Manualshelf

Security Management Guide (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
71727374757677787980
Safeguard System Security
Security Management Guide 522283-021
3 - 19
Auditing Object-Access Attempts
individually. The following SAFECOM command specifies auditing of authentication
attempts for all users (both successful and failed logon attempts):
=ALTER SAFEGUARD, AUDIT-AUTHENTICATE-PASS LOCAL, &
=AUDIT-AUTHENTICATE-FAIL LOCAL
Auditing Object-Access Attempts
Specify auditing for all critical system objects. Some critical objects are mentioned in
Securing Critical Objects on page 3-14. As with logon attempts, you might want to
audit both failed and successful attempts to access an object. The following
SAFECOM command specifies auditing of both failed and successful attempts to
access the file named payroll:
=ALTER DISKFILE payroll, AUDIT-ACCESS-PASS ALL, &
=AUDIT-ACCESS-FAIL ALL
In this example, auditing takes place as specified whenever the disk-file record is used
to determine access.
You can configure the Safeguard software to audit all objects on the system. However,
consider carefully how much auditing you really need. Specifying auditing for all
objects on the system can affect system performance. If you decide that you need
extensive auditing of system objects, the Safeguard global audit attributes can make
the task of specifying object auditing easier. For more information on configuration, see
the Safeguard Administrator’s Manual.
Auditing Attempts to Change or Read Safeguard Records
The Safeguard auditing attributes also allow you to record attempts to change or read
both object authorization records and user authentication records.
Specify auditing for attempts to change or read the user authentication records for all
privileged users. The following SAFECOM command specifies auditing for attempts to
change or read the user authentication record for the super ID:
=ALTER USER 255,255, AUDIT-MANAGE-PASS ALL, &
=AUDIT-MANAGE-FAIL ALL
Also specify auditing for attempts to change or read the object authorization records for
all critical objects. The following SAFECOM command specifies auditing for attempts to
change or read the object authorization record for the file named payroll:
=ALTER DISKFILE payroll, AUDIT-MANAGE-PASS ALL, &
=AUDIT-MANAGE-FAIL ALL
Other Auditing
The Safeguard auditing attributes also allow you to record attempts to manage other
types of Safeguard protection records, such as those records for OBJECTTYPES and
security groups.