Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Auditing ACL for specific users.

SOLVED
Go to solution
The Brit
Honored Contributor

Auditing ACL for specific users.

I want to audit (i.e. record in the SECURITY.AUDIT$JOURNAL) when a subgroup of users (with elevated privileges) Login and Logout of my system. The group consists of probably less than 10 (out of several hundred).

I dont want to log everybody, only this relatively small group.

It seemed a relatively simple problem however it turns out to be more difficult than I thought, (unless I am missing something obvious). I thought about putting an auditing ACE on either SYLOGIN.COM or LOGINOUT.EXE however it doesn't look like this can be restricted to "access by the sub-group".

Any ideas anyone.

Dave
2 REPLIES
Bojan Nemec
Honored Contributor
Solution

Re: Auditing ACL for specific users.

Dave,

Audit ACEs can not be restricted to a group.

What about creating a dummy file which is protected against all users except the group and has an audit alarm:
(AUDIT=SECURITY,ACCESS=READ+SUCCESS)

Then in SYS$SYLOGIN try to open and close this file.
$ OPEN/READ D dummy_file /ERROR=ERR
$ CLOSE D
$ERR:

If the open will succed, you will receive an audit record in the audit journal.

Bojan
The Brit
Honored Contributor

Re: Auditing ACL for specific users.

Thanks Bojan,

This solution will work for me.

Dave.