- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- How to audit someone changing the servers time.
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-28-2004 10:35 PM
тАО09-28-2004 10:35 PM
How to audit someone changing the servers time.
The time was changed to 26-Sep-2004 and then back to 25-Sep-2004.
I think you need OPER and LOG_IO priv to change the time.
I tried to do an anal/audit/event=time/since=25-sep-2004:21:00/before=25-sep-2004:23:30
But I do not get any events even though the time was changed either by a batch process or an interactive user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-28-2004 10:44 PM
тАО09-28-2004 10:44 PM
Re: How to audit someone changing the servers time.
You need to enable audit for time.
$SET AUDIT/ENABLE=TIME/AUDIT
$SET AUDIT/ENABLE=TIME/ALARM
Then you will find time change information in your security audit file.
HTH,
Thanks & regards,
Lokesh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-28-2004 10:50 PM
тАО09-28-2004 10:50 PM
Re: How to audit someone changing the servers time.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-28-2004 10:51 PM
тАО09-28-2004 10:51 PM
Re: How to audit someone changing the servers time.
First shot, I could think of.
I'm not sure what class the system time is, but this may help once that's figured out:
$ SET AUDIT/CLASS=
(Perhaps the security manual tells you more)
HTH
Willem
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-29-2004 04:14 AM
тАО09-29-2004 04:14 AM
Re: How to audit someone changing the servers time.
Any idea how much this will add to my audit file, it is already 3 gb in size per month.
Is there any way to see anything in any other log ( like operator.log etc..), which might indictate changes?
Thanks Vic...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-29-2004 11:44 AM
тАО09-29-2004 11:44 AM
Re: How to audit someone changing the servers time.
See link for a way of doing this:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?admit=716493758+1096501334712+28353475&threadId=581282
Lawrence
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-29-2004 01:22 PM
тАО09-29-2004 01:22 PM
Re: How to audit someone changing the servers time.
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-29-2004 08:34 PM
тАО09-29-2004 08:34 PM
Re: How to audit someone changing the servers time.
One record per time change - not a lot.
I think you should be creating a new audit file more often than once per month. Did you do the changes as suggested by John Gillings et al in your previous thread?
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-30-2004 06:18 AM
тАО09-30-2004 06:18 AM
Re: How to audit someone changing the servers time.
NOTE: By the way, for reference in OpenVMS System Management Utilities Reference Manual: A-L, the default audit file is SYS$MANGAGER:SECURITY.AUDIT$JOURNAL. [Victor knows that.]
Lawrence
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-30-2004 08:04 AM
тАО09-30-2004 08:04 AM
Re: How to audit someone changing the servers time.
I also just recently received the 7.3-1 security guide in pdf, so we now have that to assist us.
I just found out the time issue wasn't on our server, but rather on the server where the db was running, so the problem appears in the log where we call from the db and it relfected the issues with their clock, before they blew up and had their clock replaced.
Many Thanks for all the help