Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
191192193194195196197198199200
Turns on the audit flag for all existing users.
Converts the at, batch, and crontab input files to use the submitter's audit
ID.
5. Verify that the audit files are on the system:
1. Use swlist -l fileset to list the installed file sets. Look for the fileset called
SecurityMon, which contains the auditing program files. To reduce the listing,
enter the following command:# swlist -l fileset | grep Security
2. In addition, verify that the following files (not specified in SecurityMon) also
exist:
/etc/rc.config.d/auditing contains parameters to control auditing.
You can modify this file with SMH or by hand with a text editor.
/sbin/rc2.d/S760auditing is the script that starts auditing. Do not
modify this file.
6. After converting to a trusted system, you can use the audit subsystem and run the
HP-UX system as a trusted system.
NOTE: On HP-UX 11i v3, an auditing system also works on a system without
converting to a trusted system.
See Chapter 9 for more information.
If you need to convert from a trusted system back to a standard system, run HP SMH and
use the Auditing and Security window. The Audited Events, Audited System Calls, and
Audited Users screens all provide an unconvert option.
TIP: One way to determine if the system has been converted to a trusted system is to
look for/tcb files. If they exist, then you have a trusted system.
A.2 Auditing a Trusted System
Auditing a trusted system is very similar to auditing a system that has not been converted
to trusted mode. See Chapter 9 for the information on auditing. The only difference is
how to select audited users. On a system that has not been converted to trusted mode,
the userdbset command is used to specify those users who are to be audited. See
userbdset(1M) and userdb(4). The associated attribute is called AUDIT_FLAG and is
described in security(4). On a trusted system, the audusr command specifies those users
who are to be audited. See audusr(1M) for more information.
A.3 Managing Trusted Passwords and System Access
The password is the most important individual user identification symbol. With it, the
system authenticates a user to allow access to the system. Because they are vulnerable
to compromise when used, stored, or known, passwords must be kept secret at all times.
Also see Chapter 2 for password information.
192 Trusted Systems