Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF (410 Views)
Reply
Frequent Advisor
gunners
Posts: 67
Registered: ‎06-27-2011
Message 1 of 5 (460 Views)
Accepted Solution

OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Hi ,

OPENVMS V7.3 or 8.3

Just wondering if I log in as myself  (as a priv user) - I then go into UAF > mod system/passwd='******' on a certain date

How do I find out and prove that it was me changed it on that certain date  - is there an audit facility - accounting etc ?

or some way of finding out that the command above was used by me on that date - either in a log somewhere or ?

 

Yes its for an auditor :(

 

Honored Contributor
Volker Halle
Posts: 5,209
Registered: ‎04-26-2004
Message 2 of 5 (455 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

 

$ ANALYZE/AUDIT/EVENT=(SYSUAF)/FULL SYS$MANAGER:

 

extracts the SYSUAF modification events from the Security Audit Journal.

 

Volker.

Frequent Advisor
gunners
Posts: 67
Registered: ‎06-27-2011
Message 3 of 5 (446 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Great stuff Volker thanks a mill , and can you do it by dates etc? - ie /sin=12-jan-2013/before=12-feb-2013 etc
Honored Contributor
Volker Halle
Posts: 5,209
Registered: ‎04-26-2004
Message 4 of 5 (444 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Did you know, that OpenVMS has HELP ?!

 

Try $ HELP ANALYZE/AUDIT

 

Volker.

 

Honored Contributor
John Gillings
Posts: 2,995
Registered: ‎07-31-2003
Message 5 of 5 (410 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

and just in case it's not already enabled:

 

$ SET AUDIT/AUDIT/ENABLE=AUTHORIZATION

 

(and yes, you do need AUDIT/AUDIT).

 

A crucible of informative mistakes
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.