Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF (422 Views)
Reply
Frequent Advisor
Posts: 67
Registered: ‎06-27-2011
Message 1 of 5 (472 Views)
Accepted Solution

OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Hi ,

OPENVMS V7.3 or 8.3

Just wondering if I log in as myself  (as a priv user) - I then go into UAF > mod system/passwd='******' on a certain date

How do I find out and prove that it was me changed it on that certain date  - is there an audit facility - accounting etc ?

or some way of finding out that the command above was used by me on that date - either in a log somewhere or ?

 

Yes its for an auditor :(

 

Honored Contributor
Posts: 5,224
Registered: ‎04-26-2004
Message 2 of 5 (467 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

 

$ ANALYZE/AUDIT/EVENT=(SYSUAF)/FULL SYS$MANAGER:

 

extracts the SYSUAF modification events from the Security Audit Journal.

 

Volker.

Frequent Advisor
Posts: 67
Registered: ‎06-27-2011
Message 3 of 5 (458 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Great stuff Volker thanks a mill , and can you do it by dates etc? - ie /sin=12-jan-2013/before=12-feb-2013 etc
Honored Contributor
Posts: 5,224
Registered: ‎04-26-2004
Message 4 of 5 (456 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

Did you know, that OpenVMS has HELP ?!

 

Try $ HELP ANALYZE/AUDIT

 

Volker.

 

Honored Contributor
Posts: 3,002
Registered: ‎07-31-2003
Message 5 of 5 (422 Views)

Re: OPENVMS - How to find out who modified the 'SYSTEM' a/c password in UAF

and just in case it's not already enabled:

 

$ SET AUDIT/AUDIT/ENABLE=AUTHORIZATION

 

(and yes, you do need AUDIT/AUDIT).

 

A crucible of informative mistakes
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.