Glossary
| Term | Definition |
|---|---|
| accept | The term that is used to indicate that a secured task request has passed all security checks and may now be executed. |
| built-in function | Predefined function that comes with Endpoint Privilege Management for Unix and Linux. |
| character string list | A sequence of zero or more characters enclosed in double (") or single (') quotation marks. |
| character string list | An ordered list of character strings separated by commas and enclosed in curly braces ({}). |
| checksum | A unique value that is derived from an application. It can be used to determine if an application has been modified since the checksum value was created. |
| constant | A value that cannot be modified. A read-only variable is an example of a constant. |
| decimal integer | Base 10 numeric value (0, 1, 2, 3, 4, 5, 6, 7, 8, 9). |
| event log | The file that Endpoint Privilege Management for Unix and Linux uses to record information about each user task request that Endpoint Privilege Management for Unix and Linux processes. |
| environment variable | One of a set of Unix/Linux variables that define the environment that is passed to child processes. |
| false | A read-only Endpoint Privilege Management for Unix and Linux variable that is equal to an integer value of 0. |
| format command character | Used to insert variable values into character strings. Format command characters specify not only where to insert values, but also how to format the inserted values. |
| function | A stand-alone unit of security verification logic that performs a specific task. Procedures are generally used to implement repetitive tasks. The difference between a function and a procedure is that a function returns a value, whereas a procedure does not. |
| function scope | Determines whether a variable that is defined in one security policy function or procedure can be used by another security policy function or procedure. In Endpoint Privilege Management for Unix and Linux, functions and procedures have a global scope, meaning that variables that are used in one function or procedure can be used by any other function or procedure. |
| global variable | an Endpoint Privilege Management for Unix and Linux variable that applies to the Endpoint Privilege Management for Unix and Linux system, rather than to a specific task request. |
| hexadecimal integer | Base 16 integer value (0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F). |
| index | A number that is used to access a specific element within a list variable. |
| integer | A numeric value; a member of the set of both positive and negative whole numbers. |
| I/O log | an Endpoint Privilege Management for Unix and Linux log that captures the input (keystroke), output, and error streams for an interactive Unix/Linux session. |
| LDAP connection | A special data type that is used to pass parameters to and from Endpoint Privilege Management for Unix and Linux LDAP functions. |
| LDAP message | A special data type that is used to pass parameters to and from Endpoint Privilege Management for Unix and Linux LDAP functions. |
| logging variables | Contain information that controls Endpoint Privilege Management for Unix and Linux logging activities. |
| log host | Machine on which the Endpoint Privilege Management for Unix and Linux log server runs. See pblogd. |
| manual accept | A task request can bypass security policy file processing and be manually accepted from the Endpoint Privilege Management for Unix and Linux web user interface. |
| octal integer | Base 8 integer value (0, 1, 2, 3, 4, 5, 6, 7). |
| operator | A symbol that performs a specific mathematical, relational, logical or other special function. |
| pblocald | The Endpoint Privilege Management for Unix and Linux daemon that is responsible for initiating task execution. See run host. |
| pblogd | When used, pblogd is responsible for saving log records to the appropriate event log files and I/O log files. pblogd is not a required Endpoint Privilege Management for Unix and Linux component. If pblogd is not used, then the policy server host and the run host write their own log records. See log host. |
| pbmasterd | The main Endpoint Privilege Management for Unix and Linux daemon. pbmasterd is responsible for determining whether requests should be allowed to run (accepted) or be terminated (rejected). See policy server host. |
| pbrun | The Endpoint Privilege Management for Unix and Linux daemon that intercepts task requests and determines if the task is subject to security policy rules. If so, then pbrun passes the request on to the policy server host. See submit host. |
| policy server host | Machine on which the main Endpoint Privilege Management for Unix and Linux daemon (pbmasterd) runs. See pbmasterd. |
| policy server security policy file | The security policy files invoked by policy server host to start security validation processing for a task. |
| procedure | A stand-alone unit of security verification logic that performs a specific task. Procedures are generally used to implement repetitive tasks. The difference between a function and a procedure is that a function returns a value, whereas a procedure does not. |
| read-only variable | A variable whose value cannot be changed; also known as a constant. |
| reject | The term used to indicate that a secured task request did not pass all security checks and so may not be executed. |
| run host | Machine on which the Endpoint Privilege Management for Unix and Linux task-execution daemon is run. See pblocald. |
| run variable | Modifiable version of a task information variable. These variables contain properties that affect task execution. |
| secured activity | An activity that is checked against Endpoint Privilege Management for Unix and Linux security policy files, before it is executed, to verify that it adheres to all security policy rules. See secured task. |
| secured task | A task that is checked against Endpoint Privilege Management for Unix and Linux security policy files, before they are executed, to verify that they adhere to all security policy rules. See secured activity. |
| security administrator | The person who is responsible for implementing a company’s network security policy. |
| security policy file | A file that contains the actual security checks that are used to determine whether a specific task should be accepted or rejected. |
| Security Policy Scripting Language | A C-like, interpreted programming language that is used to create security policy files. |
| security policy sub-file | A security policy file that is included by another security policy file. Security policy sub-files generally focus on specific areas of security verification processing. |
| security verification processing | The process of checking a task request against security policy files to determine if that task adheres to all security policy rules. The Policy Server host controls task verification processing. |
| special characters | Character combinations that are used in place of characters that cannot be typed directly with a keyboard. |
| submit host | Machine on which the Endpoint Privilege Management for Unix and Linux task-receiving component runs. See pbrun. |
| syslog | An interface that enables Endpoint Privilege Management for Unix and Linux to access the Unix/Linux logging daemon. |
| submitting user | The user who submitted the current task request. |
| task information variable | One of a set of variables that contain information about the current task. There are two types of task information variables: read-only variables and run variables. |
| task verification processing | The process of checking a task request against security policy files to determine if that task adheres to all security policy rules. The Policy Server host controls task verification processing. |
| task request | Any request to run a job. |
| true | A read-only Endpoint Privilege Management for Unix and Linux variable that is equal to an integer value of 1. |
| unsecured task | A task request that is not checked against Endpoint Privilege Management for Unix and Linux security policy files. Unsecured task requests are allowed to execute without first undergoing Endpoint Privilege Management for Unix and Linux task verification processing. |
| user-defined variable | Variable that is used within a security policy file to store information during task security verification processing. |
| user-written function | A stand-alone unit of security verification logic that performs a specific task. These units of code are written using the Security Policy Scripting Language. They are generally used to implement repetitive tasks. The difference between a function and a procedure is that a function returns a value, whereas a procedure does not. |
| user-written procedure | A stand-alone unit of security verification logic that performs a specific task. These units of code are written using the Security Policy Scripting Language. They are generally used to implement repetitive tasks. The difference between a function and a procedure is that a function returns a value, whereas a procedure does not. |
| variable data type | Defines the type of information that can be stored in a variable, as well as the types of operations that can be performed on a variable. |
| variable scope | Determines whether another security policy file can use a variable that is defined in one security policy file. In Endpoint Privilege Management for Unix and Linux, all variables have a global scope, meaning that after they are created, any security policy file can reference them. |
Updated 6 days ago