- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Missing Directory in VMS Server
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2011 04:50 AM
02-21-2011 04:50 AM
Missing Directory in VMS Server
I am supporting VMS server in which today when i logged into one of the servers i found that one of the directory is missing/Deleted, is there any possiblities to identifiy who has deleted the directory, in the system the accounting and auding has been enabled as below.
Nsil01_TNs» show accounting
Accounting is currently enabled to log the following activities:
PROCESS any process termination
INTERACTIVE interactive job termination
LOGIN_FAILURE login failures
SUBPROCESS subprocess termination
DETACHED detached job termination
BATCH batch job termination
NETWORK network job termination
PRINT all print jobs
MESSAGE user messages
Nsil01_TNs»
Nsil01_TNs»
Nsil01_TNs»
Nsil01_TNs» show audit
System security alarms currently enabled for:
ACL
Authorization
Audit: illformed
Breakin: dialup,local,remote,network,detached
Logfailure: batch,dialup,local,remote,network,subprocess,detached
System security audits currently enabled for:
ACL
Authorization
Audit: illformed
Breakin: dialup,local,remote,network,detached
Logfailure: batch,dialup,local,remote,network,subprocess,detached
Nsil01_TNs»
Nsil01_TNs»
Nsil01_TNs»
Nsil01_TNs» show system/noproc
OpenVMS V6.2-1H2 on node NSIL01 21-FEB-2011 12:44:40.22 Uptime 438 17:01:27
Nsil01_TNs»
Kindly help me if there is any possiblity in finding the user who may have deleted the directory.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2011 05:22 AM
02-21-2011 05:22 AM
Re: Missing Directory in VMS Server
1) Either delete all the files in the directory, or mark the directory file /NODIR. Please note that setting the file/nodir requires SYSPRV and should be used with extreme caution.
2) Actually delete the directory file (x.DIR).
If the /nodir was used, there will be files that have no directory entry. These can be retrieved using the ANAL/DISK/REPAIR utility which will place these files into the [syslost] area.
I am not aware of any way to determine who deleted the directory using the information captured with your settings as described.
Dan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2011 05:44 AM
02-21-2011 05:44 AM
Re: Missing Directory in VMS Server
Have you checked the audit log for the last few days?
Time to start the request for restore.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2011 06:11 AM
02-21-2011 06:11 AM
Re: Missing Directory in VMS Server
If you can narrow the time window, and you dont have too many users, you may be able to narrow down the suspects, bearing in mind the privilege required to delete the directory. If telnet is a standard method of accessing your systems then Logins and Logouts are recorded in Operator.log (usually).
Note also however, (and as pointed out), deleting the directory (without using the /NoDir qualifier) requires at least two explicit commands, first it is necessary to remove all of the files in the directory, and any sub-directories. This command may have to be executed repeatedly until the directory is empty. Then a second explicit command to delete the directory.
This makes it quite possible that the act was done maliciously, (and may help narrow down the list of suspects), but does not provide any proof.
Good Luck
Dave.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2011 07:29 AM
02-21-2011 07:29 AM