|
HP OpenVMS Systemsask the wizard |
|
The Question is: Dear Wizard Is it possible to log the changes made by VMS AUTHORIZE to the UAF, and the RIGHTS and NETPROXY databases, who did what and when, we don't require any journalling as such, just some kind of logging so we can trace problems to changes made via AUTHORIZE. I t can be especially difficult after deletion of critical objects to know what's gone. I would be grateful for any help you can provide. Richard Smith The Answer is :
To log all UAF and RIGHTSLIST changes to the secutrity audit journal
use:
$ SET AUDIT/AUDIT/ENABLE=AUTHORIZE
to send the messages to the console use:
$ SET AUDIT/ALARM/ENABLE=AUTHORIZE
Here are some examples:
UAF> grand/identifier net_anon wizard
%%%%%%%%%%% OPCOM 4-NOV-1999 09:09:48.73 %%%%%%%%%%%
Message from user AUDIT$SERVER on WIZBOX
Security alarm (SECURITY) and security audit (SECURITY) on WIZBOX, system id: 62002
Auditable event: Identifier granted
Event time: 4-NOV-1999 09:09:48.72
PID: 20A00217
Process name: WIZARD
Username: WIZARD
Process owner: [WIZARD]
Terminal name: RTA1:
Image name: $46$DKB0:[SYS0.SYSCOMMON.][SYSEXE]AUTHORIZE.EXE
Identifier name: NET_ANON
Identifier value: %X80010011
Attributes: none
Holder name: WIZARD
Holder owner: [WIZARD]
%UAF-I-GRANTMSG, identifier NET_ANON granted to WIZARD
UAF> modify wizard/pgflquota=100000
%%%%%%%%%%% OPCOM 4-NOV-1999 09:11:17.99 %%%%%%%%%%%
Message from user AUDIT$SERVER on WIZBOX
Security alarm (SECURITY) and security audit (SECURITY) on WIZBOX, system id: 62002
Auditable event: System UAF record modification
Event time: 4-NOV-1999 09:11:17.98
PID: 20A00217
Process name: WIZARD
Username: WIZARD
Process owner: [WIZARD]
Terminal name: RTA1:
Image name: $46$DKB0:[SYS0.SYSCOMMON.][SYSEXE]AUTHORIZE.EXE
Object class name: FILE
Object name: SYS$CLUSTER:[SYSEXE]SYSUAF.DAT;1
User record: WIZARD
PGFLQUOTA: New: 100000
Original: 65536
Note that this audit is on by default.
|