Manualshelf

Open System Services Management and Operations Guide (G06.25+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
161162163164165166167168169170
Managing Filesets
Open System Services Management and Operations Guide527191-002
5-11
Auditing a Fileset
1. Verify that at least one of the OSS name server processors is running.
2. Stop the OSS Monitor and restart it.
The OSS Monitor invokes the automatic fileset restart sequence again, and the restart
should succeed this time.
Auditing a Fileset
An important component of a secure file system is the ability to trace the history of
security-related operations on objects in the system. OSS security auditing allows you
to collect a history of audited operations—that is, an audit trail—on a specified set of
auditable objects in the system.
OSS security auditing allows you to audit access to objects in the OSS filename space.
Audit commands for OSS objects and operations are provided by Safeguard, and
SAFEART allows you to search for audit records of operations on OSS files.
Using the AUDITENABLED Attribute
The OSS fileset AUDITENABLED attribute determines whether audit records are
generated on objects within the fileset. When another fileset is mounted on an audited
fileset, whether the mounted fileset is audited depends on its own AUDITENABLED
attribute.
The AUDITENABLED attribute is either ON or OFF (the default value). In addition, the
Safeguard global audit setting AUDIT-CLIENT-SERVICE must be ON for fileset
auditing to be in effect (for more information, see the Safeguard Audit Service Manual).
When the AUDITENABLED attribute is ON, audit records are created whenever an
access-control decision is made on an object in the fileset. The AUDITENABLED
attribute can be assigned a value during fileset creation and can be changed at any
time through the OSS Monitor SCF command ALTER FILESET. However, the change
takes effect only when the fileset is next started.
Auditing cannot be controlled directly at the OSS file or directory level. However, the
AUDITENABLED attribute applies to all objects named within the fileset and generates
an audit record at the fileset level. Therefore, if you want to audit a particular file, you
must enable auditing of the fileset that contains that file.
Note. Guardian files (those under /G) and OSS filesets on other nodes (those accessed
through /E) cannot be assigned the audit-enabled attribute by using OSS Monitor SCF
commands.