Manualshelf

Safeguard Audit Service Manual (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Safeguard Audit Service Manual520480-014
2-1
2 Specifying Auditing
This section explains how to specify auditing for security-relevant events on a
Safeguard controlled system. You specify auditing by setting audit attributes in the
protection records for specific users, aliases, objects, or OBJECTTYPEs.
In general, specifying auditing for user aliases follows the same rules as specifying
auditing for users. Any statements pertaining to user auditing in this section also apply
to alias auditing.
You can specify the audit attributes with the ADD command when you add a new
protection record to the Safeguard database. You can also specify the audit attributes
for an existing record with the ALTER command. General users can add protection
records and thereby specify auditing for their disk files, subvolumes, processes, and
subprocesses. By default, only privileged users can add protection records for users,
disk volumes, devices, subdevices, and OBJECTTYPEs. Any owner of an existing
protection record can alter that record.
You can also specify systemwide auditing of events by altering the Safeguard
configuration.
A special Safeguard configuration attribute (AUDIT-CLIENT-GUARDIAN) controls
whether events from HP privileged clients are recorded in the audit trail.
As mentioned in Section 1, Introduction, certain types of events are automatically
recorded in the audit trail. For a description of these events, see Unconditional Auditing
on page 2-25.
The Audit Attributes
You specify auditing for individual users, aliases, objects, security groups, and
OBJECTTYPES with the audit attributes in the individual protection records. These
attributes fall into three categories:
The AUDIT-AUTHENTICATE attributes in a user or alias authentication record
control auditing for authentication attempts such as logons.
The AUDIT-ACCESS attributes in an object authorization record control auditing
for attempts to access the object. For OBJECTTYPE records, the AUDIT-ACCESS
attributes control auditing for attempts to protect objects of the specified type.
The AUDIT-MANAGE attributes in all protection records control auditing for
attempts to manage (change, delete, or read) the protection record.
Systemwide Audit Attributes
The Safeguard configuration record contains similar types of audit attributes that
control systemwide auditing. For more information, see OSS Auditing on page 2-18.