| Title: | -={ H A C K E R S }=- |
| Notice: | Write locked - see NOTED::HACKERS |
| Moderator: | DIEHRD::MORRIS |
| Created: | Thu Feb 20 1986 |
| Last Modified: | Mon Aug 03 1992 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 680 |
| Total number of notes: | 5456 |
This doesn't really belong here but I've gotten no response
from VMSNOTES.
I want to set an access alarm on some of my files to find
out who's using them. Is SET FILE/AUDIT the suggested way to
do this? Is SECURITY needed (I'd like the alarms to be sent to
my terminal so I can track usage, not to one in the comp room).
Will a SHOW/AUDIT tell me what file(s) have alarms enabled? I
don't care about other alarms, just mine.
I don't want to stop users from accessing these files, but
I need any easy way to track usage for management to decide
whether people are taking advantage of them.
mike
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 230.1 | SECURITY | CANYON::HESTERMAN | Scott Hesterman | Thu Jul 10 1986 16:04 | 34 |
re Note 230.0 by PLDVAX::ZARLENGA > Apparently since this doesn't appear to involve a 'hack' of any kind the 'hackers' are unwilling to respond. You must of tried SET FILE/AUDIT and gotten the error message of 'unrecognized qualifier \AUDIT\' I suggest setting file protection to allow access, and have security alarms enabled to log successful accesses. There was a mention somewhere of being able to specifically track a given file, but I have not found it anywhere in the normal VMS manuals. As far as the audit messages, ALL terminals with security logging enabled will receive ALL messages related to security. REPLY/ENABLE=(SECURITY) And yes, you do need privileges (OPER and SECURITY) to enable your terminal. Once it's set, it remains enabled until reboot or REPLY/DISABLE. SHOW/AUDIT will list the current alarm settings for the system. There is a command procedure to examine the operator log for security messages. SYS$SYSTEM:SECAUDIT.COM I've not used it, but it is documented somewhere. SLH | |||||
| 230.2 | Set it in the ACL | HOW::EVANS | Robert N. Evans DTN-225-6946 HLO2-3/P4 | Tue Jul 15 1986 12:01 | 7 |
File auditing is set in the ACL on the file. Thus one can cause auditing for specific users. I could on my vaxstation set up an ACL on a public-access directory to cause an alarm whenever the DECnet account accesses but not otherwise. I have not actually used this so I don't know much more except that one must be running OPCOM to process any type of alarms. The help on $SET FILE/ACL was also not too informative but I suspect the VMS docset tells all. | |||||
| 230.3 | A Late Point to a Manual | TUNDRA::HARRIMAN | Mon Jul 28 1986 12:17 | 21 | |
re: .0, .2
Yes, set it in the ACL, but the correct answer is "all of the above".
Your "OPCOM" is actually in the form "REPLY/ENABLE=SECURITY". This
must be running all the time somewhere.
You must set the file's ACL entry to include a security audit. See
the VMS booklet "Guide to Security on VAX/VMS systems". You must
also have your SECURITY privs on for the security terminal (the
one running REPLY/ENABLE=SECURITY :-)
Finally, note that all of this stuff is a real pig to run, so I
would not recommend it for many files. Use it at the directory level
or at least use it sparingly - you accrue a LOT of overhead when
you enable security alarms.
Hope it helps, even coming late
-pjh
| |||||