Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

131

132

133

134

135

136

137

138

139

140

Configuration

Safeguard Administrator’s Manual—523317-029

9-21

Configuring Safeguard Auditing

This command specifies that the Safeguard software is to use the first access control

list it finds in this following order—disk file, subvolume, volume:

=ALTER SAFEGUARD, COMBINATION-DISKFILE FIRST-ACL, &

=DIRECTION-DISKFILE DISKFILE-FIRST

Configuring Safeguard Auditing

Normally, the Safeguard software audits only items that have auditing specified in their

protection records. However, you can configure systemwide auditing so that auditing is

performed even if it is not specified in individual protection records. You can configure

Safeguard auditing:

•

All attempts relating to user authentication

•

All devices and their authorization records

•

All processes and their authorization records

•

All disk files and their authorization records

•

All system objects (devices, processes, and disk files) and their authorization

records

Auditing specified by configuration supplements the settings in the individual

authorization records (if the Safeguard software is configured to check the individual

record). For example, if an individual disk file record is set to audit ALL access

attempts and the Safeguard configuration is set to audit NONE of the disk file access

attempts, both local and remote access attempts are audited for the individual disk file.

Specifying both systemwide and individual auditing does not cause duplicate records

to be generated for audited events.

For more information about systemwide auditing, see the Safeguard Audit Service

Manual.

Configuring User Authentication Auditing

You can configure systemwide auditing of user authentication in addition to the audit

settings in the individual user authentication records.

Caution. If you set CHECK-SUBVOLUME ON and set DIRECTION-DISKFILE to

VOLUME-FIRST, any user can gain access to someone else's files. All files that are in

subvolumes that have not been added to the Safeguard database are vulnerable. This

situation occurs because any user can add the subvolume to the database and thereby own it.

If this configuration is needed, use the ADD OBJECTTYPE or ALTER OBJECTTYPE

command to specify who can control subvolumes. For more information, see Section 5,

OBJECTTYPE Control.

Note. Some of the global configuration attributes that control systemwide auditing also affect

client auditing. For details concerning these attributes, refer to the Safeguard Audit Service

Manual.