The installation procedure for SAT comprises installing the software for the SATCP subsystem and for the SATUT utility routine. Before SAT is put into operation you should draw up a plan for logging security-relevant data on the basis of the SAT control options. For further details refer to section “Selection of security-relevant events (preselection)”, section “Postprocessing of SATLOG files (postselection)” and „section“Monitoring special security-relevant activities”.

Installing SATCP

The following files must be cataloged under TSOS in order to install SAT:

The SATCP subsystem is activated and started automatically by DSSM during system startup. This means that SAT is available prior to “SYSTEM READY”. In normal operation, SAT is active and writes its audit data to the first new SATLOG file of the session. The SATCP subsystem is implicitly deactivated during system shutdown; it cannot be deactivated explicitly.

In a BS2000 system in which SECOS is being used for the first time, all the user IDs have the log setting AUDIT-SWITCH=*ON after initial installation.

In a BS2000 system which has been upgraded from a lower to a higher SECOS version, all the user IDs retain their previous log setting after installation.

An ENTER procedure is available to back up the current preselection settings for the user IDs prior to any change. This generates an ENTER job with the corresponding /MODIFY-SAT-PRESELECTION commands.

Installing SATUT

The following files are supplied with SATUT :

SATUT runs independently of SAT under any user ID with the privilege SAT-FILE-MANAGEMENT or SAT-FILE-EVALUATION.