Manualshelf

Safeguard Audit Service Manual (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Specifying Auditing
Safeguard Audit Service Manual520480-014
2-10
Examples
Examples
This example illustrates how to audit attempts to manage a user authentication record.
In this example, the owner of the authentication record enters the command to set up
auditing for successful remote attempts to manage the record (AUDIT-MANAGE-
PASS) and all unsuccessful attempts to manage the record (AUDIT-MANAGE-FAIL):
=ALTER USER admin.dave, AUDIT-MANAGE-PASS remote, &
=AUDIT-MANAGE-FAIL all
This example illustrates how an owner of the authorization record can specify the
auditing of all successful attempts to manage the authorization record for the disk file
$DATA.SALES.RECORD1:
=ALTER DISKFILE $data.sales.record1, AUDIT-MANAGE-PASS all
Similarly, the owner can specify the auditing of all unsuccessful local attempts to
manage the authorization record for $DATA.SALES.RECORD2:
=ALTER DISKFILE $data.sales.record2, AUDIT-MANAGE-FAIL local
This example illustrates how an owner of the authorization record for OBJECTTYPE
DEVICE can specify the auditing of all successful attempts to manage the
authorization record for OBJECTTYPE DEVICE:
=ALTER OBJECTTYPE DEVICE, AUDIT-MANAGE-PASS all
Similarly, an owner can specify the auditing of all unsuccessful local attempts to
manage the authorization record for OBJECTTYPE DEVICE:
=ALTER OBJECTTYPE DEVICE, AUDIT-MANAGE-FAIL local
The Safeguard subsystem allows attempts to read OBJECTTYPE records with either
the INFO command or the SET LIKE clause. For each attempt, however, the value of
the AUDIT-MANAGE-PASS attribute is checked to determine whether to record the
attempt in the current audit file.
How Attempts to Manage Protection Records Are Audited
When an attempt is made to manage a protection record, the Safeguard subsystem
performs this procedure to authorize the request and to determine if auditing is
required:
1. The protection record is consulted to determine whether the user attempting to
manage the record has the required authority.
2. If the user has the required authority, the Safeguard subsystem performs the
requested operation and checks the value of the AUDIT-MANAGE-PASS attribute.
If AUDIT-MANAGE-PASS is specified, the successful operation is recorded in the
current audit file.
3. If the user lacks the required authority, the Safeguard subsystem issues a security
violation (error 48) and checks the value of the AUDIT-MANAGE-FAIL attribute. If