Manualshelf

Safeguard Audit Service Manual (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
21222324252627282930
Specifying Auditing
Safeguard Audit Service Manual520480-014
2-3
How Attempts to Log On Are Audited
A local user runs a process that attempts to log on by calling the VERIFYUSER
or USER_AUTHENTICATE_ procedure.
REMOTE
No authentication attempts are recorded in the current audit file. Although
SAFECOM accepts this value, authentication attempts can be audited only on the
system where they occur.
NONE
No authentication attempts are recorded in the current audit file. NONE is the
default value for both AUDIT-AUTHENTICATE-PASS and AUDIT-
AUTHENTICATE-FAIL.
Example
This example illustrates how to audit logon attempts for a specific user. This command
adds a new user with user name ADMIN.DAVE, user ID 1,38, and auditing specified for
all failed logon attempts and all successful remote logon attempts:
=ADD USER admin.dave, 1,38, AUDIT-AUTHENTICATE-FAIL all, &
=AUDIT-AUTHENTICATE-PASS remote
To specify auditing for existing users, use the ALTER USER command. For example,
this command changes the protection record for ADMIN.DAVE so that auditing is
specified for all successful logon attempts:
=ALTER USER admin.dave, AUDIT-AUTHENTICATE-PASS all
How Attempts to Log On Are Audited
When a user attempts to log on to a system protected by the Safeguard subsystem
(with either a command interpreter LOGON command or programmatically with the
VERIFYUSER or USER_AUTHENTICATE_ procedure), the user's identity is
authenticated, and the logon attempt is processed as:
1. The Safeguard subsystem verifies that the user name supplied by the user is in its
user database. If the user name is not in the database, the logon attempt fails. By
default, logon attempts made with invalid user names are not audited unless the
Safeguard subsystem is configured for systemwide auditing of all failed
authentication attempts. Configuring systemwide auditing is described on page
2-18.
2. The Safeguard subsystem ensures that the password supplied by the user
matches the password stored in the user authentication record for that user name.
If the passwords do not match, the logon attempt fails. (See the note following this
list.) The AUDIT-AUTHENTICATE-FAIL attribute defined for the supplied user
name is checked to determine whether to record the logon attempt in the current
audit file.