6 access violations report – HP Sentry User Manual

SENTRY User’s Guide

Section 3 - 17

Fitzgerald & Long

3.6 ACCESS VIOLATIONS REPORT

The SENTRY Access Violations Report is an audit report of violations logged by SENTRY for Database
Commands and for User Defined Items. Each attempt to use a restricted command by an unauthorized user
is reported here.

SENTRY.VIOLATION.REPORT SENTRY Access Violations 12:16:56 08-08-00

Key#

Date

Time

tty

Login Id

Pathname

Violation Item

===== =======

====

=============

========

============

==============

V27

08/04/95

01:55PM

/dev/pty/ttyp2

peggy

/usr/sentry.dev

Command

Executed -

DELETE VOC RTP3

One record listed.

Figure 41 - This is a sample report of the SENTRY Violations Log. Each attempt to use a restricted
command by an unauthorized user is reported.

Each attempt to use a restricted command is logged in SENTRY's violation log and may also be displayed
at the system console if desired. The report of security violations show the date and time of occurrence, the
port, the user ID, the specific account where the violation occurred and the full command which was
attempted. Applications using SENTRY's User Defined Items may also create violation records which will
contain the user item being protected and a user specified comment, in addition to the standard information.
The System Administrator should print and review the Violations Report frequently in order to monitor
user actions. SENTRY allows the violation log to be purged selectively or in whole after the report has
been printed.

The following paragraphs describe the fields on this report.

Key# - This is the record ID generated by SENTRY as a key to that specific violation entry.

Date/Time - This is the date and time on which the violation occurred.

tty - This field is the device to which the user was connected when the violation occurred.

Login ID - This is the User ID in effect when the violation occurred.