No accounts have this flag set.

8.3 DISNEWMAIL Disnewmail
risk
This flag prevents users receiving notification that they have received new mail since the last time they logged in. We do not believe that this has any security significance.
Actions
House-keeping only
results
 No accounts have this flag set.

8.4 DISMAIL Flag - Dismail
risk
This will prevent a user from using the VMS MAIL facility. If MAIL is not required, then disable it with this flag. Mail can be used to send programs to other users which may have undesirable consequences.
Actions
Dismail should be applied to all users who do NOT require mail.
Use this flag on most users.
results
 CXL_MC          | DEFAULT         | GEN_MC          | XGM_DEFAULT
6% of all users (4) have this flag set.

8.5 GENPWD Flag - Genpwd
risk
The automatic password generator is used on these accounts. This creates random passwords which are hard to remember and experience has shown that users tend to write these down more than passwords they freely select.
Actions
Use this facility only in the most secure environments.
Do not use this flag on most users.
results
 No accounts have this flag set.

8.6 DISIMAGE Flag - Disimage
risk
The DISIMAGE flag prevents users using the MCR or RUN commands to execute system or user-written images.
Since DISIMAGE is enforced by DCL you must ensure that the account only has access to the DCL CLI.
Use this with the DEFCLI command or within a restricted account.
Actions
Use this flag on most users.
results
 No accounts have this flag set.

8.7 DISRECONNECT Flag - Disreconnect
risk
Virtual terminals allow users to maintain more than one disconnected process at a time.
Actions
Restrict the use of virtual terminals and this can be done at the user level with this flag.
Use this flag on most users.
results
 No accounts have this flag set.

8.8 DISREPORT Flag - Disreport
risk
Setting this flag disables reporting of information concerning last logins and the number of login failures.
Actions
Do not use this flag on most users.
results
 No accounts have this flag set.

8.9 DISUSER Flag - Disuser
risk
Accounts which are DISUSERed cannot be logged into and are effectively disabled until this flag is reset.
Seldom used accounts should be DISUSERed such as FIELD or SYSTEST.
Actions
Examine the accounts below and see if they can now be disabled.
Do not use this flag on most users.
results
 CXL_MC          | CXL_SYSTEM      | GEN_MC          | GEN_SYSTEM
GGM_TRAIN1 | XGM_TRAIN1
10% of all users (6) have this flag set.

8.10 LOCKPWD Flag - Lockpwd
risk
This flag makes the changing of passwords only possible by the system administrator.
Actions
Investigate users who have this set.
Do not use this flag on most users.
results
 CXL_MC          | CXL_SYSTEM      | GEN_MC          | GEN_SYSTEM
6% of all users (4) have this flag set.

8.11 PWD_EXPIRED Flag - Pwd_expired
risk
The user with this flag set has an expired password and the user has failed on their last chance to change the password.
These accounts are disabled for logins.
Actions
Decide if the accounts are still needed.
Do not use this flag on most users.
results
 No accounts have this flag set.

8.12 RESTRICTED Flag - Restricted
risk
Certain accounts require a less restricted environment than CAPTIVE accounts. Accounts used for network objects require temporary access to DCL.
Such accounts must be set up as RESTRICTED and not CAPTIVE.
RESTRICTED accounts allow the user access to DCL following the execution of the system and process login command procedures.
Actions
Use this flag on most users.
results
 More than 76% of all users (47) have this flag set.

8.13 DISPWDDIC Flag - Dispwddic
risk
This facility disables the password dictionary facility which checks to see if a users password is in a list of standard (and easy to guess) words.
Actions
Try not to use this flag - the password dictionary is a useful facility.
Add variations of your company name to the dictionary as well as the local sports team's name and the words PASSWORD and SECRET.
Use this flag on most users.
results
 More than 98% of all users (61) have this flag set.

8.14 DEFCLI Flag - Defcli
risk
This flag prevents a user using another CLI, other than DCL when logging in.
Actions
Use this flag on most users.
results
 No accounts have this flag set.

8.15 DISCTLY Flag - Disctly
risk
This is designed to prevent users pressing Control-Y keys and dropping out of the application to DCL.
Actions
Use this on all accounts which are not marked as captive and do not need access to VMS.
Use this flag on most users.
results
 More than 77% of all users (48) have this flag set.

8.16 AUDIT Flag - Audit
risk
Enables or disables the security auditing of all operations of a user that can be audited.
Actions
This can cause serious performance problems and should be used carefully.
Do not use this flag on most users.
results
 CXL_AFT         | CXL_MLW
3% of all users (2) have this flag set.

8.17 AUTOLOGIN Flag - AutoLogin
risk
This flag restricts the user to using the autologin mechanism to log in to an account.
When this is set the user cannot login at any terminal that requires user-ID and password.
Actions
Do not use this flag on most users.
results
 No accounts have this flag set.

8.18 DISFORCE_PWD_CHANGE Flag - Disforce_pwd_change
risk
This removes the need for a user to change an expired password when they login.
We would not recommend the use of this flag.
Actions
Do not use this flag on most users.
results
 No accounts have this flag set.

8.19 DISPWDHIS Flag - Dispwdhis
risk
This flag disables the checking of user's passwords against a history file of their old ones.
Check user's password history is a useful security facility which should be applied whenever possible.
It is designed to prevent a user flipping between just two passwords.
Actions
Do not use this flag on most users.
results
 No accounts have this flag set.

8.20 PWD2_EXPIRED Flag - Pwd2_Expired
risk
This flag, when set, will mark the secondary password as expired and thus force the user to change it when they log in.
Actions
It may be excessive in many businesses to have a secondary password.
Do not use this flag on most users.
results
 CXL_AFT         | CXL_NJM
5% of all users (3) have this flag set.

8.21 EXTAUTH Flag - External authentication
risk
External authentication allows users to log in at the OpenVMS login prompt using their external user IDs and passwords.
The system considers users to be authenticated by their external user name and password, not by the SYSUAF user name and password.
The system still uses the SYSUAF record to check a user's login restrictions and quotas and to create the user's process profile.
For example, a user may be authenticated under Windows NT and then be allowed on to the system. PATHWORKS and Advanced Server for OpenVMS authentication modules are supported as external authenticators, providing NT-compatible authentication of OpenVMS users.
Actions
Use this flag only where necessary.
results
 No accounts have this flag set.

8.22 VMSAUTH Flag - VMSauth
risk
Allows account to use standard (SYSUAF) authentication when the EXTAUTH flag would otherwise require external authentication. This depends on the application. An application specifies the VMS domain of interpretation when calling SYS$ACM to request standard VMS authentication for a user account that normally uses external authentication
Actions
Use this flag only where necessary.
results
 No accounts have this flag set.

8.23 PWDMIX Flag - PwdMix
risk
Enables case-sensitive and extended-character passwords.
After PWDMIX is specified, you can use mixed-case and extended characters in passwords.
Be aware that before the PWDMIX flag is enabled, the system stores passwords in all upper-case. Therefore, until you change passwords, you must enter your pre-PWDMIX passwords in upper-case.
Actions
All users should have this flag set.
results
 CXL_JO          | ZZN_PM
3% of all users (2) have this flag set.

8.24 DISPWDSYNCH Flag - DisPwdSynch
risk
Suppresses synchronization of the external password for this account.
Actions
Set as necessary.
results
 CXL_JHM         | CXL_MLW         | ZEN_PM
5% of all users (3) have this flag set.

 

 

 

9 LEVELS Levels
Risk
The privileges assigned to users have been graded by HP into 7 levels
(0 to 6) as follows:
0 None - No privileges.
1 Normal - Minimum privileges to effectively use the system.
2 Group - Potential to interfere with members of the same group.
3 Devour - Potential to consume non-critical system wide resources.
4 System - Potential to interfere with normal system operation.
5 Files - Potential to compromise file security.
6 All - Potential to control the system.
This grading is based on the potential damage that the user can cause to the system.
Each privilege has been divided as follows:
0 None None
1 Normal MOUNT NETMBX TMPMBX
2 Group GROUP GRPPRV
3 Devour ACNT ALLSPOOL BUGCHK EXQUOTA GRPNAM PRMCEB PRMGBL PRMMBX SHMEM
4 System ALTPRI OPER PSWAPM WORLD SECURITY SYSLCK
5 Files DIAGNOSE SYSGBL VOLPRO
6 All BYPASS CMEXEC CMKRNL DETACH LOG_IO PFNMAP PHY_IO
READALL SETPRV SHARE SYSNAM SYSPRV IMPERSONATE
The most damaging privileges are those, at or above level 4. It should be borne in mind that anyone who can modify the privileges through the use of the AUTHORIZE program can give themselves privileges of the highest level. They can also create users with these privileges and access these accounts whenever they like.
If the person granting these privileges does not know 100% what a privilege does, it should not be granted to any user. Most users should be at or below level 3 and generally only level 1 privileges are needed to run most normal applications. Query all level 4 to 6 users. They all have high level access to your system.

9.1 LEVELS4-6 Levels 4 to 6
risk
The privileges assigned to users have been graded by HP into 7 levels. The most critical are levels 4 to 6.
Actions
Examine each user at their associated level and ensure that they have the correct level for their job.
Ensure that ordinary application users are in levels 0 to 2 (ie not show in the list below)
Ensure computer operators are at levels 0 to 4
results
 Users with level 4 accounts.
----------------------------
CXL_AJL | CXL_PRN | CXL_PRT | CXL_SYSTEM

There are 4 users at this level.

Users with level 5 accounts.
----------------------------

No users at this level.

Users with level 6 accounts.
----------------------------
CXL_BPB | CXL_JML | CXL_MC | CXL_MKB
CXL_PJM | FIELD | GEN_MC | GEN_PJM
GEN_SYSTEM | SYSTEM

There are 10 users at this level.

 

 

 

10 PRIVS Privileges
Risk
Privileges restrict the use of certain system functions to processes created on behalf of authorized users.
Some system activities are limited by a users' privileges. These are used to ensure the integrity of the system and the data it holds. Privileges should only be granted to users for two reasons:
o The user actually needs it.
o The user has the skill to use it without disrupting the system.
A user's privileges are recorded in their user record and show both the authorised and the default privileges.
Some users might need a particular program to run with certain privileges. This can be achieved WITHOUT giving the privilege to the user by using the VMS Install Utility to give the privilege to the program and then putting an ACL on the executable image.
Users would effectively possess the privilege only when they are actually executing the image. (Note - All images installed with privilege must be linked with the /NOTRACEBACK qualifier to prevent on-line bugging and traceback.)

10.1 ACNT Privilege - Acnt
risk
A user who has ACNT privilege can create sub processes or detached processes in which accounting is disabled. Thus, only such a privileged user can enter the DCL command RUN with the /NOACCOUNTING qualifier or inhibit accounting in the Create Process ($CREPRC) system service.
Actions
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.2 ALLSPOOL Privilege - Allspool
risk
The ALLSPOOL privilege allows the user to allocate a spooled device by executing the Allocate Device ($ALLOC) system service or by using the DCL command ALLOCATE.
Actions
This privilege should only be granted to users who need to perform logical or physical I/O operations to a spooled device.
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.3 ALTPRI Privilege - Altpri
risk
The ALTPRI privilege allows a user to:
o Increase their own base priority.
o Set the base priority of another process to a value higher than
that of the target process.
Actions
This privilege should not be granted widely. If unqualified users have the unrestricted ability to set base priorities, fair and orderly scheduling of processes for execution can easily be disrupted.
Do not give this privilege to most users.
results
 FIELD           | SYSTEM

3% of users (2) have this privilege.

10.4 BUGCHK Privilege - BugChk
risk
The use of BUGCHK privilege should be restricted to supplied system software that uses the VMS Bugcheck Facility. The privilege allows the user to make bugcheck error log entries.
Actions
Do not give this privilege to most users.
results
 No users have this privilege.

10.5 BYPASS Privilege - ByPass
risk
The BYPASS privilege allows a user to have read, write, execute and delete access to all files, bypassing any restrictions, either UIC or ACL based.
Actions
Grant this with extreme caution, as it overrides all file protection. It should be reserved for use by either well-tested, reliable programs and command procedures or system backup operation. SYSPRV is acceptable for interactive use, as it ultimately grants access to all files while still providing access checks.
Do not give this privilege to most users.
results
 CXL_MKB         | CXL_PJM         | FIELD           | GEN_PJM
SYSTEM

8% of users (5) have this privilege.

10.6 CMEXEC Privilege - Cmexec
risk
The CMEXEC privilege allows the user to execute the Change Mode to Executive ($CMEXEC) system service.
Grant this privilege only to users who need to gain access to protected and sensitive data structures and internal functions of the operating system.
Actions
If unqualified users have unrestricted access to sensitive data structures and functions, the operating system and service to other users can be easily disrupted. Such disruptions can include failure of the system, destruction of the database and exposure of confidential information.
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.7 CMKRNL Privilege - Cmkrnl
risk
The CMKRNL privilege allows the user to execute the Change Mode to Kernel ($CMKRNL) system service.
Actions
This should only be granted to users who need to execute privileged instructions or who need to gain access to the most protected or sensitive data structures and functions of the operating system.
Unqualified use can result in disruption of the operating system, destruction of the database and exposure of confidential information.
Subjects holding CMKRNL can use the DCL command $ SET UIC [3,7] and thereby collect a System UIC.
Do not give this privilege to most users.
results
 FIELD           | SYSTEM

3% of users (2) have this privilege.

10.8 DETACH Privilege - Detach
risk
Users with DETACH privilege can create detached processes that have their own UIC without the DETACH privilege, provided the users do not exceed their MAXJOBS and MAXDETACH quotas. However, the DETACH privilege becomes valuable when a user wants to specify a different UIC for the detached process. There is no restriction on the UIC that can be specified for a detached process if you have the DETACH privilege. Thus, there are no restrictions on the files and directories to which a detached process can gain access. DETACH allows the user to crease detached processes. These processes remain in existence even after the user who has logged off the system. An example of a detached process is the process created by the system for a user when the user logs in to the system.
Actions
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.9 DIAGNOSE Privilege - Diagnose
risk
The DIAGNOSE privilege allows the user to run on-line diagnostic programs and to intercept and copy all messages written to the error log file.
Actions
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.10 EXQUOTA Privilege - Exquota
risk
The EXQUOTA privilege allows the space taken by the user's files on given disk volumes to exceed any usage quotas set for the user (as determined by the UIC) of those volumes.
Actions
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.11 GROUP Privilege - Group
risk
The GROUP privilege allows the user to affect other processes in its own group by executing the following process control system services:
Suspend Process ($SUSPND) Resume Process ($RESUME)
Delete Process ($DELPRC) Set Priority ($SETPRI)
Wake ($WAKE) Schedule Wakeup ($SCHDWK)
Cancel Wakeup ($CANWAK) Force Exit ($FORCEX)
The user is also allowed to examine other processes in its own group by executing the Get Job/Process Information ($GETJPI) system service. A user process with GROUP privilege can issue the SET PROCESS command for other processes in its group.
GROUP privilege is not needed for a user to exercise control over, or to examine, sub processes that they created or other detached processes of their UIC. You should, however, grant this privilege to users who need to exercise control over the processes and operations of other members of their UIC group.
Actions
Do not give this privilege to most users.
results
 All users have this privilege.

10.12 GRPNAM Privilege - Grpnam
risk
The GRPNAM privilege allows a user to insert and delete names to and from the logical name table of the group to which the user belongs.
In addition, the privileged user can use the DCL commands ASSIGN and DEFINE to add names to the group logical name table, the DCL command DEASSIGN to delete names from the table, and the /GROUP qualifier of the DCL command MOUNT to share volumes among group members.
Actions
Do not grant this privilege to all users of the system because it allows the user to create an unlimited number of group logical names. When unqualified users have the unrestricted ability to create group logical names, excessive use of system dynamic memory can degrade system performance. In addition, a user with the GRPNAM privilege can interfere with the activities of other users in the same group by creating definitions of commonly used logical names such as SYS$SYSTEM.
Do not give this privilege to most users.
results
 All users have this privilege.

10.13 GRPPRV Privilege - Grpprv
risk
The GRPPRV privilege allows a user access to a file using the file's SYSTEM protection field when the user's group matches the group of the file owner.
GRPPRV also allows a user to change the protection of any file whose owner group matches the user's group. This privilege also allows a user to change the ownership of objects within the user's group.
Actions
Grant this privilege only to users who function as group managers. Note that if any member of a group holds any of the privileges in the 'ALL' category, then any other member of that group who holds GRPPRV privilege can gain control of the system by indirectly acquiring that privilege. A user with GRPPRV privilege, whose UIC group matches an object's owner group, will receive access in the SYSTEM category.
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.14 LOGIO Privilege - LogIO
risk
The LOG_IO privilege allows the user to execute the QUEUE I/O REQUEST system service to perform logical-level I/O operations. LOG_IO privilege is also required for certain device control functions, such as setting permanent terminal characteristics.
Actions
Grant this privilege only to users who need it since it allows them to access data anywhere on a volume without worrying about any file structure. If this privilege is given to users who have no need for it, the operating system and service to other users can be easily disrupted. Such disruptions can include the destruction of information on the system device, the destruction of user data, and the exposure of confidential information.
Do not give this privilege to most users.
results
 FIELD           | SYSTEM

3% of users (2) have this privilege.

10.15 MOUNT Privilege - Mount
risk
The MOUNT privilege allows a user to execute the mount volume QIO function.
Actions
Restrict the use of this function to system software supplied by DEC.
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.16 NETMBX Privilege - Netmbx
risk
The NETMBX privilege allows the user to perform functions related to a DECNET computer network. The privilege is granted to all general users who need to access the network. However, if they have NETMBX then they can MAIL and PHONE across the network, as well as doing SET HOST.
Actions
Give this privilege to most users.
results
 All users have this privilege.

10.17 OPER Privilege - Oper
risk
The OPER privilege allows the user to use the Operator Communication Manager (OPCOM) process as follows:
o reply to users requests
o broadcast messages to all terminals logged in
o designate terminals as operators terminals
o initialise and control the log file of operators' messages
o set spooled devices
o control queues
Actions
Grant this privilege ONLY to the operators of the system. A user with this privilege is able to obtain full access to the whole system.
Do not give this privilege to most users.
results
 CXL_AJL         | CXL_MC          | CXL_MKB         | CXL_PJM
CXL_PRN | CXL_PRT | CXL_SYSTEM | FIELD
GEN_MC | GEN_PJM | GEN_SYSTEM | SYSTEM

19% of users (12) have this privilege.

10.18 PFNMAP Privilege - Pfnmap
risk
The PFNMAP privilege allows the user to map to specific pages of physical memory or I/O device registers, no matter who is using the pages or registers.
Actions
If used by unqualified users, the operating system and service to others can easily be disrupted.
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.19 PHYIO Privilege - Phyio
risk
The PHY_IO privilege allows the user to execute the Queue I/O Request ($QIO) system service to perform physical-level I/O operations.
Actions
Grant the PHY_IO privilege only to users who need it; this privilege should be granted even more carefully than the LOG_IO privilege. If this privilege is given to unqualified users who have no need for it, the operating system and service to other users can be easily disrupted. Such disruptions can include the destruction of information on the system device, the destruction of user data, and the exposure of confidential information.
Do not give this privilege to most users.
results
 FIELD           | SYSTEM

3% of users (2) have this privilege.

10.20 PRMCEB Privilege - Prmceb
risk
The PRMCEB privilege allows a user to create or delete a permanent common event flag cluster by executing the Association Common Event Flag Cluster or Delete Common Event Flag Cluster system service. Common event flag clusters enable co-operating processes to communicate with each other and thus provide the means of synchronising their execution.
Actions
Do not grant this privilege to all users of the system because it allows the user to create an unlimited number of permanent common event flag clusters. A permanent cluster remains in the system even after the creating process has been terminated and continues to use up a portion of system dynamic memory. When many users have the unrestricted ability to create permanent common event flag clusters, the excessive use of system dynamic memory can degrade system performance.
Do not give this privilege to most users.
results
 FIELD           | SYSTEM

3% of users (2) have this privilege.

10.21 PRMGBL Privilege - Prmgbl
risk
The PRMGBL privilege allows a user to create permanent global sections by executing the Create and Map Section ($CRMPSC) system service. In addition, the user with this privilege (plus CMKRNL and SYSGBL privileges) can use the VMS Install Utility.
Global sections are shared structures that can be mapped simultaneously in the virtual address space of many processes. All processes see the same code or data. Global sections are used for re-entrant subroutines or data buffers.
If permanent global sections are not explicitly deleted, they tie up space in the global section and global page limited resources.
Actions
Grant this privilege with care.
Do not give this privilege to most users.
results
 No users have this privilege.

10.22 PRMMBX Privilege - Prmmbx
risk
The PRMMBX allows a user to create or delete a permanent mailbox by executing the Create Mailbox and Assign Channel ($CREMBX) system service of the Delete Mailbox ($DELMBX) system service. Mailboxes are buffers in virtual memory that are treated as if they were record-oriented I/O devices. A mailbox is used for general interprocess communication.
Permanent mailboxes are not automatically deleted when the creating processes are deleted and thus continue to use a portion of system dynamic memory.
Actions
Do not give this privilege to most users.
results
 FIELD           | SYSTEM

3% of users (2) have this privilege.

10.23 PSWAPM Privilege - Pswapm
risk
The PSWAPM privilege allows the user's process to control whether it can be swapped out of the balance set by executing the Set Process Swap Mode ($SETSWM) system service. A process must have this privilege to lock itself in the balance set (i.e. to disable swapping), or to unlock itself from the balance set (i.e. to enable swapping).
With this privilege, a process can create a process that is locked in the balance set (process swap mode disabled) by using an optional argument to the Create Process ($CREPRC) system service or, when the DCL command RUN is used to create a process, by using a qualifier of the RUN command.
Grant this privilege only to users who need to lock a process in memory for performance reasons. Typically, this will be a real-time process.
Actions
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.24 READALL Privilege - Readall
risk
The READALL privilege allows the process to bypass existing restrictions that would otherwise prevent the process from reading a file. However, unlike the BYPASS privilege which permits writing a deleting, READALL only permits reading of the file and control operations (such as changing protection and writing the backup date).
Actions
Grant this privilege to operators so they can perform system backups. The implications of this privilege are the same as those for the SYSPRV privilege. A user with READALL privilege receives READ and CONTROL access to an object even if that access is denied by the ACL or UIC-based protection.
Do not give this privilege to most users.
results
 CXL_MC          | FIELD           | GEN_MC          | SYSTEM

6% of users (4) have this privilege.

10.25 PSECY Privilege - Security
risk
SECURITY allows a user to perform security related functions such as disabling of security audits or setting the system password.
Actions
Grant this privilege only to security administrators. Irresponsible users who obtain the privilege can subvert the system's security auditing and can lock out users through improper application of system passwords.
Do not give this privilege to most users.
results
 FIELD           | SYSTEM

3% of users (2) have this privilege.

10.26 SETPRV Privilege - Setprv
risk
The SETPRV privilege allows the user's process to create processes whose privileges are greater than its own by executing the Create Process ($CREPRC) system service with an optional argument, or by issuing the DCL command RUN to create a process. A user with this privilege can also execute the DCL command SET PROCESS/PRIVILEGES to obtain any desired privilege.
Actions
Exercise the same caution in granting SETPRV as in granting any other privilege since SETPRV allows the user to enable any or all privileges.
Do not give this privilege to most users.
results
 FIELD           | SYSTEM

3% of users (2) have this privilege.

10.27 SHARE Privilege - Share
risk
The SHARE privilege allows users to assign channels to devices allocated to other processes.
Actions
Grant this privilege only to system processes such as print symbionts. This privilege would allow an irresponsible user to interfere with the operation of devices belonging to other users.
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.28 SHMEM Privilege - Shmem
risk
The SHMEM privilege allows the user's process to create global sections and mailboxes (permanent and temporary) in multiport memory if the process also has appropriate PRMGBL, PRMMBX, SYSGBL and TMPMBX privilege. Just as in local memory, the space required for a multiport memory temporary mailbox counts against the buffered I/O byte count limit (BYTLM) of the process.
Actions
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.29 SYSGBL Privilege - Sysgbl
risk
The SYSGBL privilege lets a user create system global sections by executing the Create and Map Section ($CRMPSC) system service. In addition, the user with this privilege (plus the CMKRNL and PRMGBL privileges) can use the VMS Install Utility.
Actions
Exercise caution in granting this privilege. System global sections require space in the global section and page tables, which are limited resources.
Do not give this privilege to most users.
results
 No users have this privilege.

10.30 SYSLCK Privilege - Syslck
risk
The SYSLCK privilege allows a user to lock system wide resources with the Enqueue Lock Request ($ENQ) system service. Grant this privilege to users who need to run programs that lock resources in the system wide resource name space.
Actions
Exercise caution in granting this privilege. Users who hold the SYSLCK privilege can interfere with the synchronisation of system software and all other user software as well.
Do not give this privilege to most users.
results
 SYSTEM

2% of users (1) have this privilege.

10.31 SYSNAM Privilege - Sysnam
risk
The SYSNAM privilege allows the user's process to insert and delete names in the system logical name table. This privilege also permits the creation of executive mode logical names. In addition, the user with this privilege can use the DCL commands ASSIGN and DEFINE to add names to the system logical name table, and can use the DEASSIGN command to delete names from the table.
A user with SYSNAM privilege could define such critical system logical names as SYS$SYSTEM AND SYSUAF, thus gaining control of the system.
Actions
Grant this privilege only to the system operators or to system programmers who need to define system logical names (such as names for user devices, library directories, and the system directory).
Do not give this privilege to most users.
results
 FIELD           | SYSTEM

3% of users (2) have this privilege.

10.32 SYSPRV Privilege - Sysprv
risk
The SYSPRV privilege gives users the access rights accorded to users in the SYSTEM category regardless of the group portion of the UIC.
These users have the ability to change user privileges and even create new accounts through the AUTHORIZE program.
Actions
Do not give this privilege to most users.
results
 CXL_BPB         | FIELD           | SYSTEM

5% of users (3) have this privilege.

10.33 TMPMBX Privilege - Tmpmbx
risk
The TMPMBX privilege allows the user to create a temporary mailbox by executing the Create Mailbox and Assign Channel ($CREMBX) system service.
Mailboxes are buffers in memory that are treated as if they were record oriented I/O devices. A mailbox is used for interprocess communication. Grant this privilege to all users of the system to facilitate interprocess communications. System performance is no likely to be degraded by permitting the creation of temporary mailboxes, because their number is controlled by limits on the use of system dynamic memory (BYTLM quota).
Actions
Give this privilege to most users.
results
 All users have this privilege.

10.34 VOLPRO Privilege - Volpro
risk
The VOLPRO privilege allows the user to perform the following tasks:
o initialise a previously used volume with an owner UIC different from the user's own UIC
o override the expiration date on a tape or disk volume owned by another user
o override the owner UIC protection of a volume.
The VOLPRO privilege permits control only over volumes that the user can mount or initialise. Volumes mounted with the /SYSTEM qualifier are safe from the user with the VOLPRO privilege as long as the user does not also have the SYSNAM privilege.
Actions
Exercise extreme caution in granting the VOLPRO privilege. If unqualified users can override volume protection, the operating system and service to others can be disrupted. Such disruptions can include destruction of the database and exposure of confidential information.
Do not give this privilege to most users.
results
 FIELD           | SYSTEM

3% of users (2) have this privilege.

10.35 WORLD Privilege - World
risk
The WORLD privilege allows the user to affect other processes both inside and outside its group by executing the following process control system services:
o Suspend Process ($SUSPND) o Resume Process ($RESUME)
o Delete Process ($DELPRC) o Set Priority ($SETPRI)
o Wake ($WAKE) o Schedule Wakeup ($SCHDWK)
o Cancel Wakeup ($CANWAK) o Force Exist ($FORCEX).
The user is also allowed to examine processes outside their own group. A user with WORLD privilege can issue the SET PROCESS command for all processes.
To exercise control over or examine sub processes that they created a user needs no special privilege. To affect or examine other processes inside its own group, a process needs only the GROUP privilege. To affect or examine processes outside its own group, a process needs the WORLD privilege.
Actions
Do not give this privilege to most users.
results
 FIELD           | SYSTEM

3% of users (2) have this privilege.

10.36 AUDIT Privilege - Audit
risk
This privilege allows programs to add audit records to the security log file. It should only be used with a process and not a user.
It will allow the recording of events which seem to have come from the operating system or another user process.
Actions
Do not give this privilege to most users.
results
 GEN_PJM

2% of users (1) have this privilege.

10.37 DGRADE Privilege - Downgrade
risk
This privilege permits a process to manipulate mandatory access controls and is reserved for use by security products.
Actions
No users should have this privilege.
results
 No users have this privilege.

10.38 PIMPT Privilege - Import
risk
This privilege lets a process change mandatory access controls and will for example let a process mount unlabeled tape volumes. It is reserved for enhanced security products.
Actions
No users should have this privilege.
results
 No users have this privilege.

10.39 UGRADE Privilege - Upgrade
risk
This privilege permits a process to manipulate mandatory access controls and is reserved for use by security products. No users should have this privilege.
Actions
No users should have this privilege.
results
 No users have this privilege.

10.40 IPNATE Privilege - Impersonate
risk
This privilege is a replacement for the DETACH privilege.
Users with IMPERSONATE privilege can create detached processes that have their own UIC without the IMPERSONATE privilege, provided the users do not exceed their MAXJOBS and MAXDETACH quotas. However, the IMPERSONATE privilege becomes valuable when a user wants to specify a different UIC for the detached process.
There is no restriction on the UIC that can be specified for a detached process if you have the IMPERSONATE privilege. Thus, there are no restrictions on the files and directories to which a detached process can gain access. IMPERSONATE allows the user to crease detached processes. These processes remain in existence
even after the user who has logged off the system. An example of a detached process is the process created by the system for a user when the user logs in to the system.
Actions
Do not give this privilege to most users.
results
 CXL_JML         | CXL_MC          | GEN_SYSTEM

5% of users (3) have this privilege.

10.41 OVERALL Flags/Privilege - Overall
risk
This section of the report is a detailed review of the users. The user and privilege level is given and then areas of possible concern are indicated.
Next to each problem is a number in brackets and this can be cross referenced to the problem numbers shown at the end of this report which explains the significance of each problem.
We also indicate where users have very high access to the system and in some instances this may be completely appropriate (e.g. SYSTEM) but all instances should be reviewed carefully.
Actions
Review each user and determine which problems should be fixed immediately.
results
 Key:
AOPSSWA Level4 Privileges ALTPRI OPER PSWAPM SECURITY SYSLCK WORLD AUDIT
DSVI Level5 Privileges DIAGNOSE SYSGBL VOLPRO IMPORT
BCCDLPPRSSSSDUI Level6 Privileges BYPASS CMEXEC CMKRNL DETACH LOG_IO PFNMAP
PHY_IO READALL SETPRV SHARE SYSNAM SYSPRV
DOWNGRADE UPGRADE IMPERSONATE
CDDDGDDDDLPRDDDAADDPEVPD Flags Captive, Diswelcome, Disnewmail, etc.
NBLDR Connections Network, Batch, Local, Dial-up, Remote

|AOPSSWA|DSVI|BCCDLPPRSSSSDUI|CDDDGDDDDLPRDDDAADDPEVPD|NBLDR
USER-ID |LEVEL4 | L5 | LEVEL6 | FLAGS | CON.
---------------|-------|----|---------------|------------------------|-----
GEN_PM |.......|....|...............|C...........D...........|.....
FIELD |AO.S.W.|..V.|B.C.L.PRS.SS...|............D...........|.....
GEN_MC |.O.....|....|.......R.......|...D....DL..D...........|.....
GEN_PJM |.O....A|....|B..............|............D...........|.....
GEN_SYSTEM |.O.....|....|..............I|........DL..D...........|.....
DEFAULT |.......|....|...............|C..D.......RD.D.........|.....
GGM_TRAIN1 |.......|....|...............|C.......D..RD.D.........|.....
CXL_JC |.......|....|...............|C..........RD.D.........|NBL.R
CXL_AFT |.......|....|...............|C..........RD.DA...P....|NBL.R
CXL_AGS |.......|....|...............|C..........RD.D.........|NBL.R
CXL_JPC |.......|....|...............|C..........RD.D.........|NBL.R
CXL_AJL |.O.....|....|...............|........................|N.L.R
CXL_JLP |.......|....|...............|C..........RD.D.........|NBL.R
CXL_JMJC |.......|....|...............|C..........RD.D.........|NBL.R
CXL_JMH |.......|....|...............|C..........RD.D.........|NBL..
CXL_JMI |.......|....|...............|C..........RD.D.........|NBL.R
CXL_JML |.......|....|..............I|C..........RD.D.........|NBL.R
CXL_JMM |.......|....|...............|C..........RD.D.........|NBL.R
CXL_JMN |.......|....|...............|C..........RD.D.........|NBL..
CXL_JMS |.......|....|...............|C..........RD.D.........|.BL..
CXL_JNM |.......|....|...............|C..........RD.D.........|NBL.R
CXL_JO |.......|....|...............|C..........RD.D.......P.|NBL.R
CXL_JPJ |.......|....|...............|C..........RD.D.........|NBL.R
CXL_JPL |.......|....|...............|C..........RD.D.........|NBL.R
CXL_JRD |.......|....|...............|C..........RD.D.........|NBL.R
CXL_JS |.......|....|...............|C..........RD.D.........|NBL.R
CXL_JTH |.......|....|...............|C..........RD.D.........|NBL.R
CXL_BG |.......|....|...............|C..........RD.D.........|..L.R
CXL_BGL |.......|....|...............|C..........RD.D.........|NBL.R
CXL_JHM |.......|....|...............|C..........RD..........D|NBL.R
CXL_BPB |.......|....|...........S...|...........RD.D.........|NBL.R
CXL_MDM |.......|....|...............|C..........RD.D.........|NBL.R
CXL_MEZ |.......|....|...............|C..........RD.D.........|NBL.R
CXL_MJC |.......|....|...............|C..........RD.D.........|NBL.R
CXL_MKB |.O.....|....|B..............|C..........RD.D.........|NBL.R
CXL_MLW |.......|....|...............|C..........RD.DA.......D|NBL.R
CXL_MNH |.......|....|...............|C..........RD.D.........|NBL.R
CXL_NH |.......|....|...............|C..........RD.D.........|NBL.R
CXL_NJM |.......|....|...............|C..........RD.D....P....|NBL.R
CXL_PAC |.......|....|...............|C..........RD.D.........|NBL.R
CXL_PT |.......|....|...............|C..........RD.D.........|NBL.R
CXL_PJR |.......|....|...............|C..........RD.D.........|NBL.R
CXL_PM |.......|....|...............|C..........RD.D.........|NBL.R
CXL_PS |.......|....|...............|C..........RD.D.........|NBL.R
CXL_PRN |.O.....|....|...............|C...........D.D.........|NBL.R
CXL_PRT |.O.....|....|...............|C...........D.D.........|NBL.R
CXL_RT |.......|....|...............|C..........RD.D.........|NBL.R
CXL_RET |.......|....|...............|C..........RD.D.........|NBL.R
SYSTEM |AOPSSW.|D.V.|BCCDLPPRSSSS...|............D...........|.....
CXL_RH |.......|....|...............|C..........RD.D.........|NBL.R
CXL_MC |.O.....|....|.......R......I|...D....DL..D...........|.....
CXL_PJM |.O.....|....|B..............|............D...........|.....
CXL_SYSTEM |.O.....|....|...............|........DL..D...........|.....
XGM_DEFAULT |.......|....|...............|C..D.......RD.D.........|.....
XGM_TRAIN1 |.......|....|...............|C.......D..RD.D.........|.....
YGEN_PM |.......|....|...............|C...........D...........|.....
ZEN_PM |.......|....|...............|C...........D..........D|.....
ZZN_PM |.......|....|...............|C...........D.........P.|.....