Re: Intrusion attempts

From: Syltrem (syltremzulu_at_videotron.ca)
Date: 02/04/05

• Next message: Roy Osborn: "Re: DE500, Decnet, VMS 6.2 on Alpha 800"
• Previous message: Ed Wilts: "Re: DVE and maximum file count"
• In reply to: Ken Fairfield: "Re: Intrusion attempts"
• Next in thread: Peter Weaver: "Re: Intrusion attempts"
• Reply: Peter Weaver: "Re: Intrusion attempts"
• Reply: Ken Fairfield: "Re: Intrusion attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: Fri, 4 Feb 2005 10:25:42 -0500

"Ken Fairfield" <my.full.name@intel.com> a écrit dans le message de
news:ctu5pb$c4s$1@news01.intel.com...
>
> As John Briggs pointed out, there are security issues if that
> information were sent in a OPCOM message.
>
> On the other hand, the information you seek is available via
> ACCOUNTING (which is where I find it), and mostly via ANALYZE/AUDIT
> (which I haven't tried, so can't guarantee, but would expect it's
> there).
>

After 4 failed login attempts with 3 different usernames, and one ^Z (no
username entered):

In accounting I do not see the usernames used, and only one record with this
message:
%LOGIN-F-NOSUCHUSER, no such user
There is another entry with this message (triggered by the ^Z):
%LOGIN-F-CMDINPUT, error reading command input

OTOH, the audit does not show anything for some reason
I have the auditing enabled for loginfailures:
System security audits currently enabled for:
  Logfailure:
batch,dialup,local,remote,network,subprocess,detached,server
but $ anal/aud/ev=breakin sys$manager:SECURITY.AUDIT$JOURNAL/sin
returns nothing.

Am I doing something wrong?

-- 
Syltrem
OpenVMS 7.3-1 + Oracle 8.1.7.4
http://pages.infinit.net/syltrem (OpenVMS related web site, en français)
---zulu is not in my email address---
>      -Ken
> -- 
> I don't speak for Intel, Intel doesn't speak for me...
>
> Ken Fairfield
> D1C Automation VMS System Support
> who:   kenneth dot h dot fairfield
> where: intel dot com
>

---

• Next message: Roy Osborn: "Re: DE500, Decnet, VMS 6.2 on Alpha 800"
• Previous message: Ed Wilts: "Re: DVE and maximum file count"
• In reply to: Ken Fairfield: "Re: Intrusion attempts"
• Next in thread: Peter Weaver: "Re: Intrusion attempts"
• Reply: Peter Weaver: "Re: Intrusion attempts"
• Reply: Ken Fairfield: "Re: Intrusion attempts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages Re: Q: Convert quadword time to Ascii time in DCL? ... Ken Fairfield wrote: ... posted to c.o.v back in May 1992 by Wolfgang Moeller to be the ... I don't speak for Intel, ... kenneth dot h dot fairfield ... (comp.os.vms) Re: Intrusion attempts ... >>information were sent in a OPCOM message. ... > System security audits currently enabled for: ... I don't speak for Intel, ... kenneth dot h dot fairfield ... (comp.os.vms) Re: removing blanks from a file ... offer a small explanation of the "SS" format specifier (which ... I don't speak for Intel, ... Ken Fairfield ... kenneth dot h dot fairfield ... (comp.lang.fortran) Re: Challenge: Workaround a CVF bug ... Seems to me that the question at hand was just to then copy data from a C string to such a character variable, truncating or blank padding as needed. ... I don't speak for Intel, ... Ken Fairfield ... kenneth dot h dot fairfield ... (comp.lang.fortran) Re: cURL 7.11.0 available for VMS ... Ken Fairfield wrote: ... > OpenSSL requirement would be a significant barrier... ... I don't speak for Intel, ... kenneth dot h dot fairfield ... (comp.os.vms)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)