Manualshelf

Safeguard Audit Service Manual (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Specifying Auditing
Safeguard Audit Service Manual520480-014
2-19
Configuring Safeguard for Systemwide Auditing
delete authorization (not the last name for a file)
purge authorization (last name for a file)
utime authorization
setacl authorization
AUDIT-CLIENT-GUARDIAN (ACG) and
AUDIT-DEVICE-ACCESS-PASS/FAIL Attributes
If an AUDIT-DEVICE-ACCESS-PASS or AUDIT-DEVICE-ACCESS-FAIL attribute is
set, Safeguard authorization records the opening of the OSS terminals that are written
to the audit trail.
If an AUDIT-DEVICE-ACCESS-PASS or AUDIT-DEVICE-ACCESS-FAIL attribute and
the ACG attribute are set, the audit outcome records the opening of the OSS terminals
that are written to the audit trail.
AUDIT-CLIENT-GUARDIAN (ACG) and
AUDIT-DISKFILE-ACCESS-PASS/FAIL Attributes
If an AUDIT-DISKFILE-ACCESS-PASS or AUDIT-DISKFILE-ACCESS-FAIL attribute
and the ACG attribute are set, the OSS open the Guardian file outcome records are
written to the audit trail.
Configuring Safeguard for Systemwide
Auditing
You can specify systemwide auditing of Safeguard events by altering the Safeguard
configuration. You can configure systemwide Safeguard auditing for:
All devices, subdevices, and their associated authorization records
All processes, subprocesses, and their associated authorization records
All volumes, subvolumes, disk files, and their associated authorization records
All of these objects collectively and their associated authorization records
All users, user aliases, groups, and their associated records
Systemwide auditing affects all objects of the specified type including those that do not
have protection records. For example, if you specify systemwide auditing for devices
and subdevices, all devices and subdevices are audited even if they are not
individually protected.
If an object is individually protected, the systemwide audit settings supplement the
audit settings in the object’s protection record (provided the Safeguard subsystem is
configured to check the protection record). For example, if an individual disk file record