- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Keystroke auditing on OpenVMS Integrity v8.3-1...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-08-2010 08:46 AM
тАО01-08-2010 08:46 AM
We presently have AUDIT installed on our VMS systems to take logs of keystrokes from privileged users and other users that have access to a VMS prompt. This is a requirement for company auditing purposes.
Does anyone have any ideas of other tools that are available that can do logging of keystrokes on VMS for auditing?
What I'm specifically interested in is the keystrokes that the users put into the VMS system, not necessarily the response from the system. We also still want the input even if the terminal is set /NOECHO
Thanks in advance
Steve
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-08-2010 12:47 PM
тАО01-08-2010 12:47 PM
Re: Keystroke auditing on OpenVMS Integrity v8.3-1H1
It isn't clear to me if there is a problem with AUDIT, or if you are looking for a cheaper alternative.
Does AUDIT have the capability to log /input ?
My opinion is that keystroke logging by itself is of limited use from an auditing standpoint. A knowledgeable user with privilege and malicious intent, can disguise what they are doing with command files and other techniques. The point being that keystrokes alone are not sufficient. They can be useful for debugging and for determining what was being done when other auditing events occurred.
Jon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-08-2010 01:08 PM
тАО01-08-2010 01:08 PM
Re: Keystroke auditing on OpenVMS Integrity v8.3-1H1
We're evaluating options now that we're planning the move to Integrity. We don't just use keystroke logging/auditing, we use other things too, such as the auditing within VMS. The keystroke logging/auditing is but one of the tools that's necessary with corporate standards
Steve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-08-2010 01:42 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-09-2010 01:10 AM
тАО01-09-2010 01:10 AM
Re: Keystroke auditing on OpenVMS Integrity v8.3-1H1
Thanks
Steve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-09-2010 07:05 AM
тАО01-09-2010 07:05 AM
Re: Keystroke auditing on OpenVMS Integrity v8.3-1H1
how about:
http://www.networkingdynamics.com/TheVmsStore.htm
Look at Peek & Spy and KeyCapture
Volker.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-10-2010 01:28 PM
тАО01-10-2010 01:28 PM
Re: Keystroke auditing on OpenVMS Integrity v8.3-1H1
I'm not a huge fan of keystroke logging. Who's going to read it?
The "poor man's" keystroke log is fairly simple. Arrange for the user to login to one username, which does a SET HOST/LOG to a second username (or system).
Ideally use two systems. The "audit" system has two network adapters. Users on one side, and "audited" system on the other. That way there's no physical path between the users and the audited system, except via the audit system. The users also have no non-captive access to the audit system, so even privileged users can't mess with the audit logs.
Give the users a captive account on the audit system with no password. The LOGIN procedure generates a log file name, then:
$ SET HOST/LOG
Note the username is SYS$INPUT for the SET HOST command. This will pass the username to the target system.
The user will therefore see only one "Username:" prompt and one "Password:" prompt. Whatever welcome message or LOGIN.COM output you generate will appear between the prompts.
On the audited system, have the SYLOGIN procedure check the source of all logins. Anything not from the audit system is immediately logged out.
I don't think this will capture /NOECHO input, but it's simple to setup and needs no special privileges or non-standard privileged code.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-10-2010 11:10 PM
тАО01-10-2010 11:10 PM
Re: Keystroke auditing on OpenVMS Integrity v8.3-1H1
Steve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-11-2010 01:14 AM
тАО01-11-2010 01:14 AM
Re: Keystroke auditing on OpenVMS Integrity v8.3-1H1
Does it handle large QIO operations to TCPIP services TNA (Telnet) devices?
Does it survive a disconnect/reconnect on a VTA terminal?
Does it provide secure logging (at least for non-privileged users)? As John Gillings said, if the logging is being done on the same system as the privileged users being monitored, I am not aware of any way to guarantee that the logs will be valid. In other words, a user with CMKRNL privilege can compromise the logging.
Does it have the ability to post process the output to clean up the rubout processing? This makes the output easier to read, but may also hide some info.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-11-2010 02:46 AM
тАО01-11-2010 02:46 AM
Re: Keystroke auditing on OpenVMS Integrity v8.3-1H1
http://www.pointsecure.com/products/sys_det.aspx
Purely Personal Opinion