Light version of the GreenHouse product SECOM (Secure Command Manager)


222, 09Mar2018

  • Intro of BLANK and SEPARATE key words to control the command parser.


215, 02Mar2007

  • Introduction of the two key words:
    - [SECOMLUSERNAME], which is replaced by the SECOM-L users name, and
    - [SECOMLUSERID], which is replaced by the SECOM-L users ID
    These two key words are allowed in
    - the start-up parameters
    - in the PARAM section of the SECOM-L command

214, 01Mar2007

  • Leading blanks in start-up messages are eliminated: PAK can not handle this.


213, 12Feb2007

  • The LICENSE command checks, if SECOM-L is an ancestor in the chain of ancestors. In case there is one, the Lincese action is aborted. This prevents a SECOM-L started SUPER TACL to license SUPER.SUPER commands!
  • SECOM-L now runs as a subtype 51 process, which is checked at LICENSE time.

212, 22Jun2004

  • Option 55 (Tracer) and 54 (Timeout) implemented

211, 18Jun2004

  • The LIST command now displays the command contents, when the command is defined without wildcards, e.g.:
    LIST *     
    lists all commands and their head lines
    LIST VPROC list the entire VPROC command

210, 15Jun2004

  • Introduction of keyword DEFAULT in command file. This caused a change of structure SECOLLOG.
  • Code lifting?s: Intro of local Startup structure in procedure ExecuteCommand

The Secure Command Manager (SECOM) product from GreenHouse is the most complete command level security and ID hopping tool in the NSK world. It allows an authorized user to access any resource, running at any ID, WITHOUT the need to know the IDs password.
It can be configured to control the users input to ensure, that only a subset of commands, available in a resource, can be used by the user.
SECOM also covers a complete access as well as management logging, and the ability to capture the session I/O (input as well as output [interactive as well as block mode], and OSS sessions).

The SECOM-L product is a lite version of the ?fully blown? SECOM product, offering these functions:

- An easy command management maintenance system:
All SECOM-L commands are small EDIT type files.
The command maintenance can be done using EDIT and TEDIT.

- A secure way to authorize a SECOM-L command.
The EDIT type file has to be licensed by the users, which is defined as ID, the command resource has to run with.
The LICENSE command is a function of SECOM-L.

- A secure platform to control users, authorized to execute SECOM-L commands.
Access to command files is controlled by GUARDIAN, and optional SAFEGUARD.
To execute a SECOM-L command, a user must have READ access on the command file.

- A secure platform to execute these commands.
SECOM-L runs PRIV code. To introduce it to the system, SUPER.SUPER must be used to FUP LICENSE the SECOM-L program.

- The logging of all security relevant actions.
All SECOM-L LICENSE and EXECUTION commands are logged in an entry sequenced file, which easily can be listed by ENFORM.

For detail information please read the documentation.

In case you find a bug, please let me know, and I'll fix it.

GreenHouse Software & Consulting
Carl Weber