Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

221

222

223

224

225

226

227

228

229

230

The name logged in an operation depends on the type of object being audited. Formats are:

FormatObject

$ZPMON.Znnnnn:yyyymmddhhmmss, where nnnnn is the fileset device number and

yyyymmddhhmmss is the local civil time (LCT) when the fileset was created. Example:

$ZPMON.Z00000:19980119152451

OSS fileset

$vol.ZYQnnnnn.Ziiiiiii:ccccccccccc, where nnnnn is the fileset device number,

iiiiiii is the file’s inode number, and ccccccccccc is the file’s creation version serial

number (CRVSN). Example: $OSS1.ZYQ00000.Z00004G6:19934568735

OSS regular file (disk file)

$ZPNS.Znnnnn.Ziiiiiii:ccccccccccc, where nnnnn is the fileset device number,

iiiiiii is the file’s inode number, and ccccccccccc is the file’s CRVSN. Example:

$ZPNS.Z00000.Z00004G5:19387764537

Other OSS files (such as

AF_UNIX sockets)

Object Name Changes

When a directory that is on the path to a fileset mount point is renamed, that renaming is propagated

to the fileset mount point on that path. However, this propagation takes place after the call on the

rename function has finished. If an audited operation is performed on a file in that path before the

rename is propagated to the fileset mount point, the audit record might contain the old pathname

rather than the new one.

For example, assume that a fileset is mounted on /usr/src/projects/mine. The following

sequence of calls occur:

rename("/usr/src/projects", "/usr/src/tasks");

open("/usr/src/tasks/mine/main.c");

The audit record for the open call might contain /usr/src/projects/mine/main.c (the old

pathname) rather than /usr/src/tasks/mine/main.c (the new pathname).

For a description of the OSS subsystem message that occurs under these conditions, see OSS

subsystem message 20 in the Operator Messages Manual.

Auditing of OSS Shell Commands

Many OSS shell commands cause audit records to be generated by the OSS name server when

auditing is enabled. The contents of each audit record depend on which operation is being

performed. In cases where the operation is terminated because of an error and a security ruling

has not yet been obtained, no auditing is performed.

Some of the shell commands that cause audit records to be created are mkdir, chmod, chown,

kill, rmdir, and setfilepriv.

Protecting Your System

This subsection covers the following topics:

• “OSS Shell Commands Useful for Security Administration” (page 226)

• “Use of suid Scripts” (page 227)

• “Preventing Security Problems” (page 227)

• “Identifying Attempts to Break Security” (page 231)

• “Using an OSS Security Event-Exit Process (SEEP)” (page 231)

Protecting Your System 225