- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Someone deleted the sysuaf.dat file. Is that logge...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 03:25 AM
тАО04-05-2006 03:25 AM
Someone deleted the sysuaf.dat file. Is that logged anywhere?
Well, it finally happened yesterday when someone deleted sysuaf.dat. While I recovered the file from the nightly backup, no one has taken responsibility for deleting the file.
I support too many operating systems these days and have become a bit rusty with vms to recall all the accounting and security features. Question: Is the deletion of sysuaf.dat recorded anywhere on the system... assuming default installation settings for accounting and security? I have already scanned accounting and didn't find it there.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 03:39 AM
тАО04-05-2006 03:39 AM
Re: Someone deleted the sysuaf.dat file. Is that logged anywhere?
Ensure the time and cost of recovering from this is visable to the mangagement - give them some beans to count.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 03:48 AM
тАО04-05-2006 03:48 AM
Re: Someone deleted the sysuaf.dat file. Is that logged anywhere?
Question: Is the deletion of sysuaf.dat recorded anywhere on the system... assuming default installation settings for accounting and security?
No.
But, if you fear for a repitition any time in the future, you CAN set an alarm ACE on it.
And then I hope it will not be "SYSTEM" who did it, because that will bring you back to square 1.
In that respect, did you really mean
"too many users have system privileges", (a relatively good thing)
or did you mean that many users have access to the SYSTEM account?
In the latter case, all you can do is hope to find out from which terminal/remote connection the faulty action was made, and be able to tie that to one individual.
But really, you should try with all means at your disposal to convince your management that this is an unresponsible risk!
-- but you probably gave them the best argument to the contrary, by demonstrating how quickly you can recoverm by a simple restore. :-(
As so often: the technical problems are NOTHING compared to managents complete incompetence
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 04:00 AM
тАО04-05-2006 04:00 AM
Re: Someone deleted the sysuaf.dat file. Is that logged anywhere?
You are not alone :-)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 04:14 AM
тАО04-05-2006 04:14 AM
Re: Someone deleted the sysuaf.dat file. Is that logged anywhere?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 04:26 AM
тАО04-05-2006 04:26 AM
Re: Someone deleted the sysuaf.dat file. Is that logged anywhere?
Having large numbers of privileged accounts is a problem.
OpenVMS DOES allow many management functions to be performed by users with suitable file access, not full privileges.
At HP WORLD 2004, I gave a presentation on how to manage a large environment (measured in thousands of users), with a minimum of privileged users. The introductory slides for the presentation can be found at http://www.rlgsc.com/hpworld/2004/N227.html .
(My apologies, but the workbook is not publicly available, it represents a half-day seminar).
Suffice it to say, particularly in these days of Sarbenes-Oxley and other accountability regulations, OpenVMS provides mechanisms to manage the system without requiring large numbers of privileged users.
- Bob Gezelter, http://www.rlgsc.com
Contributor, OpenVMS Security, Handbook of Information Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 04:34 AM
тАО04-05-2006 04:34 AM
Re: Someone deleted the sysuaf.dat file. Is that logged anywhere?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 04:36 AM
тАО04-05-2006 04:36 AM
Re: Someone deleted the sysuaf.dat file. Is that logged anywhere?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 04:37 AM
тАО04-05-2006 04:37 AM
Re: Someone deleted the sysuaf.dat file. Is that logged anywhere?
Get your corporate auditor interested as they can wield a stick big enough for the management to take note of.
There are other security standards which apply if you have any govt work.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО04-05-2006 04:41 AM
тАО04-05-2006 04:41 AM
Re: Someone deleted the sysuaf.dat file. Is that logged anywhere?
has a copy of the system account, along with a UIC of [1,4]. The only user account differences from system are username and default directory
In that case, I would not even like to THINK about what functionality you will break by taking away the privileges,
BUT,
the ONE important thing you CAN, (and should) do with little impact, but much gain, is assigning each user account a unique UIC.
To stay on the save side wrt breaking things, choose group-UICs .LE. SYSGENs MAXSYSGROUP, but then at least any activity that leaves a trace will in that trace show WHO did it.
hth
Proost.
Have one on me.
jpe