OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF (284 Views)
Reply
Frequent Advisor
gunners
Posts: 64
Registered: ‎06-27-2011
Message 1 of 5 (284 Views)
Accepted Solution

OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Hi ,

OPENVMS V7.3 or 8.3

Just wondering if I log in as myself  (as a priv user) - I then go into UAF > mod system/passwd='******' on a certain date

How do I find out and prove that it was me changed it on that certain date  - is there an audit facility - accounting etc ?

or some way of finding out that the command above was used by me on that date - either in a log somewhere or ?

 

Yes its for an auditor :(

 

Please use plain text.
Honored Contributor
Volker Halle
Posts: 5,203
Registered: ‎04-26-2004
Message 2 of 5 (279 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

 

$ ANALYZE/AUDIT/EVENT=(SYSUAF)/FULL SYS$MANAGER:

 

extracts the SYSUAF modification events from the Security Audit Journal.

 

Volker.

Please use plain text.
Frequent Advisor
gunners
Posts: 64
Registered: ‎06-27-2011
Message 3 of 5 (270 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Great stuff Volker thanks a mill , and can you do it by dates etc? - ie /sin=12-jan-2013/before=12-feb-2013 etc
Please use plain text.
Honored Contributor
Volker Halle
Posts: 5,203
Registered: ‎04-26-2004
Message 4 of 5 (268 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Did you know, that OpenVMS has HELP ?!

 

Try $ HELP ANALYZE/AUDIT

 

Volker.

 

Please use plain text.
Honored Contributor
John Gillings
Posts: 2,994
Registered: ‎07-31-2003
Message 5 of 5 (234 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

and just in case it's not already enabled:

 

$ SET AUDIT/AUDIT/ENABLE=AUTHORIZATION

 

(and yes, you do need AUDIT/AUDIT).

 

A crucible of informative mistakes
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation