Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Login failure settings in audit

 
Wim Van den Wyngaert
Honored Contributor

Login failure settings in audit

I'm not finding it myself so : is there a complete definition of what the items dialup,, local, remote, network and server are used for in set aud/ena=logfail=xxx ? T.i. when do the alarms exactly occur ?

Wim
Wim
11 REPLIES
Walter Miller_1
Valued Contributor

Re: Login failure settings in audit

Sections 3.4.1 through 3.4.4 in the Guide to System Security has descriptions of these items.
Wim Van den Wyngaert
Honored Contributor

Re: Login failure settings in audit

Missed that. http://h71000.www7.hp.com/doc/732FINAL/aa-q2hlg-te/aa-q2hlg-te.HTMl

has some of it.

But I did a
set ho/lat : local
set ho/teln : remote
set ho 0 : remote
ftp : network

I don't get lat and telnet. I would have expected network logins like ftp. And what about server ? Terminal server ?

Wim
Wim
Karl Rohwedder
Honored Contributor

Re: Login failure settings in audit

Concerning LAT:

I assume. that LAT logins are considered LOCAL, because they replaced former directly conmected terminals with terminals at terminalservers.
If memory serves me right, the SET HOST/LAT functionality was added later to VMS.

regards Kalle
labadie_1
Honored Contributor

Re: Login failure settings in audit

Wim

I bet ologin will be registered as remote.

Hum, may be you have not installed OSI login

:-)
Wim Van den Wyngaert
Honored Contributor

Re: Login failure settings in audit

OSI login ? C'est quoi ?

While on the subject : what about subprocess and detached login ? I failed to create a subprocess (spawn with already too many processes for me) but got no alarm.

I did a run sys$system:loginout/inp=nonexistsingfile : subprocess. Idem but /uic : detached. That seems ok.

Wim
Wim
Wim Van den Wyngaert
Honored Contributor

Re: Login failure settings in audit

Console login is local. Also ok.

Was thinking may be all decnet was remote. But no : T2T is network.

Did an SSH : network. No remote here.

Wim
Wim
labadie_1
Honored Contributor

Re: Login failure settings in audit

See

http://h71000.www7.hp.com/doc/82final/decnetplus/ftam_use.pdf

But I am wrong, ologin is used to connect using OSI protocol from a Digital Unix to Vms.

From Vms it is
set host/vtp

This comes from years ago when Digital thought Osi would be the standard, but Tcpip became the standard...
Walter Miller_1
Valued Contributor

Re: Login failure settings in audit

Local

You log in from a terminal connected directly to the central processor or from
a terminal server that communicates directly with the central processor.

Remote

You log in to a node over the network by entering the DCL command SET
HOST.

Network

The system performs a network login when you start a network task on a remote node, such as displaying the contents of a directory or copying files stored in a directory on another node. Both your current system and the remote system must be nodes in the same network.
Wim Van den Wyngaert
Honored Contributor

Re: Login failure settings in audit

The "server" keyword is still not defined.

Wim
Wim
Richard W Hunt
Valued Contributor

Re: Login failure settings in audit

DIALUP - the UNIT CONTROL BLOCK for the prototype of that serial device says it is a DIALUP line. Or, for non-prototyped devices, the individual device UCB says it is a DIALUP line. I forget which flag you set, but I know it is a UCB flag for terminals.

REMOTE - Anything that came in over a network line before determining the type of session. E.g. TELNET, SET HOST.

LOCAL - Anything that connects through a serial interface as its connection method. E.g. the console, or if you had RS-232 (or newer) lines physically connected to the device. AND its UCB isn't marked "dialup."

For the old DECservers using LAT, you were either LOCAL or DIALUP depending on how you marked the individual ports on the DECserver end. (Did I just give away my age here?)

BATCH is obvious, there is only one way to get there. SUBMIT or an API equivalent using SNDJBC$ or something like that.

SUBPROCESS is a SPAWN or CREPRC$ operation

DETACHED is a RUN/DETACHED or CREPRC$ operation (the latter with the appropriate options).
Sr. Systems Janitor
Richard W Hunt
Valued Contributor

Re: Login failure settings in audit

Oh, "SERVER"

Possibly one of the SERVER queues such as TCPIP$SMTP_{mumble}, which shows up as a SERVER queue if you use the appropriate SHOW QUEUE /FULL options to select it. After all, you have to create a session under which to run the SMTP sender for your mail messages and such.
Sr. Systems Janitor