Open System Services Management and Operations Guide (G06.29+, H06.07+)
Managing Security
Open System Services Management and Operations Guide—527191-005
8-25
Audit Records for OSS Objects
•
The operation, including whether the operation succeeded or failed, and the details
of a defined list of appropriate attributes
Audit records are characterized by the following information:
•
If the object of an operation has a pathname, then either the audit record includes
the pathname or the operation is associated with another record that includes the
pathname.
•
OSS filenames stored in the audit record are uniquely identifiable.
•
Operations and outcomes are specified by enumerated values defined by
Safeguard.
•
An operation that modifies an object’s attributes provides before and after images
of the attributes in the audit record.
•
An operation that creates a new object specifies the new object’s attributes in the
audit record.
•
An operation that deletes an object specifies the object’s attributes in the audit
record.
•
Failure to search a directory during name resolution is audited. The audit record
indicates the pathname of the directory being searched, up to and including the
failure.
This information can be retrieved by using SAFEART, the Safeguard audit-file
reduction tool.
Object Names in Audit Records
When the value of an OSS file attribute must appear in an audit record, the OSS name
server writes the file’s object names in its request to the file system. OSS objects have
two kinds of object names, an external name and an internal name.
For objects in the OSS file system, the external name is the fully qualified pathname for
the object. For OSS filesets, the external name is the name of the fileset as seen
through SCF.
In most audit records, the external and internal names for the object are both included
and separated by an equal sign (=). For example:
/bin=$ZPNS.Z00000.Z0000004G:56876483
/bin/sh=$OSS1.ZYQ00000.Z000005R:45736652
Sometimes only the internal name appears, in which case a preceding RESOLVE
record contains both names.