accept
|
The term that is used to indicate that a secured task request has passed all
security checks and may now be executed. |
built-in function
|
Predefined function that comes with Endpoint Privilege Management for Unix and Linux. |
character string list
|
A sequence of zero or more characters enclosed in double (") or single (')
quotation marks. |
character string list
|
An ordered list of character strings separated by commas and enclosed in
curly braces ({}). |
checksum
|
A unique value that is derived from an application. It can be used to
determine if an application has been modified since the checksum value was
created. |
constant
|
A value that cannot be modified. A read-only variable is an example of a
constant. |
decimal integer
|
Base 10 numeric value (0, 1, 2, 3, 4, 5, 6, 7, 8, 9). |
event log
|
The file that Endpoint Privilege Management for Unix and Linux uses to record information about
each user task request that Endpoint Privilege Management for Unix and Linux processes. |
environment variable
|
One of a set of Unix/Linux variables that define the environment that is
passed to child processes. |
false
|
A read-only Endpoint Privilege Management for Unix and Linux variable that is equal to an integer
value of 0. |
format command character
|
Used to insert variable values into character strings. Format command
characters specify not only where to insert values, but also how to format the
inserted values. |
function
|
A stand-alone unit of security verification logic that performs a specific task.
Procedures are generally used to implement repetitive tasks. The difference
between a function and a procedure is that a function returns a value,
whereas a procedure does not. |
function scope
|
Determines whether a variable that is defined in one security policy function
or procedure can be used by another security policy function or procedure.
In Endpoint Privilege Management for Unix and Linux, functions and procedures have a global
scope, meaning that variables that are used in one function or procedure can
be used by any other function or procedure. |
global variable
|
an Endpoint Privilege Management for Unix and Linux variable that applies to the Endpoint Privilege Management for Unix and Linux system, rather than to a specific task request. |
hexadecimal integer
|
Base 16 integer value (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F). |
index
|
A number that is used to access a specific element within a list variable. |
integer
|
A numeric value; a member of the set of both positive and negative whole
numbers. |
I/O log
|
an Endpoint Privilege Management for Unix and Linux log that captures the input (keystroke),
output, and error streams for an interactive Unix/Linux session. |
LDAP connection
|
A special data type that is used to pass parameters to and from Endpoint Privilege Management for Unix and Linux LDAP functions. |
LDAP message
|
A special data type that is used to pass parameters to and from Endpoint Privilege Management for Unix and Linux LDAP functions. |
logging variables
|
Contain information that controls Endpoint Privilege Management for Unix and Linux logging
activities. |
log host
|
Machine on which the Endpoint Privilege Management for Unix and Linux log server runs. See
pblogd. |
manual accept
|
A task request can bypass security policy file processing and be manually
accepted from the Endpoint Privilege Management for Unix and Linux web user interface. |
octal integer
|
Base 8 integer value (0, 1, 2, 3, 4, 5, 6, 7). |
operator
|
A symbol that performs a specific mathematical, relational, logical or other
special function. |
pblocald
|
The Endpoint Privilege Management for Unix and Linux daemon that is responsible for initiating
task execution. See run host. |
pblogd
|
When used, pblogd is responsible for saving log records to the appropriate
event log files and I/O log files. pblogd is not a required Endpoint Privilege Management for Unix and Linux component. If pblogd is not used, then the policy server host
and the run host write their own log records. See log host. |
pbmasterd
|
The main Endpoint Privilege Management for Unix and Linux daemon. pbmasterd is responsible
for determining whether requests should be allowed to run (accepted) or be
terminated (rejected). See policy server host. |
pbrun
|
The Endpoint Privilege Management for Unix and Linux daemon that intercepts task requests and
determines if the task is subject to security policy rules. If so, then pbrun
passes the request on to the policy server host. See submit host. |
policy server host
|
Machine on which the main Endpoint Privilege Management for Unix and Linux daemon
(pbmasterd) runs. See pbmasterd. |
policy server security policy file
|
The security policy files invoked by policy server host to start security
validation processing for a task. |
procedure
|
A stand-alone unit of security verification logic that performs a specific task.
Procedures are generally used to implement repetitive tasks. The difference
between a function and a procedure is that a function returns a value,
whereas a procedure does not. |
read-only variable
|
A variable whose value cannot be changed; also known as a constant. |
reject
|
The term used to indicate that a secured task request did not pass all security
checks and so may not be executed. |
run host
|
Machine on which the Endpoint Privilege Management for Unix and Linux task-execution daemon
is run. See pblocald. |
run variable
|
Modifiable version of a task information variable. These variables contain
properties that affect task execution. |
secured activity
|
An activity that is checked against Endpoint Privilege Management for Unix and Linux security
policy files, before it is executed, to verify that it adheres to all security policy
rules. See secured task. |
secured task
|
A task that is checked against Endpoint Privilege Management for Unix and Linux security policy
files, before they are executed, to verify that they adhere to all security policy
rules. See secured activity. |
security administrator
|
The person who is responsible for implementing a company’s network
security policy. |
security policy file
|
A file that contains the actual security checks that are used to determine
whether a specific task should be accepted or rejected. |
Security Policy Scripting Language
|
A C-like, interpreted programming language that is used to create security
policy files. |
security policy sub-file
|
A security policy file that is included by another security policy file. Security
policy sub-files generally focus on specific areas of security verification
processing. |
security verification processing
|
The process of checking a task request against security policy files to
determine if that task adheres to all security policy rules. The Policy Server
host controls task verification processing. |
special characters
|
Character combinations that are used in place of characters that cannot be
typed directly with a keyboard. |
submit host
|
Machine on which the Endpoint Privilege Management for Unix and Linux task-receiving
component runs. See pbrun. |
syslog
|
An interface that enables Endpoint Privilege Management for Unix and Linux to access the
Unix/Linux logging daemon. |
submitting user
|
The user who submitted the current task request. |
task information variable
|
One of a set of variables that contain information about the current task.
There are two types of task information variables: read-only variables and run
variables. |
task verification processing
|
The process of checking a task request against security policy files to
determine if that task adheres to all security policy rules. The Policy Server
host controls task verification processing. |
task request
|
Any request to run a job. |
true
|
A read-only Endpoint Privilege Management for Unix and Linux variable that is equal to an integer
value of 1. |
unsecured task
|
A task request that is not checked against Endpoint Privilege Management for Unix and Linux
security policy files. Unsecured task requests are allowed to execute without
first undergoing Endpoint Privilege Management for Unix and Linux task verification processing. |
user-defined variable
|
Variable that is used within a security policy file to store information during
task security verification processing. |
user-written function
|
A stand-alone unit of security verification logic that performs a specific task.
These units of code are written using the Security Policy Scripting Language.
They are generally used to implement repetitive tasks. The difference
between a function and a procedure is that a function returns a value,
whereas a procedure does not. |
user-written procedure
|
A stand-alone unit of security verification logic that performs a specific task.
These units of code are written using the Security Policy Scripting Language.
They are generally used to implement repetitive tasks. The difference
between a function and a procedure is that a function returns a value,
whereas a procedure does not. |
variable data type
|
Defines the type of information that can be stored in a variable, as well as the
types of operations that can be performed on a variable. |
variable scope
|
Determines whether another security policy file can use a variable that is
defined in one security policy file. In Endpoint Privilege Management for Unix and Linux, all
variables have a global scope, meaning that after they are created, any
security policy file can reference them. |