VMS SES Installation Guide and Release Notes Version 5.3-1

This document serves as the installation guide and release notes for Version 5.3-1 of the VMS Security Enhancement Service (SEVMS), a software security consulting package for the VMS operating system.

The guide outlines procedures for installing and upgrading SEVMS, emphasizing that VMS Version 5.3-1 must be installed first, and providing steps for removing previous SEVMS versions. It highlights important pre-installation notes, such as disk space requirements and the need for a system reboot.

Key new and changed features in Version 5.3-1 include:

• Enhanced Terminal Classification: Local interactive terminals can now have a log-in classification range, allowing them to function as single-level devices when no user is logged in. New DCL commands, SET CLASS/TERMINAL and SHOW CLASS/TERMINAL, manage these ranges.
• Audit Command Updates: The ANALYZE/AUDIT command gains a new /FACILITY=SEVMS qualifier and new keywords for /EVENT_TYPE (e.g., PRINTED_FILE, LABEL_BYPASS, CHANGE_CLASS) and /SELECT (e.g., SYMBIONT_PROCESS_ID, QUEMGR_JOB_NUMBER) to refine audit reporting.
• Command Enhancements: Partial wildcarding is now supported for SHOW CLASS commands, and a /REMOVE qualifier is added to SET CLASS commands for deleting records.
• File and Naming Changes: Symbolic definition files for various languages are now available, and the executable SEVMS_SMB.EXE is renamed to SEVMS$SMB.EXE.
• Mail Account Privilege Change: The recommended privilege for the MAIL$SERVER account is updated to only include DOWNGRADE as an "authorized" privilege.

The document also details known problems and restrictions, such as an installation bug preventing correct file protection for certain files, ongoing restrictions with mailing to privileged accounts, and incomplete support for the DISCONNECT terminal characteristic. A critical note warns about the audit server database compatibility when upgrading from SEVMS 5.1 or prior.

Additionally, it lists various resolved problems from previous versions, including corrections for mail file classification, improved handling of privileged user mail, better error reporting for SET AUDIT commands, a fix for captive account logins, restoration of ANALYZE/AUDIT /EVENT_TYPE=PRINT functionality, and resolution of issues with RMS channels and the SHOW CLASS/NODE wildcard.

This manual is intended for system installers and security managers, assuming a working knowledge of VMS and basic system administration.