Manualshelf

Safeguard Audit Service Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
Specifying Auditing
Safeguard Audit Service Manual 520480-031
2 - 27
Configuring Safeguard for Systemwide Auditing
AUDIT-CLIENT-GUARDIAN (ACG) and
AUDIT-DEVICE-ACCESS-PASS/FAIL Attributes
If an AUDIT-DEVICE-ACCESS-PASS or AUDIT-DEVICE-ACCESS-FAIL attribute is
set, Safeguard authorization records the opening of the OSS terminals that are written
to the audit trail.
If an AUDIT-DEVICE-ACCESS-PASS or AUDIT-DEVICE-ACCESS-FAIL attribute and
the ACG attribute are set, the audit outcome records the opening of the OSS terminals
that are written to the audit trail.
AUDIT-CLIENT-GUARDIAN (ACG) and
AUDIT-DISKFILE-ACCESS-PASS/FAIL Attributes
If an AUDIT-DISKFILE-ACCESS-PASS or AUDIT-DISKFILE-ACCESS-FAIL
attribute and the ACG attribute are set, the OSS open the Guardian file outcome
records are written to the audit trail.
Configuring Safeguard for Systemwide
Auditing
You can specify systemwide auditing of Safeguard events by altering the Safeguard
configuration. You can configure systemwide Safeguard auditing for:
All devices, subdevices, and their associated authorization records
All processes, subprocesses, and their associated authorization records
All volumes, subvolumes, disk files, and their associated authorization records
All of these objects collectively and their associated authorization records
All users, user aliases, groups, and their associated records
Systemwide auditing affects all object
s of the specified type including those that do not
have protection records. For example, if you specify systemwide auditing for devices
and subdevices, all devices and subdevices are audited even if they are not
individually protected.
If an object is individually protected, the systemwide audit settings supplement the
audit settings in the object’
s protection record (provided the Safeguard subsystem is
configured to check the protection record). For example, if an individual disk file record
is set to audit ALL access attempts and the Safeguard configuration is set to audit
NONE of the disk file access attempts, both local and remote access attempts are
audited for the individual disk file. Specifying both systemwide and individual auditing
does not cause duplicate records to be generated for audited events.