Re: Auditing ACL for specific users.

The Brit · ‎09-18-2007

I want to audit (i.e. record in the SECURITY.AUDIT$JOURNAL) when a subgroup of users (with elevated privileges) Login and Logout of my system. The group consists of probably less than 10 (out of several hundred).

I dont want to log everybody, only this relatively small group.

It seemed a relatively simple problem however it turns out to be more difficult than I thought, (unless I am missing something obvious). I thought about putting an auditing ACE on either SYLOGIN.COM or LOGINOUT.EXE however it doesn't look like this can be restricted to "access by the sub-group".

Any ideas anyone.

Dave

Bojan Nemec · ‎09-18-2007

Dave,

Audit ACEs can not be restricted to a group.

What about creating a dummy file which is protected against all users except the group and has an audit alarm:
(AUDIT=SECURITY,ACCESS=READ+SUCCESS)

Then in SYS$SYLOGIN try to open and close this file.
$ OPEN/READ D dummy_file /ERROR=ERR
$ CLOSE D
$ERR:

If the open will succed, you will receive an audit record in the audit journal.

Bojan

The Brit · ‎09-18-2007

Thanks Bojan,

This solution will work for me.

Dave.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Auditing ACL for specific users.

Auditing ACL for specific users.

Re: Auditing ACL for specific users.

Re: Auditing ACL for specific users.