SET, AUDIT, Qualifiers, /ENABLE
*Conan The Librarian (sorry for the slow response - running on an old VAX)
|
VMS Help SET, AUDIT, Qualifiers, /ENABLE *Conan The Librarian (sorry for the slow response - running on an old VAX) |
|
/ENABLE=(keyword[,...])
Enables alarms or audits for the specified events. To enable all
system events and file access events, specify the keyword ALL.
You must specify at least one keyword. You must also specify
either the /ALARM or /AUDIT qualifier, or both, when you use the
/ENABLE qualifier.
The keywords that you can specify with either the /ENABLE or the
/DISABLE qualifier are as follows:
Keyword Description
ACCESS=(condition Specifies access events for all objects in
[:access[,...]] a class. (To audit a single object, use an
[,...]) auditing ACE and enable the access control
list (ACL) category.)
Compaq recommends that when you enable
auditing conditionally, you enable it for all
possible forms of access because the system
can check access rights at several points
during an operation. (For example, a FAILURE
might occur on a read or write access check.)
Condition Description
Keyword
ALL All object access
BYPASS Successful object access due to
the use of the BYPASS privilege
FAILURE Unsuccessful object access
GRPPRV Successful object access due to
the use of the group privilege
(GRPPRV)
READALL Successful object access due
to the use of the READALL
privilege
SUCCESS Successful object access
SYSPRV Successful object access due to
the use of the system privilege
(SYSPRV)
Access Description
Keyword
ALL All types of access
ASSOCIATE Associate access
CONTROL Control access to examine or
change security characteristics
CREATE Create access
DELETE Delete access
EXECUTE Execute access
LOCK Lock access
LOGICAL Logical I/O access
MANAGE Manage access
PHYSICAL Physical I/O access
READ Read access
SUBMIT Submit access
WRITE Write access
ACL Specifies an event requested by an audit or
alarm ACE in the access control list (ACL) of
an object. To audit all objects of a class,
use the ACCESS keyword.
ALL Specifies all system events and file access
events. It does not enable access events for
object classes other than FILE.
AUDIT=keyword Specifies events within the auditing
subsystem. Only one keyword is currently
defined.
Keyword Description
ILLFORMED Specifies illformed events from
internal calls (identified by
NSA$M_INTERNAL) to $AUDIT_
EVENT, $CHECK_PRIVILEGE,
$CHKPRO, or $CHECK_ACCESS
system services. An illformed
event is caused by an
incomplete or syntactically
incorrect argument being
supplied to one of these
system services by a piece
of privileged code.
AUTHORIZATION Specifies the modification of any portion of
the system user authorization file (SYSUAF),
network proxy authorization file (NETPROXY),
or the rights list (RIGHTLIST) (including
password changes made through the AUTHORIZE,
SET PASSWORD, or LOGINOUT commands or the
$SETUAI system service).
BREAKIN=(keyword[,.Specifies the occurrence of one or more
classes of break-in attempts, as specified
by one or more of the following keywords:
ALL
DETACHED
DIALUP
LOCAL
NETWORK
REMOTE
CONNECTION Specifies a logical link connection or
termination through DECnet Phase IV,
DECwindows, $IPC, or SYSMAN.
CREATE Specifies the creation of an object. Requires
the /CLASS qualifier if it is not a file.
DEACCESS Specifies deaccess from an object. Requires
the /CLASS qualifier if it is not a file.
DELETE Specifies the deletion of an object. Requires
the /CLASS=DEVICE qualifier.
FILE_ACCESS= This keyword is obsolete and is superseded
(keyword[,...]) by the ACCESS keyword, which is valid on all
OpenVMS Version 6.1 or higher systems. On
Alpha, this keyword specifies the occurrence
of file and global section access events
(regardless of the value given in the object's
access control list [ACL], if any).
IDENTIFIER Specifies that the use of identifiers as
privileges should be audited. For further
information, refer to the OpenVMS Guide to
System Security.
INSTALL Specifies modifications made to the known file
list through the INSTALL utility.
LOGFAILURE= Specifies the occurrence of one or more
(keyword[,...]) classes of login failures, as specified by
the following keywords:
ALL All possible types of login
failures
BATCH Batch process login failure
DETACHED Detached process login failure
DIALUP Dialup interactive login
failure
LOCAL Local interactive login failure
NETWORK Network server task login
failure
REMOTE Interactive login failure
from another network node,
for example, with a SET HOST
command
SERVER Server or TCB-based login
failure.
SUBPROCESS Subprocess login failure
LOGIN= Specifies the occurrence of one or more
(keyword[,...]) classes of login attempts, as specified by
the following keywords. See the LOGFAILURE
keyword for further description.
ALL BATCH
DETACHED DIALUP
LOCAL NETWORK
REMOTE SERVER
SUBPROCESS
LOGOUT= Specifies the occurrence of one or more
(keyword[,...]) classes of logouts, as specified by the
following keywords. See the LOGFAILURE keyword
for further description.
ALL BATCH
DETACHED DIALUP
LOCAL NETWORK
REMOTE SERVER
SUBPROCESS
MOUNT Specifies a mount or dismount operation.
NCP Specifies access to the network configuration
database, using the network control program
(NCP).
PRIVILEGE= Specifies successful or unsuccessful use
(keyword[,...]) of privilege, as specified by the following
keywords:
FAILURE [:privilege(,...)] - Unsuccessful
use of privilege
SUCCESS [:privilege(,...)] - Successful use
of privilege
For a listing of privileges, refer to
online help for the DCL command SET
PROCESS/PRIVILEGES.
PROCESS= Specifies the use of one or more of the
(keyword[,...]) process control system services, as specified
by the following keywords:
ALL Use of any of the process
control system services
CREPRC All use of $CREPRC
DELPRC All use of $DELPRC
SCHDWK Privileged use of $SCHDWK
CANWAK Privileged use of $CANWAK
WAKE Privileged use of $WAKE
SUSPND Privileged use of $SUSPND
RESUME Privileged use of $RESUME
GRANTID Privileged use of $GRANTID
REVOKID Privileged use of $REVOKID
GETJPI Privileged use of $GETJPI
FORCEX Privileged use of $FORCEX
SETPRI Privileged use of $SETPRI
Privileged use of a process control system
service means the caller used GROUP or WORLD
privilege to affect the target process.
SYSGEN Specifies the modification of a system
parameter with the OpenVMS System Generation
utility.
TIME Specifies the modification of system time.
|
|
