- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Audit selected accounts?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-02-2009 06:18 AM
тАО12-02-2009 06:18 AM
Audit selected accounts?
In OpenVMS 8.3, is it possible to "audit" selected accounts, something like "set host/log"? If so, how do I do it?
Appreciate any help.
Guru-nono
Bj├╢rnR
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-02-2009 06:39 AM
тАО12-02-2009 06:39 AM
Re: Audit selected accounts?
By Audit you mean log what is going to the terminal, not the system audits of events?
There are commercial products that allow that to be done. Here is one:
http://www.raxco.co.uk/product.asp?ProductID=96
If you don't mind the overhead and non-transparent nature, there is the freeware JUMP utility that creates a psuedo terminal and allow for a log in a secure location. The formatting leaves a lot to be desired, as rubouts, etc. aren't cleaned up.
It is available from Hunter Goatley's freeware site.
http://vms.process.com/scripts/fileserv/fileserv.com?JUMP
Jon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-02-2009 06:53 AM
тАО12-02-2009 06:53 AM
Re: Audit selected accounts?
So... Are you dealing with an actual attacker and with improving your security, or are you complying with auditing requirements; the approaches used for these two goals are quite different.
Depending on your goals...
Use dual-passsord logins, and require both users to be present when the username is in use.
Set the /FLAG=AUDIT auditing flag on the user in SYSUAF.
Set up a "jump" login that issues the SET HOST /LOG for you.
Use a CAPTIVE login for the particular task.
Add-on logging tools including PEEK and SPY.
Logs are popular with auditing standards, but they're a comparatively poor choice for detecting or preventing attacks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-02-2009 07:07 AM
тАО12-02-2009 07:07 AM
Re: Audit selected accounts?
Our customers "internal control"-department wants the possibility to log activities/commands for a few selected accounts. They want an output somewhat like set host/log...
//Bj├Г┬╢rn
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-02-2009 07:18 AM
тАО12-02-2009 07:18 AM
Re: Audit selected accounts?
If you want some backup...
http://labs.hoffmanlabs.com/node/43
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-02-2009 02:12 PM
тАО12-02-2009 02:12 PM
Re: Audit selected accounts?
The UAF /AUDIT flag will record a LOT of informaion. It may be worth trying it on one of your target accounts to see if it does what your auditors want.
For a keystroke log, you can pay for a commercial product, but there's a "poor man's" mechanism using two accounts.
The username the user logs in with is a captive account with no password. The login procedure issues:
$ SET HOST 0/LOG=logfile L_
using this syntax, the login starts with the username, so prompts for the password. Thus the user enters their username, then a password, possibly with some messages in between.
The L_
If you want to step the security up a notch, have two different nodes. One for logging, with two network adapters. Users login on one, the node then SET HOSTs through the other one to the target node. Since there's no direct path from the users to the secure node, they only way to get there is via the logging node. (just change the SET HOST 0 to SET HOST
Obviously you could use an IP protocol instead of SET HOST, the advantage of SET HOST is you can feed it the username - SSH can do the same) with -l.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-03-2009 07:35 AM
тАО12-03-2009 07:35 AM
Re: Audit selected accounts?
Pointsecure System Detective
http://www.pointsecure.com/products/sys_det.aspx
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-04-2009 12:47 AM
тАО12-04-2009 12:47 AM
Re: Audit selected accounts?
Thanks!
BR
Bj├╢rn Ryd├йn