 |
The Question is:
Dear Wizard
Is it possible to log the changes made by VMS AUTHORIZE to the UAF, and the
RIGHTS and NETPROXY databases, who did what and when, we don't require any
journalling as such, just some kind of logging so we can trace problems to
changes made via AUTHORIZE. I
t can be especially difficult after deletion of critical objects to know
what's gone.
I would be grateful for any help you can provide.
Richard Smith
The Answer is :
To log all UAF and RIGHTSLIST changes to the secutrity audit journal
use:
$ SET AUDIT/AUDIT/ENABLE=AUTHORIZE
to send the messages to the console use:
$ SET AUDIT/ALARM/ENABLE=AUTHORIZE
Here are some examples:
UAF> grand/identifier net_anon wizard
%%%%%%%%%%% OPCOM 4-NOV-1999 09:09:48.73 %%%%%%%%%%%
Message from user AUDIT$SERVER on WIZBOX
Security alarm (SECURITY) and security audit (SECURITY) on WIZBOX, system id: 62002
Auditable event: Identifier granted
Event time: 4-NOV-1999 09:09:48.72
PID: 20A00217
Process name: WIZARD
Username: WIZARD
Process owner: [WIZARD]
Terminal name: RTA1:
Image name: $46$DKB0:[SYS0.SYSCOMMON.][SYSEXE]AUTHORIZE.EXE
Identifier name: NET_ANON
Identifier value: %X80010011
Attributes: none
Holder name: WIZARD
Holder owner: [WIZARD]
%UAF-I-GRANTMSG, identifier NET_ANON granted to WIZARD
UAF> modify wizard/pgflquota=100000
%%%%%%%%%%% OPCOM 4-NOV-1999 09:11:17.99 %%%%%%%%%%%
Message from user AUDIT$SERVER on WIZBOX
Security alarm (SECURITY) and security audit (SECURITY) on WIZBOX, system id: 62002
Auditable event: System UAF record modification
Event time: 4-NOV-1999 09:11:17.98
PID: 20A00217
Process name: WIZARD
Username: WIZARD
Process owner: [WIZARD]
Terminal name: RTA1:
Image name: $46$DKB0:[SYS0.SYSCOMMON.][SYSEXE]AUTHORIZE.EXE
Object class name: FILE
Object name: SYS$CLUSTER:[SYSEXE]SYSUAF.DAT;1
User record: WIZARD
PGFLQUOTA: New: 100000
Original: 65536
Note that this audit is on by default.
|
|
|
|
|
