Manualshelf

Technical data

ManualsBrandsCompaq ManualsPrinterLA36
471472473474475476477478479480
Security Considerations
12.8 Using the ACL Editor
As a result of this ACE, any file created in the [MALCOLM] directory has the
following ACE:
(IDENTIFIER=PERSONNEL,ACCESS=READ+WRITE)
Refer to the OpenVMS Guide to System Security for further discussion of the
Default attribute and its effect on the processing of an ACL.
12.8.2 Setting a Default Protection Code
A Default Protection ACE defines a protection code for all files that are
subsequently created in the directory and in any subdirectories under that
directory, unless protection is specified for one of those files individually. The
ACE does not apply if a previous version of the file exists (in this case, the
previous file protection is used). This ACE type has the following format:
(DEFAULT_PROTECTION[,options],protection-code)
For example, the following ACE specifies that users in the system and owner
categories have read, write, execute, and delete access to any files subsequently
created in the directory, and that group and world users have no access:
(DEFAULT_PROTECTION,S:RWED,O:RWED,G,W)
Note
The Default Protection ACE does not apply to existing subdirectories. It
applies to subdirectories created after the ACE is applied to the parent
directory.
12.8.3 Generating Security Alarms and Audits
Security ACEs allow you to specify that an event message be sent when a
protected object is accessed in a particular manner. The security Alarm ACE
directs the event message to the security operators terminal and the security
Audit ACE directs the event message to the system security audit log file.
Refer to the OpenVMS Guide to System Security for more information about how
to use these types of ACEs.
12.9 Auditing Security-Relevant Events
System managers can select the destination for security-relevant event messages.
Alarm messages are sent to the operators terminal and audit messages are sent
to the system security audit log file. You can choose to have an event reported as
an alarm, as an audit, or as both.
12.9.1 Enabling Classes of Security Alarms
The OpenVMS operating system automatically monitors a certain number of
events, as listed in Table 20-6.
You can enable additional classes of events by listing one or more of the
keywords of the /ENABLE qualifier to the DCL command SET AUDIT listed
in Table 12–1.
Security Considerations 1213