Manualshelf

Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Safeguard System Security
Security Management Guide522283-008
3-19
Auditing
Auditing
Safeguard auditing attributes allow you to record authentication attempts, object
access attempts, attempts to change or read Safeguard records, and attempts by a
specific user to perform an action. Additionally, you can use the audit service
commands to manage the audit trail. For more information about auditing, see the
Safeguard Audit Service Manual.
Auditing Authentication Attempts
Specify auditing for all authentication attempts by privileged users, such as the
super ID, super-group users, members of the security staff, and group managers. Be
sure to audit failed as well as successful authentication attempts. A series of failed
attempts might indicate an intrusion attempt. The following SAFECOM command
specifies auditing of both failed and successful authentication attempts for the
super ID:
=ALTER USER 255,255, AUDIT-AUTHENTICATE-PASS LOCAL, &
=AUDIT-AUTHENTICATE-FAIL LOCAL
In this example, LOCAL specifies local attempts to log on. Remote logon attempts are
not audited because authentication attempts can be audited only on the system where
they occur.
If your policy requires auditing of authentication attempts by all users, you can use the
Safeguard global configuration attributes rather than specifying auditing for each user
individually. The following SAFECOM command specifies auditing of authentication
attempts for all users (both successful and failed logon attempts):
=ALTER SAFEGUARD, AUDIT-AUTHENTICATE-PASS LOCAL, &
=AUDIT-AUTHENTICATE-FAIL LOCAL
Auditing Object-Access Attempts
Specify auditing for all critical system objects. Some critical objects are mentioned in
Securing Critical Objects
on page 3-14. As with logon attempts, you might want to
audit both failed and successful attempts to access an object. The following
SAFECOM command specifies auditing of both failed and successful attempts to
access the file named payroll:
=ALTER DISKFILE payroll, AUDIT-ACCESS-PASS ALL, &
=AUDIT-ACCESS-FAIL ALL
In this example, auditing takes place as specified whenever the disk-file record is used
to determine access.
You can configure the Safeguard software to audit all objects on the system. However,
consider carefully how much auditing you really need. Specifying auditing for all objects
on the system can affect system performance. If you decide that you need extensive
auditing of system objects, the Safeguard global audit attributes can make the task of