Simpler Navigation coming for Servers and Operating Systems
Coming soon: a much simpler Servers and Operating Systems section of the Community. We will combine many of the older boards, and you won't have to click through so many levels to get at the information you need. If you are looking for an older board and do not find it, check the consolidated boards, as the posts are still there.
Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

SOLVED
Go to solution
gunners
Frequent Advisor

OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Hi ,

OPENVMS V7.3 or 8.3

Just wondering if I log in as myself  (as a priv user) - I then go into UAF > mod system/passwd='******' on a certain date

How do I find out and prove that it was me changed it on that certain date  - is there an audit facility - accounting etc ?

or some way of finding out that the command above was used by me on that date - either in a log somewhere or ?

 

Yes its for an auditor :(

 

4 REPLIES
Volker Halle
Honored Contributor

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

 

$ ANALYZE/AUDIT/EVENT=(SYSUAF)/FULL SYS$MANAGER:

 

extracts the SYSUAF modification events from the Security Audit Journal.

 

Volker.

gunners
Frequent Advisor

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Great stuff Volker thanks a mill , and can you do it by dates etc? - ie /sin=12-jan-2013/before=12-feb-2013 etc
Volker Halle
Honored Contributor
Solution

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Did you know, that OpenVMS has HELP ?!

 

Try $ HELP ANALYZE/AUDIT

 

Volker.

 

Highlighted
John Gillings
Honored Contributor

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

and just in case it's not already enabled:

 

$ SET AUDIT/AUDIT/ENABLE=AUTHORIZATION

 

(and yes, you do need AUDIT/AUDIT).

 

A crucible of informative mistakes