Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

gunners · ‎04-18-2013

Hi ,

OPENVMS V7.3 or 8.3

Just wondering if I log in as myself (as a priv user) - I then go into UAF > mod system/passwd='******' on a certain date

How do I find out and prove that it was me changed it on that certain date - is there an audit facility - accounting etc ?

or some way of finding out that the command above was used by me on that date - either in a log somewhere or ?

Yes its for an auditor :(

Volker Halle · ‎04-18-2013

$ ANALYZE/AUDIT/EVENT=(SYSUAF)/FULL SYS$MANAGER:

extracts the SYSUAF modification events from the Security Audit Journal.

Volker.

gunners · ‎04-18-2013

Great stuff Volker thanks a mill , and can you do it by dates etc? - ie /sin=12-jan-2013/before=12-feb-2013 etc

Volker Halle · ‎04-18-2013

Did you know, that OpenVMS has HELP ?!

Try $ HELP ANALYZE/AUDIT

Volker.

John Gillings · ‎04-18-2013

and just in case it's not already enabled:

$ SET AUDIT/AUDIT/ENABLE=AUTHORIZATION

(and yes, you do need AUDIT/AUDIT).

A crucible of informative mistakes

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF