Safeguard Audit Service Manual (G06.29+, H06.08+, J06.03+)
Specifying Auditing
Safeguard Audit Service Manual — 520480-031
2 - 26
OSS Auditing
ACO Attribute
The ACO attribute is primarily used in combination with other attributes to control OSS
auditing. However, the following fileset-management audit outcome records are written
to the audit trail anytime when the ACO attribute is set to — start/stop fileset,
add/delete fileset, and alter fileset.
ACO and AUDIT-PROCESS-ACCESS-PASS/FAIL Attributes
If an AUDIT-PROCESS-ACCESS-PASS or AUDIT-PROCESS-ACCESS-FAIL attribute
is set, Safeguard authorization result records for OSS process start/stop attempts are
written to the audit trail.
If an AUDIT-PROCESS-ACCESS-PASS or AUDIT-PROCESS-ACCESS-FAIL attribute
and the ACO attribute are set, audit records are written to the audit trail for these
operations:
•
OSS process start/stop
•
OSS signal
•
OSS process setpgid/setsid
•
OSS process setuid/setgid
ACO and Fileset AUDITENABLED Attributes
If the fileset AUDITENABLED attribute and the ACO attribute are set, audit records are
written to the audit trail for these operations:
•
Guardian FILE_OPEN_ of OSS files
•
OSS opens/creates of OSS files
•
OSS pathname resolution
•
access authorization
•
chmod authorization
•
chown authorization
•
link authorization
•
rename authorization
•
delete authorization (not the last name for a file)
•
purge authorization (last name for a file)
•
utime authorization
•
setacl authorization