Security auditing of oss files, How to identify an audited file in audit records, What operations and objects are audited – HP NonStop G-Series User Manual
Page 131
The owner entry is the user name of the new owner of the file. The filename entry is a list of
one or more files whose ownership you want to change. You can also use pattern-matching
characters to specify files.
Enter the chgrp command in the following form:
chgrp group filename
The group entry is the group ID or group name of the new group. Note that to change the group
ownership of a file, you must be a member of the group to which you are changing the file. The
filename
entry is a list of one or more files whose group you want to change.
For more information, see the chown(1) and chgrp(1) reference pages either online or in the
Open System Services Shell and Utilities Reference Manual.
Security Auditing of OSS Files
An important component of a secure file system is the ability to trace the history of security-related
operations on objects in the system. OSS security auditing allows you to collect a history of audited
operations (an audit trail) on a specified set of auditable objects in the system.
OSS security auditing allows you to audit access to objects in the OSS filename space. Audit
commands for OSS objects and operations are provided by Safeguard, and the SAFEART audit
reduction program allows you to search for audit records of operations on OSS files. SAFEART
extracts information from the audit files and produces reports of audited events based on criteria
you specify. SAFEART is described in the Safeguard Audit Service Manual.
Your application program does not need to provide its own file-auditing mechanism. Your system
manager can enable file auditing on a specific fileset. When auditing is enabled, certain application
program activities for any file in that fileset can automatically generate entries in the audit file for
the system where the file is located.
This subsection describes:
•
“How to Identify an Audited File in Audit Records” (page 131)
•
“What Operations and Objects Are Audited” (page 131)
•
“Considerations for File Auditing” (page 133)
How to Identify an Audited File in Audit Records
You can write either an OSS or Guardian application to process audit records. Audit files are
structured files and are easiest to process with a Guardian application. The structure and Guardian
file-naming conventions for audit files, the field names and object types, and the format of audit-file
records are described in the Safeguard Audit Service Manual.
The audit record for an audited file event identifies the file being audited with both its absolute
OSS pathname and the internal name used for it by Guardian access mechanisms. The internal
name includes the creation version serial number (CRVSN) so that a specific instance of a file can
be identified. An audit entry has the following format:
pathname=$volume.subvolume.file_identifier:crvsn
For example:
/bin/ed=$DATA13.ZYQ00001.Z0004G7:1934568735
where 1934568735 is the CRVSN of the file being audited. For more information on the use of
the CRVSN with files, refer to the Open System Services Management and Operations Guide.
What Operations and Objects Are Audited
and
provide a brief overview of the information logged for audited OSS files
and available through the SAFEART program.
lists the audited Guardian procedures that
can be used from an OSS program. For more information about the SAFEART program and auditing,
see the Safeguard Audit Service Manual.
Security Auditing of OSS Files
131