XYGATE Access Control Reference Manual
XYPRO Technology Corporation 85 Proprietary and Confidential
Chapter 8. OSS Auditing
XAC can audit OSS activity.
8.1 Configuring ACACL Command Entries for OSS
The keyword AUTHENTICATE_USER is required to force the login prompt to be
displayed. XAC processes the login and then starts the OSS shell.
Example:
COMMAND OSS-AUDITED-SHELL
!The command starts an OSS shell for a regular user. The user
!must enter the user's own OSS space userid.
!XYGATE/OA is used to mediate OSS access.
DESCRIPTION "OSS keystroke audited shell"
USER GROUP,USER !Start XYGATEOA as the invoking userid.
!Use XYGATE/OA plugin to XAC
OBJECT $SYSTEM.XYGATEAC.XYGATEOA
ACL $EVERYONE
OPENSBYOBJECTS \*.$*.*.*
START_LOGGED_ON
STARTUP "-xac" !Use XYGATEOA as XYGATEAC plugin
!Prompt for a userid and password in OSS space
AUTHENTICATE_USER ON
STOPONERROR 60,66,140,190,191
DONOTSTOP $*.*.PATHTCP2
USER_SWITCH LOGON
AUDITPROG \*.$*.*.*
AUDIT_OUTPUT_COUNT_ 14
If monitoring of an XAC-audited OSS session is ever needed, the following options
have to be added to the STARTUP keyword of the OSS-AUDITED-SHELL
COMMAND. (Refer to Appendix C77: on page 208 for more information.)
-t:
Turns on the Trace function. Use the ALL option. The other available options are for
development purposes and so are not listed.
-m:
Designates the name of the dump file for the monitor.
Example:
STARTUP "-XAC -M:$S.#XOA.MONITOR -T:ALL"