HP-NonStop Security

Secure your HP-NonStop system with security software and privileged system products and tools from

GreenHouse Software & Consulting

Freeware (Last Updates)

  • NSK-PKZIP - Creates and extracts ZIP type files on a Tandem system
    Last Update: 26.10.2016
  • PPD - Sorts and displays the PPD based on wild cards. Sorts result, and supports WHERE MOM clause.
    Last Update: 16.09.2016
  • ChildsOf - Displays the child processes of an ancestor process
    Last Update: 17.08.2016
  • SysInfo - Displays all system relevant data
    Last Update: 02.05.2016
  • GSWFIT - Introduces the SWID fingerprint to executables
    Last Update: 11.04.2016

Welcome to GreenHouse Software & Consulting!

Dear GreenHouse customer, prospect, and fan,

you finally ended up on the new web page of GreenHouse, the one and only Tandem (to me it's still Tandem, after 31+ years) related page in the web, where you find:

  • Products (real good stuff to secure your Tandem systems:  Affordable, with the best functionality available!)
  • FreeWare (free AND supported)
  • ShareWare (competitive AND free support)
  • PayWare (for everybody, not allowed to use Free- or ShareWare)
  • Our contributions to ITUG
  • Tandem security related stuff!

Product of the month

PATHWAY Server Security (PS-Shell)

When you have a closer look at the PATHWAY security settings you find out, that there is an easy way to connect to a PATHWAY server, and to make it work on your behalf.

All you need to know is the

  • server to talk to and
  • message format it understands

This information is known by the application developers, and possibly by the operations people as well. In other words: There is a possibility that 'interesting' application data can be 'extracted' easily and unrecognized by unauthorized people.

Opening a server from the outside - that is: Directly from a program by using a call to Open/File_Open_ - is not easy to prevent.

Two methods are available:

  1. All servers have known names, protected by SAFEGUARD PROCESS ACLs
  2. The servers check incoming system messages, and reject unexpected ones.

Both methods work, but are not convenient:

  1. The administrative effort to name all PATHWAY servers and to maintain the ACLs is tremendous
  2. Normally severs do not analyze incoming message originators, and reject unexpected ones. Changing already used servers is not really recommended.

GreenHouse developed a product named PS-Shell (PATHWAY Security Shell), which controls all OPEN events directed toward PATHWAY servers and automatically rejects unexpected ones. 

Three ways of talking to servers are available:

1. Communication within a PATHWAY system.

The OPEN events within a PATHWAY system are easy to recognize and to control.

There is no need to take actions here.

PS-Shell can perform this task automatically, no administration is required here.

2. GUARDIAN open from the outside.

OPENs from the outside are detected by PS-Shell, and can be allowed or rejected.

As long as OPENs from the outside are NOT allowed, PS-Shell detects and rejects them automatically.

Valid outside OPENs are configurable.


The PATHSEND method is not easy to handle, because it is nowhere recognized outside the PATHWAY environment: The instance, originating PATHSEND, does not show up in any system message.

Currently there is only one method to prevent an unexpected PATHSEND OPEN: Using the security attribute of the server. The granularity of this attribute - A, G, O, N, C, U - is poor, but better than nothing.

Besides this security setting, administrative provisions can help to close this hole, e.g. by running all PATHWAY systems within one GUARDIAN user group.

For more details, please click here or contact us at Info[by]GreenHopuse[to]de