/sys$common/syshlp/helplib.hlb SET, AUDIT, Qualifiers, /ENABLE *Conan The Librarian (sorry for the slow response - running on an old VAX) |
/ENABLE=(keyword[,...]) Enables alarms or audits for the specified events. To enable all system events and file access events, specify the keyword ALL. You must specify at least one keyword. You must also specify either the /ALARM or /AUDIT qualifier, or both, when you use the /ENABLE qualifier. The keywords that you can specify with either the /ENABLE or the /DISABLE qualifier are as follows: Keyword Description ACCESS=(condition Specifies access events for all objects in [:access[,...]] a class. (To audit a single object, use an [,...]) auditing ACE and enable the access control list (ACL) category.) Compaq recommends that when you enable auditing conditionally, you enable it for all possible forms of access because the system can check access rights at several points during an operation. (For example, a FAILURE might occur on a read or write access check.) Condition Description Keyword ALL All object access BYPASS Successful object access due to the use of the BYPASS privilege FAILURE Unsuccessful object access GRPPRV Successful object access due to the use of the group privilege (GRPPRV) READALL Successful object access due to the use of the READALL privilege SUCCESS Successful object access SYSPRV Successful object access due to the use of the system privilege (SYSPRV) Access Description Keyword ALL All types of access ASSOCIATE Associate access CONTROL Control access to examine or change security characteristics CREATE Create access DELETE Delete access EXECUTE Execute access LOCK Lock access LOGICAL Logical I/O access MANAGE Manage access PHYSICAL Physical I/O access READ Read access SUBMIT Submit access WRITE Write access ACL Specifies an event requested by an audit or alarm ACE in the access control list (ACL) of an object. To audit all objects of a class, use the ACCESS keyword. ALL Specifies all system events and file access events. It does not enable access events for object classes other than FILE. AUDIT=keyword Specifies events within the auditing subsystem. Only one keyword is currently defined. Keyword Description ILLFORMED Specifies illformed events from internal calls (identified by NSA$M_INTERNAL) to $AUDIT_ EVENT, $CHECK_PRIVILEGE, $CHKPRO, or $CHECK_ACCESS system services. An illformed event is caused by an incomplete or syntactically incorrect argument being supplied to one of these system services by a piece of privileged code. AUTHORIZATION Specifies the modification of any portion of the system user authorization file (SYSUAF), network proxy authorization file (NETPROXY), or the rights list (RIGHTLIST) (including password changes made through the AUTHORIZE, SET PASSWORD, or LOGINOUT commands or the $SETUAI system service). BREAKIN=(keyword[,.Specifies the occurrence of one or more classes of break-in attempts, as specified by one or more of the following keywords: ALL DETACHED DIALUP LOCAL NETWORK REMOTE CONNECTION Specifies a logical link connection or termination through DECnet Phase IV, DECwindows, $IPC, or SYSMAN. CREATE Specifies the creation of an object. Requires the /CLASS qualifier if it is not a file. DEACCESS Specifies deaccess from an object. Requires the /CLASS qualifier if it is not a file. DELETE Specifies the deletion of an object. Requires the /CLASS=DEVICE qualifier. FILE_ACCESS= This keyword is obsolete and is superseded (keyword[,...]) by the ACCESS keyword, which is valid on all OpenVMS Version 6.1 or higher systems. On Alpha, this keyword specifies the occurrence of file and global section access events (regardless of the value given in the object's access control list [ACL], if any). IDENTIFIER Specifies that the use of identifiers as privileges should be audited. For further information, refer to the OpenVMS Guide to System Security. INSTALL Specifies modifications made to the known file list through the INSTALL utility. LOGFAILURE= Specifies the occurrence of one or more (keyword[,...]) classes of login failures, as specified by the following keywords: ALL All possible types of login failures BATCH Batch process login failure DETACHED Detached process login failure DIALUP Dialup interactive login failure LOCAL Local interactive login failure NETWORK Network server task login failure REMOTE Interactive login failure from another network node, for example, with a SET HOST command SERVER Server or TCB-based login failure. SUBPROCESS Subprocess login failure LOGIN= Specifies the occurrence of one or more (keyword[,...]) classes of login attempts, as specified by the following keywords. See the LOGFAILURE keyword for further description. ALL BATCH DETACHED DIALUP LOCAL NETWORK REMOTE SERVER SUBPROCESS LOGOUT= Specifies the occurrence of one or more (keyword[,...]) classes of logouts, as specified by the following keywords. See the LOGFAILURE keyword for further description. ALL BATCH DETACHED DIALUP LOCAL NETWORK REMOTE SERVER SUBPROCESS MOUNT Specifies a mount or dismount operation. NCP Specifies access to the network configuration database, using the network control program (NCP). PRIVILEGE= Specifies successful or unsuccessful use (keyword[,...]) of privilege, as specified by the following keywords: FAILURE [:privilege(,...)] - Unsuccessful use of privilege SUCCESS [:privilege(,...)] - Successful use of privilege For a listing of privileges, refer to online help for the DCL command SET PROCESS/PRIVILEGES. PROCESS= Specifies the use of one or more of the (keyword[,...]) process control system services, as specified by the following keywords: ALL Use of any of the process control system services CREPRC All use of $CREPRC DELPRC All use of $DELPRC SCHDWK Privileged use of $SCHDWK CANWAK Privileged use of $CANWAK WAKE Privileged use of $WAKE SUSPND Privileged use of $SUSPND RESUME Privileged use of $RESUME GRANTID Privileged use of $GRANTID REVOKID Privileged use of $REVOKID GETJPI Privileged use of $GETJPI FORCEX Privileged use of $FORCEX SETPRI Privileged use of $SETPRI Privileged use of a process control system service means the caller used GROUP or WORLD privilege to affect the target process. SYSGEN Specifies the modification of a system parameter with the OpenVMS System Generation utility. TIME Specifies the modification of system time.
|