topic Re: Auditing ACL for specific users. in Operating System - OpenVMS

Auditing ACL for specific users.

The Brit — Tue, 18 Sep 2007 09:54:16 GMT

I want to audit (i.e. record in the SECURITY.AUDIT$JOURNAL) when a subgroup of users (with elevated privileges) Login and Logout of my system. The group consists of probably less than 10 (out of several hundred).

I dont want to log everybody, only this relatively small group.

It seemed a relatively simple problem however it turns out to be more difficult than I thought, (unless I am missing something obvious). I thought about putting an auditing ACE on either SYLOGIN.COM or LOGINOUT.EXE however it doesn't look like this can be restricted to "access by the sub-group".

Any ideas anyone.

Dave

Re: Auditing ACL for specific users.

Bojan Nemec — Tue, 18 Sep 2007 12:06:19 GMT

Dave,

Audit ACEs can not be restricted to a group.

What about creating a dummy file which is protected against all users except the group and has an audit alarm:
(AUDIT=SECURITY,ACCESS=READ+SUCCESS)

Then in SYS$SYLOGIN try to open and close this file.
$ OPEN/READ D dummy_file /ERROR=ERR
$ CLOSE D
$ERR:

If the open will succed, you will receive an audit record in the audit journal.

Bojan

Re: Auditing ACL for specific users.

The Brit — Tue, 18 Sep 2007 14:24:50 GMT

Thanks Bojan,

This solution will work for me.

Dave.