Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

141

142

143

144

145

146

147

148

149

150

OSS security auditing allows you to audit access to objects in the OSS filename space. Audit

commands for OSS objects and operations are provided by Safeguard, and SAFEART allows you

to search for audit records of operations on OSS files.

Using the AUDITENABLED Attribute

The OSS fileset AUDITENABLED attribute determines whether audit records are generated on

objects within the fileset. When another fileset is mounted on an audited fileset, whether the mounted

fileset is audited depends on its own AUDITENABLED attribute.

The AUDITENABLED attribute is either ON or OFF (the default value). In addition, the Safeguard

global audit setting AUDIT-CLIENT-SERVICE must be ON for fileset auditing to be in effect (for more

information, see the Safeguard Audit Service Manual).

When the AUDITENABLED attribute is ON, audit records are created whenever an access-control

decision is made on an object in the fileset. The AUDITENABLED attribute can be assigned a value

during fileset creation and can be changed at any time through the OSS Monitor SCF command

ALTER FILESET. However, the change takes effect only when the fileset is next started.

For restricted-access filesets, the default value of the AUDITENABLED attribute is ON. To change

the value of the AUDITENABLED attribute, you must be logged on to the local system as a user ID

that is a member of the Safeguard SECURITY-PRV-ADMINISTRATOR (SPA) security group and a

member of the super group (255, nnn), but that is not the super ID (255, 255) or a member of

the Safeguard SECURITY-OSS-ADMINISTRATOR (SOA) group.

Auditing cannot be controlled directly at the OSS file or directory level. However, the

AUDITENABLED attribute applies to all objects named within the fileset and generates an audit

record at the fileset level. Therefore, if you want to audit a particular file, you must enable auditing

of the fileset that contains that file. For information about the function calls that are audited when

a fileset is audited, see the Open System Services Programmer's Guide.

NOTE: Guardian files (those under /G) and OSS filesets on other nodes (those accessed through

/E) cannot be assigned the audit-enabled attribute by using OSS Monitor SCF commands.

Audited SCF Operations

The following SCF fileset operations are audited:

Actions takenSCF Commands Used

When an audited fileset is started or stopped, the OSS Monitor generates

a mount/unmount record. The mount point pathname is present only in

the record generated by use of the START FILESET command.

START FILESET and STOP FILESET

When a member of the super group (255, nnn) or the Safeguard

SECURITY-PRV-ADMINISTRATOR (SPA) group attempts to add or delete

an audited fileset, an audit record is generated.

ADD FILESET and DELETE FILESET

Beginning with the J06.11 and H06.22 RVUs, an audit record is generated

when the RESTRICTEDACCESS attribute is enabled.

Beginning with the J06.15 and H06.26 RVUs, an audit record is generated

when the SEEPPROTECTED attribute is set to ON.

When a member of the super group or the Safeguard

SECURITY-PRV-ADMINISTRATOR (SPA) group attempts to alter the value

ALTER FILESET

of a fileset’s AUDITENABLED attribute, an audit record is generated. The

before and after values of the AUDITENABLED attribute are included.

Beginning with the J06.11 and H06.22 RVUs, an audit record is generated

when the RESTRICTEDACCESS attribute is altered.

Beginning with the J06.15 and H06.26 RVUs, an audit record is generated

when the SEEPPROTECTED attribute is altered.

150 Managing Filesets