TAMOS provides three levels of auditing.
TAMOS提供三种级别审计。
You can install TAMOS in one of four ways.
可以通过四种方式安装tamos。
The TAMOS kernel extensions intercept all the system calls.
TAMOS内核扩展拦截所有系统调用。
This ability to control root account use is one of the key features of TAMOS.
这种控制根帐户使用的能力是TAMOS的一项关键特性。
The fine and granular level of auditing provided by TAMOS can help you do so.
TAMOS所提供的合适的粒度级别的审计能提供帮助。
Now you will see how TAMOS can help you prevent the scenario described above.
下面您将看到TAMOS如何帮助您防范上述场景。
Introduction of TAMOS along with an overview of how to install and configure.
TAMOS简介及安装配置概述。
TAMOS has just prevented accidental data loss due to deletion of the container.
TAMOS已防止了由于删除容器造成的数据意外丢失。
Suffix - user registry suffix under which users associated with TAMOS are created.
suffix—创建TAMOS关联用户所需的用户注册后缀。
You could also use the pdosaudview utility provided by TAMOS to view the audit report.
可以使用 TAMOS 提供的pdosaudview 工具查看审计报告。
TAMOS provides a way you can protect surrogate operations by using surrogate resources.
TAMOS通过提供代理资源提供保护代理操作的方法。
This section demonstrates how TAMOS can help you deal with two real-world issues faced by DB2 customers.
本小节将演示TAMOS如何帮助解决DB2用户遇到的两个现实问题。
The following example demonstrates how you can use TAMOS access controls to protect against fraudulent behavior.
下面的例子演示如何使用TAMOS访问控制来防范欺骗行为?
First, create an object for the db2sysc process as a file resource in the TAMOS object space, as shown in Listing 10.
首先,在TAMOS对象空间中为db2sysc进程创建一个对象,作为文件资源,如清单10所示。
When you use Installshield multiplatform to install, TAMOS is already configured as part of the installation process.
使用Installshield multiplatform进行安装时,TAMOS已在安装过程中配置。
TAMOS can also help you track who actually issued the kill command, which can lead to you identifying the real culprit.
TAMOS还可帮助您追踪是谁发出结束命令,这将能帮您确定谁是真正的罪魁祸首。
TAMOS addresses these concerns by providing operating system-level access control for UNIX and Linux operating systems.
TAMOS通过为 UNIX和Linux提供操作系统级访问控制来解决这些问题。
This section explains how to configure TAMOS on a UNIX or Linux operating system after you perform a native installation.
本小节讲解如何在进行本机安装后,在UNIX或Linux操作系统上配置TAMOS。
There are several prerequisite system requirements that must be met before you can begin to install and configure IBM TAMOS.
在开始安装和配置IBMTAMOS之前,系统必须首先满足几个先决条件。
TAMOS is implemented as a series of daemons, kernel extensions, and control files for either the UNIX or Linux operating system.
TAMOS是作为一系列UNIX或Linux操作系统的后台进程、内核扩展以及控制文件实现的。
The flow chart in Figure 1 demonstrates how TAMOS implements the security layer by intercepting the system calls at the kernel level.
图1的流程图演示了TAMOS如何通过在内核层面拦截系统调用来实现安全层。
This tells TAMOS to track when a SIGKILL is issued against the resource regardless of whether or not the user is allowed to kill the db2sysc process.
这将告诉TAMOS当SIGKILL发送给资源时进行追踪,而不管用户是否允许结束db2sysc进程。
The example in this section describes the first type of installation — how to perform a GUI mode installation of TAMOS, and specifically on a Linux server.
本节的例子描述第一种安装 —如何执行TOMOS 的GUI模式安装,此处是安装在Linux服务器上。
Again, you can refer to the "TAMOS installation Guide," which is linked to in the Resources section at the end of this article, for detailed installation instructions.
您还可以参考“TAMOS Installation Guide”,这在本文末尾的参考资料一节中有链接,其中有详细的安装指导。
Once you understand the concepts of TAMOS, you will be in a better position to provide security to your system resources on top of that provided by the native operating system.
一旦理解了TAMOS的概念,您就能在本机操作系统提供的保护之外为系统资源提供更好的保护。
The command you use to configure TAMOS after a native installation is pdoscfg. Following are the required configuration options that you must specify with your initial configuration.
在本机安装后用于配置TAMOS的命令是pdoscfg。
To begin an interactive GUI-mode installation, locate your TAMOS CD and run the program with the name: install_amos_platform, where platform represents the name of your operating system.
在开始交互式GUI模式安装前,先找到TAMOSCD并运行名为install_amos_platform的程序,其中platform表示操作系统的名字。
Now you will see how TAMOS can help you in the type of situation outlined above by preventing users from removing the containers, and thereby securing your system against potential data loss.
现在您将看到TAMOS 如何帮助您在上述情形下防止用户删除容器,从而保护系统免于潜在的数据丢失。
Now, as shown in Listing 14, when the db2ins95 or root user tries to kill the db2sysc process, he is not allowed to do so because you have used TAMOS to put the proper controls and policies in place.
现在,如清单14 所示,当db2ins95或根用户试图结束db2sysc 进程,将不被允许,这是因为已经使用了TAMOS 添加了合适的控制和策略。
Now, as shown in Listing 14, when the db2ins95 or root user tries to kill the db2sysc process, he is not allowed to do so because you have used TAMOS to put the proper controls and policies in place.
现在,如清单14 所示,当db2ins95或根用户试图结束db2sysc 进程,将不被允许,这是因为已经使用了TAMOS 添加了合适的控制和策略。
应用推荐