Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2005 08:34 PM
тАО11-22-2005 08:34 PM
VMS Proxy
It seems somebody has modified the proxy setting in my system, so remote user is unable to execute some options from his computer which is suppose to execute from host computer through poxy.
Is there any way to find out the changes made to proxy database.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2005 08:38 PM
тАО11-22-2005 08:38 PM
Re: VMS Proxy
Check with SHOW AUDIT and analyse with ANALYZE/AUDIT.
regards Kalle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2005 09:00 PM
тАО11-22-2005 09:00 PM
Re: VMS Proxy
you may also find useful information in operator messsages in operator.log
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2005 09:03 PM
тАО11-22-2005 09:03 PM
Re: VMS Proxy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-22-2005 09:34 PM
тАО11-22-2005 09:34 PM
Re: VMS Proxy
As the used proxy is DECnet, then to analize use anal/audit/event=authorize (if audit authorize is enabled)
Saludos.
Daniel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-23-2005 01:47 AM
тАО11-23-2005 01:47 AM
Re: VMS Proxy
and if your site regularly or occasionally (like now, for instance) _IS_ interested in changes of authorisations, then make sure AUDITing of AUTHORISATION events IS enabled.
Maybe a good time to reviwe your audit settings anyway. Especially LOGFAIL can be very usefull if ever your site should be tried to login to from the outside world.
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-23-2005 08:10 AM
тАО11-23-2005 08:10 AM
Re: VMS Proxy
Another possibility... it could be the perceived name of the remote user has changed, rather than the proxy itself. This can depend on a DNS definition.
What you need to work out is the perceived name for the incoming node.
From a privileged session on the target node, make sure LOGFAIL audits are enabled and enable your terminal for SECURITY audits. Now SET HOST from the failing system and enter username/password TEST/TEST (assuming they don't exist!). In the resulting audit alarm, look at the "Remote node fullname:". You may find it listed as something like
"LOCAL:.NODE" for a name resolved from the local DNS, "DOMAIN:.NODE" if resolved from an external domain. Or, it could be an IP style address "NODE.DOMAIN.NET" or even as a raw numeric address "IP$12.34.56.7"
DECnet proxies are pretty dumb. They just take whatever string "Remote node fullname:" translates to and use that to look up the proxy data base - direct string comparison. You need to confirm that the *string* in the proxy record matches whatever the node translates to. The important thing to remember is the DNS name could change, but the *string* in the proxy data base won't change.
In some volatile environments it may be necessary to define several possible proxy records for a particular node. You can argue about how the implementation *might* have been done, but it's not going change, so learn to live with it!
>Is there any way to find out the changes made to proxy database.
Assuming you have AUTHORIZATION audits enabled, there will be events in your security journal "Network proxy record mofification", "Network proxy record deletion" and "Network proxy record addition", which should record exactly what was changed, when and by whom.
If you can't work out the ANALYZE/AUDIT syntax to extract just the UAF audits, use the big hammer:
$ ANALYZE/AUDIT/FULL/SINCE=date-time/OUT=AUD.TXT SYS$MANAGER:SECURITY.AUDIT$JOURNAL
$ SEARCH AUD.TXT proxy/WINDOW=20
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-24-2005 12:57 AM
тАО11-24-2005 12:57 AM