[an error occurred while processing this directive]

HP OpenVMS Systems

ask the wizard
Content starts here

Performing Security Audits?

» close window

The Question is:

 
Not quite sure of the version but our machine is 8 years old.  Its Microvax
 3100 model.
 
Question:  I'm currently doing an audit of our VAX machine and generate reports
 via dir/security command.  However, instead of printing these reports, please
 inform me how to direct the output to a file, and download the file so I can
 interrogate them usi
ng say, ACL.
 
If not possible for our environment, please inform me if its possible for a
 background printing of these reports instead of the SYSTEM user account logged
 into the system the whole time the report is being printed.
 
Thanks in advance for you help.  Will appreciate if you could respond the
 soonest possible.

The Answer is :

 
  The OpenVMS Wizard will assume you are not particularly familiar with
  OpenVMS.  For the purposes of this particular auditing question, the
  OpenVMS Wizard would strongly encourage reading the existing OpenVMS
  system security manual and the OpenVMS User's Guide -- as a start.
 
  The literal answer to the question posed involves using the DCL command:
 
    DIRECTORY/SECURITY/OUTPUT=filename
 
  at its simplest, and this is likely what is already being done.
 
  The printing operation itself occurs based on the contents of the files
  specified on a PRINT command or via a $sndjbc system service call, and
  somewhat less commonly via an application that is coded to send its
  output intended for printing directly to a spooled printer device.
 
  The most typical approach for auditing would involve using available
  DCL lexical functions or system services to evaluate the configuration
  and to generate an output file, and then printing or emailing the report.
  This is far more flexible than using the DIRECTORY command, and is also
  more reliable than the (unsupported) parsing of the output from the
  DIRECTORY command.
 
  Processing ACLs often comprises resetting the ACLs, as examination of
  the ACLs for typical auditing purpises usually requires the use of an
  executable program.
 
  The OpenVMS Wizard is not familiar with the acronym "ACL" in the
  context of downloading files for interrogation, usually reserving the
  ACL acronym for an Access Control List.
 


  

     
     
answer written or last revised on ( 23-AUG-2000 )

     
» close window