04-18-2013 04:41 AM
OPENVMS V7.3 or 8.3
Just wondering if I log in as myself (as a priv user) - I then go into UAF > mod system/passwd='******' on a certain date
How do I find out and prove that it was me changed it on that certain date - is there an audit facility - accounting etc ?
or some way of finding out that the command above was used by me on that date - either in a log somewhere or ?
Yes its for an auditor :(
Solved! Go to Solution.
04-18-2013 04:48 AM
$ ANALYZE/AUDIT/EVENT=(SYSUAF)/FULL SYS$MANAGER:
extracts the SYSUAF modification events from the Security Audit Journal.
04-18-2013 03:17 PM
and just in case it's not already enabled:
$ SET AUDIT/AUDIT/ENABLE=AUTHORIZATION
(and yes, you do need AUDIT/AUDIT).