Manualshelf

HP 3PAR InForm OS Common Criteria Administrator's Reference (QL226-96586, October 2012)

ManualsBrandsHP ManualsComputer AccessoriesHP 3PAR InForm T400/4x300GB 15K SAS Magazine E-LTU
21222324252627282930
29 Confirming the System Configuration
a. Use the removeuser CLI command to remove the desired users and the
setpassword <username> CLI command to change the password on those you
want to change.
Auditing Security-Relevant Events
Administrators with super level authority can see a complete picture of security-relevant
activity (including login/logout activity and failed login attempts) by using the
showeventlog CLI command with the debug operand (IMC cannot be used, since the
IMC Events pane does not include events with “debug” severity). The showeventlog
debug command can be used with filters to limit the output. For example, to find the
activity of the user “user_one” for the past 25 minutes, use the command shown below.
showeventlog debug min 25 msg “user_one”
NOTE
The debug operand of showeventlog is not defined in the HP 3PAR InForm OS
Command Line Reference and it is limited to super and service level users. It should,
generally, be used with a filter of some kind, since it can produce enormous amounts of
output.
To prevent the loss of security-relevant events due to event log roll-over, customers should
consider archiving the output of the showeventlog debug command every 24 hours.
The command below defines the exact period to archive to avoid missing events and
unnecessary duplication of events.
showeventlog debug startt “yyyy-MM-dd hh:mm:ss” endt “yyyy-MM-
dd hh:mm:ss”