OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF (459 Views)
Reply
Frequent Advisor
gunners
Posts: 67
Registered: ‎06-27-2011
Message 1 of 5 (459 Views)
Accepted Solution

OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Hi ,

OPENVMS V7.3 or 8.3

Just wondering if I log in as myself  (as a priv user) - I then go into UAF > mod system/passwd='******' on a certain date

How do I find out and prove that it was me changed it on that certain date  - is there an audit facility - accounting etc ?

or some way of finding out that the command above was used by me on that date - either in a log somewhere or ?

 

Yes its for an auditor :(

 

Honored Contributor
Volker Halle
Posts: 5,207
Registered: ‎04-26-2004
Message 2 of 5 (454 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

 

$ ANALYZE/AUDIT/EVENT=(SYSUAF)/FULL SYS$MANAGER:

 

extracts the SYSUAF modification events from the Security Audit Journal.

 

Volker.

Frequent Advisor
gunners
Posts: 67
Registered: ‎06-27-2011
Message 3 of 5 (445 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Great stuff Volker thanks a mill , and can you do it by dates etc? - ie /sin=12-jan-2013/before=12-feb-2013 etc
Honored Contributor
Volker Halle
Posts: 5,207
Registered: ‎04-26-2004
Message 4 of 5 (443 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Did you know, that OpenVMS has HELP ?!

 

Try $ HELP ANALYZE/AUDIT

 

Volker.

 

Honored Contributor
John Gillings
Posts: 2,995
Registered: ‎07-31-2003
Message 5 of 5 (409 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

and just in case it's not already enabled:

 

$ SET AUDIT/AUDIT/ENABLE=AUTHORIZATION

 

(and yes, you do need AUDIT/AUDIT).

 

A crucible of informative mistakes
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.