Xerox DocuSP 3.6 Common Controller System Guide

Xerox Document Services Platform Series

Common Controller
System Guide

701P38837
DocuSP 3.6
August, 2002

Xerox Corporation
Global Knowledge and Language Services
800 Phillips Road
Building 845-17S
Webster, New York 14580

© 2002 by Xerox Corporation. All rights reserved.
Copyright protection claimed includes all forms and matters of copyrighted material

and information now allowed by statutory or judicial law hereinafter granted including
without limitation, material generated from the software programs that are displayed
on the screens such as styles, templates, icons, screen displays, looks, and so on.

Printed in the U.S.A., U.K., and France.
XEROX®, XEROX Europe®, and XEROX Canada Limited®, The Document

Company, the stylized X, and all names identifying numbers used in connection with
Xerox products mentioned in this publication are trademarks of XEROX
CORPORATION. All non-Xerox brands and product names are trademarks of their
respective companies. Other company trademarks are also acknowledged.

While the information in this Guide is correct at the time of publication, Xerox reserved
the right at any time to change the information without notice. Changes are made
periodically to this document. Changes and technical updates will be added in
subsequent editions.

Table of Contents

1. Introduction 1-1

About this guide 1-1
Contents 1-1
Conventions 1-2
Customer Support Number 1-2

2. Gateway Configuration 2-1

Internet Services (HTTP) Gateway Configuration 2-1
Simple Network Management Protocol (SNMP) Configuration 2-2

Configuration variables 2-3
Printer and job messages 2-4

SNMP MIB Support 2-4
NDS Setup 2-6

3. Backup and Restore 3-1

Backup 3-1
Restore 3-2
Xerox Backup & Restore (XBR) Utility for a DP100/115/135/180 EPS System 3-3

Backing up a System 3-3
Restoring a System 3-4

4. Security and Network Setup 4-1

Access and Secu rity 4-1
Changing the logon level 4-2
Overview of Security 4-3
Roles and responsibilities 4-3

New security features 4-5

SYSTEM GUIDE i

Customer responsibility 4-3
Xerox responsibility 4-4

TABLE OF CONTENTS

Using scripts to enhance security features 4-7

The configure-xdss scri pt 4-8

Disable LP Anonymous Printing 4-8
DigiPath and Decomposition Services 4-8
Remote shell internet service 4-9

The disable-security script 4-9

The enable-ftp and disable-ftp scripts 4-9

The enable-security script 4-9

Secure Solaris file permissions 4-10
Delete and Secure User Accounts 4-10
Disallow all users for at, cron and batch commands 4-10
Disable unnecessary internet services daemons 4-11
Remote Diagnostics 4-12
Disabling secure name service databases: 4-12
Multicast routing 4-13
Securing the sendmail daemon 4-13
Securing the network parameters 4-13
Restricting NFS port monitor 4-13
Disabling remote login to CDE 4-14
Disabling DocuSP as a router 4-14
Security warning banners 4-14

Example of /etc/inetd.conf file after security edits 4-14
Helpful Security tips 4-19

5. Printing 5-1

First In/First Out (FIFO) Printing 5-1

Controller settings for limited FIFO scheduling/printing 5-1
Enable/Disable FIFO Job Scheduling 5-2

ASCII and PCL Printing Utility 5-4

ii SYSTEM GUIDE

Impact on DocuSP printers 5-4
setpclontrol Utility 5-5
Set lp/lprcopycount utility 5-6

TABLE OF CONTENTS

Socket Gateway Configuration Utility: setVPSoption 5-7
TIFF Orientation 5-8
MICR Enablement 5-8
Using VIPP 5-9
Paper Trays 5-9
Printing hints 5-9

6. Finishing 6-1

Subset Finishing 6-1

Creating jobs to use subset finishing 6-2
Subset Offset (Page Level Jog) 6-2

PCL Offset/Separator/Subset Finishing command 6-3
PCL Paper Source Command 6-4
Mixed Stacking 6-4
Additional finishing information 6-5

7. Fonts 7-1

How to choose fonts 7-1

Fonts 7-1

Resident Fonts 7-2
Non Resident Fonts 7-5
Font substitution 7-6

TIFF files 7-6

TIFF overview 7-7

Performance considerations 7-7
Supported TIFF tags 7-7

8. Accounting and Billing 8-1

Accounting 8-1

Billing 8-2

SYSTEM GUIDE iii

Auto exporting accounting log 8-1

Accounting exported values 8-1

Billable Events 8-2

Billing Meters 8-3

TABLE OF CONTENTS

9. Troubleshooting 9-1

Calling for service 9-1
Declared faults 9-1

Printer fault 9-2
Job fault 9-2

Undeclared faults 9-2

Client problems 9-3

Windows problems 9-3
Macintosh problems 9-3
DigiPath problems 9-4
GUI problems 9-4
Print Quality problems 9-5
Font problems 9-5
Inoperable system problems 9-6
Job flow problems 9-6
Job Integrity problems 9-8
PDL problems 9-8
PostScript problems 9-8
TIFF problems 9-9
PDF problems 9-9

Restore password 9-10
Restart DocuSP software without rebooting 9-11
Productivity and perform anc e proble ms 9-11
Problems when saving a job 9-12

Printing system logs 9-12

all_jobs_log 9-12
system_log 9-12

Rebooting and restarting 9-14
Loading XDJC/Unix 9-15
Configuring XDJC/Unix 9-16

iv SYSTEM GUIDE

status_log 9-13
ep_exception_log and ep_primary_log 9-13

TABLE OF CONTENTS

Output files 9-17
Properly ejecting a diskette from the Diskette drive on a DocuSP workstation9-17

10. Hints and Tips 10-1

General 10-1

Disabling the Solaris 8 Scre en Saver 10-1

Common Desktop Environment (CDE) Front Panel Removal and

Workaround 10-1
Color Systems 10-2

General Comments 10-2

Time used to generate the PDL 10-2
Time used to transfer PDL 10-2
Time required to RIP PDL 10-3
Time required to print PDL 10-3

Job Submission Hints 10-3

Number of Images 10-3
Ethernet 10-3
Gateways 10-3
Job submission order 10-4
Job RIP Hints 10-4
Variable data 10-4
Image Quality 10-5
Job Printing Hints 10-6
Skipped Pitches 10-6

XJDC Hints and Tips 10-7
PCI Channel Interface PWB Trace Capture Procedure 10-8

Perform a Trace 10-8

Export the trace file to floppy 10-9

SYSTEM GUIDE v

TABLE OF CONTENTS

vi SYSTEM GUIDE

About this guide

1. Introduction

The System Guide provides the information needed to perform
system administration tasks for configuring and maintaining the
Xerox Document Services Platform (DocuSP) for printing
systems.

NOTE: The Xerox Client Software will be delivered on a floppy
for version 3.6.

This guide is inte nded for Network an d System Administrators
responsible for setting up and maintaining Xerox printers with
DocuSP software. U sers should have an understanding of the
Sun workstation and be familiar with Solaris 2.x and basic UNIX
commands. This includes the use of text editors suc h as vi or
textedit and the ability to maneuver within the Solaris
environment. The System Administrator is expected to have a
working knowledge of Local Area Networks (LANs),
communication protocols, and the applicable client platforms to
assist them in a customer site setup.

Contents

In general, this document covers information about the DocuSP
that is not covered in the on-line help or other available guides.

The following list describes the contents of this guide:

• Simple N etwo rk M anage ment Proto col Co nfigur atio n (SNM P)

• Backup and Restore

• Security and Network Setup

•Printing

• Finishing

•Fonts

Common Controller 1-1

Introduction System Guide

• Accounting and Billing

• Troubleshooting

• Hints and Tips

Conventions

This guide includes the following conventions

• Angle brackets - Variable information that is displayed on

your screen is enclosed within angle brackets ; for example,
“Unable to copy <filename>.”

• Square brackets - Names of options you select are shown in

square brackets; for example, [OK] and [Cancel].

• Notes are hints that help you perform a task or understand

the text. Notes are found in the following format:

NOTE: This is an example of a note.

Customer Support Number

To place a customer service call, dial the direct TTY number for
assistance. The number is 800-735-2988.

1-2 Common Controller

2. Gateway Configuration

Setting up the HTTP and SNMP gateways cannot be
accomplished through the graphical user interface and must be
set using the gwConfig utility through a UNIX Terminal window.
The IPP gateway is configured using the DocuSP interface.

Internet Services (HTTP) Gateway Configuration

Perform the following to configure the HTTP gateway:

1. Start the configuration utility. Type

./gwConfig

1..

NOTE: Refer to the instructions in the section, IPP Gateway
Configuration for information about starting the configuration.

2. Perform the following to set up the Internet Services (HTTP)
Gateway:

Enter the name of the gateway to be configured:
Internet Services
Configure the Internet Services Gateway? [Y/N]
y
Enter name: Value data
Printer URL: http://<controller name>.<domain
name>.com

NOTE: Use the IP address of the controller if there is no
domain name. For example, http://52.126.255.255.com

3. A confirmation message of the entered value displays.
Confirm that the entry is correct and enter y for yes.

4. Continue with this process for every value to be configured.

5. When all of the desired values have been configured, press
<Enter> at the Enter Name: [Value Data line].

6. When asked to accept the values and update the

Common Controller 2-1

configuration, enter y for yes.

Gateway Configura tio n Sys tem Guid e

7. The configuration utility exits.

8. When complete, close the Terminal window and select
System, Restart on the DocuSP user interface.

Simple Network Management Protocol (SNMP) Configuration

To configure the SNMP configuration, follow the instructions for
configuring the HTTP Gateway in the previous section.

SNMP provides you with th e status of network device s. If you are
familiar with SNMP manager, you may want to configure the
SNMP gateway using gwConfig and the information that follows.

NOTE: SNMP requires a standard FlexLm l icense. The System
Administrator m us t enable SNMP in License Manager.

Xerox recommends the following third–party SNMP software
mangers:

• IBM Network Printer Manager (NT)

• TNG Unicenter (NT)

• HP OpenView (UNIX, NT)

• Xerox CentreWare (UNIX, NT)

NOTE: The SNMP manager (HP OpenView) may have a
number of requests into DocuSP for information. Some of the
requested information may not be a s upported data set on
DocuSP. Therefore, the SNMP client/manager displays "no
value...etc".

NOTE: You can have more th an one SNM P manager running a t
the same time.

2-2 Common Controller

System Guide Gateway Configura tio n

Configuration variables

Of the many parameters that are available for SNMP
configuration, only the ones of common interest to Xerox
customers are shown in the following table:

Table 2-1.

Value

Parameter Name Description
CommandLine Turn on/off the following flags:

–l: logging to
SNMP_DEBUG_LOG

–w: logging to window

Printer operator The name of the printer operator String

Printer administrator The name of the printer

administrator

Printer administrator location The location of the office of the

printer administrator

Printer administrator Phone The telephone number for

contacting the printer
administrator

Printer location The location of the printer String

Range

(0...127)
String

(0...127)
String

(0...127)
String

(0...127)

(0...127)

Enter the following CommandLine varia bles:

-l: -w:

Default
Value

<empty>

<empty>

<empty>

<empty>

<empty>

An example of SNMP gateway configuration for the parameters
shown is:

SNMP Gateway Configuration File Section
Data:Entry Name Entry ValueCommandLine: -l ­wPrinter Operator: Janet Jones Printer
Administrator: William Webster Printer
Administrator Location: Room 409
Printer Administrator Phone: 122-0001 Printer
Location: Room 444

Common Controller 2-3

Gateway Configura tio n Sys tem Guid e

Printer and job messages

SNMP can broadcast messages about the printer and the jobs
on the system. Printer messages may an nounce that the printer
is idle, printing, or out of paper. Job messages announce that
jobs are pending, processing, or completed. Other job related
information may include the job owner’s name, the job quantity,
the job identifier, etc.

NOTE: ”Forwarding” is not a job state that is broadcast by the
controller; therefore, job forwarding information will not be
displayed by the SNMP job managers.

The information that is displayed at an SNMP Manager may not
always reflect the exact status of a job or printer on the DocuSP
Controller. Those Managers that do not support loading of
Management Information Bases (M IBs) will only display the
printer and job status that they support.

SNMP MIB Support

DocuSP 3.0 SNMP MIB file uses the Xerox Common
Management Interface (XCMI) version 4.0. The following lists the
MIB files included for v ersion 4.0:

• rfc1213 - RFC1213-MIB (MIB-II)

• rfc2790 - HOST-RESOURCES-MIB (XCMI rev 000817)

• rfc2790t - HOST-RESOURCES-TYPES (XCMI rev 000815)

• rfc1759 - Printer-MIB (XCMI rev 000818)

• rfc2707 - Job-Moni toring-MIB (Printer Working Group)

• 02common - XEROX-COMMON-MIB

• 06gentc - XEROX-GENERAL-TC

• 07gen - XEROX-GENERAL-MIB

• 10hosttc - XEROX-HOS T-RESOURCES-EXT-TC

• 11hostx - XEROX-HOST-RESOURCES-EXT-MIB

• 15prtxtc - XEROX-PRINTER-EXT-TC

• 16prtx - XEROX-PRINTER-E XT-MIB

• 21rsrctc - XEROX-RESOURCES-TC

• 22rsrc - XEROX-RESOURCES-MIB

• 40jobtc - XEROX-JOB-MONITORING-TC

• 41jobmon - XEROX-JOB-MO NITORING-MIB

2-4 Common Controller

System Guide Gateway Configura tio n

• 42jobmtc - XEROX-SIMPLE-JOB-MGMT-TC

• 43jobma n - XER O X -S I M PLE -JOB-MGMT-MIB

• 50commtc - XEROX-COMMS-ENGINE-TC

• 51comms - XEROX-COMMS-ENGINE-MIB

• 52conftc - XEROX-COMMS-CONFIG-TC

• 53config - XEROX -C OMMS-CONFIG-MIB

• 58svctc - XEROX-SERVICE-MONITORING-TC

• 59svcmon - XEROX-SERVICE-MONITORING-MIB

• 93pidtc - XEROX-PRODUCT-ID-TC
The following is a listing of MIBs that are supported:

• RFC 1213 MIB fi le
– The system Group
– The Interface Group
– The at (addre ss translation) Group
– The ip Group
– The icmp Group
– The tcp Group
– The udp Group
– The snmp Group

• Host Resource MIB file
– The System Group
– The Storage Gr oup
– The Device Group

• Printer MIB file
– The General Printer Group
– The Input Group
– The Extended Input Group
– The Input Media Group

Common Controller 2-5

– The Output Group
– The Extended Output Group
– The Output Features Group
– The Marker Group
– The Marker Supplies Group

Gateway Configura tio n Sys tem Guid e

– The Marker Colorant Group
– The Media Path Group
– The Interpreters Group
– The Channels G r oup
– The Console Group
– The Alerts Groups

• Xerox General MIB file (uses only the 06gentc and 07gen
files)

– The xcmGen Base Group
– The xcmGen Trap Client Group
– The xcmGen Trap View Group

NOTE: The other files in Xerox General MIB are not supported.

NDS Setup

When using Novell Netware, a preferred server needs to be set
for environments where there is more than one server on the
network. If you are running NDS in an environment with more
than one NDS server, to ensure optimal operation, you should
specify a preferred server. To do this, perform the following steps
(you will need to know your NDS Tree, Context, and Preferred
Server Names):

1. Type

su root

1.and enter password when you are prompted.

2. Type

cd /opt/XRXnps/XRXnwqsgw/bin/

3..

4. Type

./QServerSetup

5. and select the return key.

6. Select the approp ri a te option:

2-6 Common Controller

• If there is already an existing NDS QServer Setup that

you wish to add a Preferred server name to, select choice

2.

• If you are crea ting a anew NDS QServer Setup with a

preferred serv er name, select choice 1.

System Guide Gateway Configura tio n

7. Select choice 4 to list the current setups to make sure your
preferred server was added successfully.

8. Restart the DocuSP software.

NOTE: If logging is enabled, you can check /opt/XRXnps/log/
QServer.Debug.Log to make sure that connection is made with
the Preferred s erver. Ensure that jobs can be submitted from
Netware and properly received and printed.

Common Controller 2-7

Gateway Configura tio n Sys tem Guid e

2-8 Common Controller

3. Backup and Restore

Software configuration information and customer specific files
should be backed up to a safe location, either to tape or to a
remote server on a regular basis. It is valuable to back up a
system to a remote location when upgrades of hardware are
performed.

Software conf iguration information should be saved when the
system has been installed and all queues an d printers have b een
set up. Also, when any printer or queue properties are changed.

The Configuration utility provided with the DocuSP software will
backup all of the DocuSP configuration files in the /opt/XRXnps/
configuration directory. This includes the preferences settings,
printer set up, and queue set up files.

If a software upgrade or new software installation is required, a
representative will perform the software installation. In each
case, certain portions of the system config uration will need to be
restored or reentered by the customer.

Backup

The following information should also be backed up on a regular
basis or when the DocuSP controller has been modified:

• Customized scripts installed by th e customer

• Unique third–party software and relat ed data, or Xerox–
developed solutions and related data

• DNS, NIS, or NIS+ files

• Jobs saved to the DocuSP controller using the Save Feature

• Non–Xerox supplied Sun patches

• Customized links to directories

• Continuous Feed custom imposition files

• Continuous Feed custom print mark files

In addition, it is recommended that the System Administrator
document the following informatio n:

Common Controller 3-1

Backup and Restore System Guide

• Any soft fonts that have been loaded on the system

• Contents of the hosts and hosts.equiv files

• The allowable users

• Any customer–specific passwords

NOTE: In the event of a software upgrade or install by Xerox,
Xerox is not responsibl e f or th e rest or ati o n o f th e a bove i tems to
the DocuSP controller.

NOTE: It is highly recommended that a complete system image
be backed up to tape or a remote location on a regular basis.
Having a current system image stored separate from the
DocuSP controller will ensure that in the event of a failure of the
system or the hard disks, the system can be easily restored.

Refer to the appr opriate SUN documentation for additional
information on saving a system image.

Restore

If only a software upgrade is performed on the DocuSP
controller, the system configuration information will typically be
retained.

During the upgrad e, the Xerox Cu stomer Service R epresentative
will provide a hardcopy of the system configuration information,
such as the contents of the /etc/hosts and /etc/hosts.equiv files,
the list of user names from the /etc/passwd file, and gateway
information from any installed optional gateways. If any
information needs to be recreated, the hardcopy will assist the
System Administrator in restoring the system. Any customized
software, saved files, or unique third–party information will have
to be restored by the System Administrator.If a hardware
installation is performed and there is n o system image saved, the
System Administ rator will have to rest ore or re-enter, at a
minimum, all of the information included on the hardcopy output
provided by the Xerox Customer Service Representative.

3-2 Common Controller

System Guide Backup and Restore

Xerox Backup and Restore (XBR) Utility for a DP100/115/135/180 EPS
System

Backing up a System

To backup a system, use a DocuPrint EPS controller with a QIC
tape drive, at least 3 tapes (maybe up to 6 QIC tapes), and the
XBR floppy.

NOTE: The most common reason for backup procedure failure
is a bad tape. Restart the backup process with a new tape. The
system has to be shutdown before the backup operation can be
performed.

1. Open a Terminal window.

2. In the terminal window, log in as root.

3. At the command prompt, type

init 0

4. and press Enter.

5. At the Ok prompt, type

boot -s

6.. Steps 3 and 4 first shut down the system, then rebo ot it in
single-user mode.

7. Enter the root password.

8. Insert the XBR flopp y in the disk drive an d a blank tap e in the
tape drive.

9. At the command-line prompt, type

mkdir /a

10..

11.Type

mount /dev/diskette /a

12. and press <Enter>. This command causes UNIX to
access the diskette drive (/dev/diskette) through the /a
directory.

13.Type

cd /a

Common Controller 3-3

14..

Backup and Restore System Guide

15.Type

./xbr

16. but don’t forget the “.” before the “/”

17.Type

backup

18. and as the system asks fo r a new tape, remove the
current tape, label it and insert a new tape (each tape takes
about 20 to 25 minutes to fill). After inserting a new tape, type

yes

19.. The system may ask for a tape it has already used (for
example volume 2 a gain) ; ignore the numb er it gi ves you and
label the tape with t he next number in the sequence. This
problem is cause d by the underlying UNIX utility t hat is being
called multiple times (each time it is called, it starts off at the
beginning of the tape numbering sequence and not at the
number with which it left off).

20.After the backup is complete, restart the system by typing

reboot

21. and pressing Enter.

Restoring a System

Before you begin to restore the system, locate the CD labeled
"Solaris 8 CD (1 of 2)" from which to run the Operating System.
You will also need a system to restore to (with a QIC tape drive),
the XBR floppy, all the backup tapes that were made by the
previous procedure, the CD-ROM labeled "Solaris 8 CD (1 of 2)".
To restore the system, perform the following:

1. Insert the "Solaris 8 CD (1 of 2)" CD-ROM, the first tape, and
the XBR floppy into the system.

2. Open a Terminal window.

3. In the Terminal window, login as root.

4. At the command prompt, type

init 0

6. At the "ok" prom pt, type

boot -s

3-4 Common Controller

5. and press <Enter>.

7.

System Guide Backup and Restore

8. Once the system reboots, login as root.

9. Create a directory; type

mount /dev/diskette /a

10.

11.T ype cd

/a

12.

13.Type

./xbr

14. (don’t forget the "." and "/")

15.Type

restore

16.

17.Answer

y

18. for yes to the question that comes up.

19.The system will then reboot.

20.Insert each tape as they are asked for and Press <Enter>.

21.Repeat the previous step twice.

22.The system will reboot. Login as root.

23.As the system requests a new tape, enter the next tape in the
sequence into the drive.

24.The system will display a message when the restore is
complete. To restart the system, type

reboot

25. and press <Enter>.

Common Controller 3-5

Backup and Restore System Guide

3-6 Common Controller

4. Security and Network Setup

This section provides you with information on security re garding
the DocuSP controller and the Solaris Operating System
including access, changing logon levels, and enhancements of
the Solaris OS. Also included are general guidelines to security
related proced ures that can be implemented to improv e security
of the DocuSP controller and the Solaris OS.

Access and Security

UNIX accounts are defined during the installation process:

• root: has super user access to the workstation. The initial
password for this account is set during installation of the
operating system and should be obtained from the Xerox
service personnel.

NOTE: For security reasons, the root account password
should be changed as soon as the Xerox service personnel
have completed the installation.

• The Xerox user name is the account fro m which the Xerox
software runs. Use the Xerox user passw ord for this acco unt.
Contact your Customer Service Represent ative if this is
unknown.

• ftp: an account to permit some clients to retrieve their
software from the DocuSP controller using the TCP/IP
communication protocol. This accou nt will be set to Read
Only access to the /export/home/ftp directory

• Pxrxsvc: the account for remote diagnostics by Xerox
service personnel. The DocuSP controller is accessed using
PPP communications via a modem.

NOTE: The user and group identifications, uid and gid, for the
Xerox accounts that are listed above cannot be arbitrarily
changed in the password and group files to new values because
the software is based on the proper access to the Xerox supplied
files.

Common Controller 4-1

Security and Network Setup System Guide

To allow non–root user command line client s to submit jobs to
the DocuSP controller, the Sun workstation needs two pieces of
information in its database:

• Users must be listed in the password database.

• The client worksta tions need t o be described as trusted ho sts
for the user account. This allows remote operation
commands at the DocuSP controller from a client
workstation, such as rcp, without the requirement for
supplying a password. Set the /etc/hosts.equiv file to trust all
known workstations by setti ng the last li ne in the file to a plus
sign, or, if tighter security is required, list the names of the
trusted host machines in the /etc/hosts.equiv file.

It is not necessary for the user to have the following on the
DocuSP controller:

• Network home directory.

• Meaningful home directory at the DocuSP controller.

• An enabled password.

• The same user identification (uid) as used for the client
workstation account.

• The same group i dentification (gid) as used for the client
workstation account.

NOTE: For more information about UNIX security, please
consult the man page or hosts.equiv and the Sun
documentation.

To set up a user account at the DocuSP controller, it is
suggested that the admintool, which runs in the CDE (Common
Desktop Environment), be used.

Changing the logon level

The DocuSP software defaults to the Walk Up User access level
when the DocuSP s oftware is starte d.

To log into the DocuSP as the System Administrator or Trusted
User, perform the following:

1. Select [System] from the DocuSP Print Services window.

2. Select [Logon]. The Logon dialo g is displ a yed.

3. Select the Trusted User or System Administrator access level

4-2 Common Controller

and enter the correct password.

System Guide Security and Network Setu p

The initial passwords for Trusted User and System
Administrator can be obtained from your Xerox Service
Representative

NOTE: The various system passwords need to be changed
as soon as an install is complete. It is also advised that you
should have a process in place for changing the passwords
on a regular basis.

NOTE: The System Administrator should verify access to the
Xerox applicatio n for all levels before the service installation
personnel leave the site.

NOTE: To maintain security, it is recommended that any
restricted access login be terminated as soon as the session
has been comple ted.

Overview of Security

The purpose of the security section is to provide information on
security regarding the DocuSP controller and the Solaris
Operating System. This section explains the new DocuSP
Security Script feature that allows security for the system a gainst
unauthorized access and modification. The information in this
section about securit y include proced ures and scripts tha t can be
used to improve security of the DocuSP controller and the
Solaris OS. The following information is also a compilation of
security concerns that have been raised by DocuSP customers.

Roles and responsibil it ie s

The following sections de tail the roles and responsibilities in
setting and maintaining the security of the DocuSP controller.

Customer responsibility

The customer has the prim ary responsibility for maintaining the
security of the network within the customer’s site. It is important
that network security is continuously monitored and maintained,
and that appropriate security policies are established and
followed.

Common Controller 4-3

Security and Network Setup System Guide

The procedures outlined in this document assume a basic
knowledge of UNIX, the vi editor, and general computing
concepts. It is expected that the n etwork administrator or system
administrator responsible for network security understands the
base commands (cd, chmod, cp, grep, kill, ln, ls, man, more, ps,
etc.), and the UNIX direct ory path and filena me structures shown
in this document.

There is information within the text and in the appendix sections
for reference to those who may not use this knowledge often. If
you have been given administration privileges to devices
covered by these procedures and do not have sufficient training,
seek assistance from someone with thes e skills.

The DocuSP product operates on the default Solaris OS
configuration and some additional Solaris patches required by
DocuSP. Several scripts are used to provide additional security
for the DocuSP. Not all scripts are public knowledge, only those
that are public are defined in this document and these can be
performed by the customer.

It is the responsibility of the customer to implement any security
changes to this default configuration to obtain the level of
security they require. This includes: monitoring security bulletins
issued by Sun Microsystems, obtaining and installing security
patches, and modification of the Solaris OS to implement
security measures. The customer is also responsibl e for
documenting and testing the im plemented changes to ensure
that there is no impact to the current workflow.

Xerox responsibility

Xerox is committed to providing a level of security which will
allow the DocuSP controller to be a good network citizen in the
response to current security intrusions. Additional security
beyond this remains the responsibility of the customer.

4-4 Common Controller

System Guide Security and Network Setu p

Xerox is constantly evaluating the security of the DocuSP
controller and the Sun Solaris operating environment. Xerox is
committed to providing the latest Solaris security patches
provided by Sun Microsystems in each major DocuSP release.
The DocuSP development team will also add Solaris security
patches in between major release cycles. All OS security
patches for application s adde d dur ing a sta ndar d DocuSP i nstall
will be included, even if the application code is not normally used
by DocuSP users. Security patches for applications not loaded
by a standard DocuSP install will not be evaluated or included.
Only the version of a patch impacting security will be included; if
a security patch has a newer version that is not security related
then this patch will not be updated to the newer version. Any
security patch that is determined to have a negative impact to
DocuSP operation will not be added (this is expected to be a
very rare event).

When the DocuSP software and system was installed, Xerox
provided a default root password for the UNIX environment. In
addition, default passwords may have been created for the
DocuSP Trusted User and System Administrator login levels.

Xerox strongly recommends that the customer change these
passwords from the de fault settings since the u ltimate securi ty of
the printing system resides with the customer.

NOTE: Please be aware that the Xerox Customer Support
Personnel must have access to the new root password for
service and support. It is the customer’s responsibility to ensure
that the root password is available for them.

New security features

In this release of DocuSP, the Xerox DocuSP Security Script has
been included with the DocuSP software. When invoked, the
script implements changes to the Solaris Operating Environment
to secure the system against unauthorized access and
modification.

The Xerox DocuSP Security Script is based on Sun
Microsystems’ Blueprint white papers as well as previous
security scripts developed by Xerox for the DocuSP.

The Xerox DocuSP Security Script is run by the Xerox service
representative when the DocuSP software is installed or
upgraded.

Common Controller 4-5

Security and Network Setup System Guide

This document details each service impacted by the script so
that customers can make informed decisions about whether this
script meets the security requirem ent s of thei r envir on m ent .
Some customers may find that some features disabled by this
script, such as telnet and ftp, ar e required in their environment.
How to re-enable each individual service is not discussed in this
document. If further assistance is required, please contact the
Customer Support Center.

NOTE: Security changes are not saved during an installation or
upgrade of the Do cuSP software. When a software install or
upgrade is performed, the Xerox Service Representative runs
the security script at the completion of the installation. Any
adjustments made to the security features b y the customer prior
to the installat ion or upgrade need to be made again.

The following list documents the Sun Solaris services that are
disabled when the Xerox DocuSP Security Script is run:

• ftp (must be enabled for DigiPath and Continuous Feed
systems)

• telnet

• echo

• Discard

•Daytime

• Chargen

•Time

•Name

•Finger

•Uucp

•Talk

• Comsat

• Exec

•Dtspc

• Rpc.rusersd

• Rpc.sprayed

•Rpc.rwalld

• Kems_server

• Rquotad

4-6 Common Controller