eTrust Access Control for Linux - Administrator Guide

Certification with Unicenter TNG and Unicenter NSM

Certification with Unicenter TNG and Unicenter NSM

The following features comply with Unicenter TNG 2.2 SP1, Unicenter TNG 2.4,
and Unicenter NSM 3.0:
„ Sending “events”
„ Synchronizing mainframe passwords
„ Using the Unicenter TNG calendar

Audit Events Integration

Integration with Unicenter TNG is set up at installation.

You can choose to send audit data to Unicenter TNG. Audit events that are
passed to Unicenter TNG appear in the Console logs in the Unicenter
Enterprise Management\Enterprise Managers\Windows NT\Event window.

Audit Event Display Color Severity
Success Blue S
Denied Orange F
Fail Orange F
Warning Blue W
eTrust AC stopped (audit down) Blue I
eTrust AC started (audit start) Blue I

Unicenter Security Migration and Integration 251

Audit Events Integration
The second option permits launching eTrust AC from the Unicenter WorldView
menu by pointing to the icon representing the TCP/IP Network in the Managed
Objects window and selecting eTrust AC from the right-click menu.
eTrust AC also sends following information about events:
„ Product name (eTrust Access Control + version number)
„ User name
„ Terminal name
„ Class name
„ Resource name
„ Process name
„ Event's time
„ Full audit message in the format of eTrust AC auditing
The fields User name, Terminal name, Class name, Resource name, and
Process name are not always sent, depending on event type.

252 Administrator Guide

Appendix A: NIS Configuration

This section contains the following topics:
Installation Notes (see page 253)
Name Resolution (see page 254)
Avoiding Deadlocks: The Lookaside Database (see page 256)
Configuration Tokens: The seos.ini File (see page 259)

Installation Notes

Note: This section supplements material covered by the installation script.
This appendix assumes you are familiar with Network Information Systems
(NIS), Domain Name Services (DNS), and UNIX name resolution concepts.

During installations of eTrust AC, you can use one of two options to resolve
user ID to user name, group ID to group name, host IP address to host name,
and service port to service name:
„ Use the system functions, which define a bypass for the net cashing

daemon on your system.
– If you use Digital DEC UNIX and it is not an NIS server, the default

uses the system functions for name resolution.
– If you use Digital DEC UNIX and it is an NIS server, the installation

prompts you to choose one of two options: use a lookaside database
or use system functions, which define a bypass for the net caching
daemon.
„ Use a lookaside database, which is created by the sebuildla utility.
– If you are using eTrust AC configured to run on an NIS server, use the
lookaside database.
– The installation default uses the lookaside database on the following
platforms: HP-UX 11.0 and higher, Sun Solaris 2.6 and higher, IBM
AIX 5.1L and higher, and all supported Linux platforms.

Note: On IBM AIX platforms, you must use the lookaside database; there is
no option to use the system functions.

NIS Configuration 253