Manualshelf

Planning and Configuring HP-UX DCE 2.0

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
11121314151617181920
About HP-UX DCE Version 2.0
Notes, Cautions and Warnings Regarding This Release
Chapter 218
HP-UX Integrated Login Utilities
Most systems require the transfer of account information from
/etc/passwd to the DCE Security Registry before the system can be
useful.
The /usr/sbin/auth.adm script is supplied to activate the integrated
login utilities once your system has been set up with the needed
accounts. See Chapter 6, Configuring HP-UX DCE Cells, on page 47 for
more information about using the /usr/sbin/auth.adm script.
Do not use the auth.adm script to activate the HP-UX Integrated login
utilities until after you have set up the accounts necessary for your site
in the DCE security service registry.
The DCE Audit Service
The DCE Audit Service was first released with HP-UX DCE 1.4.x; the
DCE Audit Service provides auditing capabilities for DCE Security and
Time services.
By default, all audit events are disabled (not logged). As part of the
default DCE configuration start-up, the DCEAUDITFILTERON environment
variable is set. When set, the DCEAUDITFILTERON environment variable
specifies that audit event filtering must be utilized to enable logging the
desired set of audit events.
To enable auditing, the auditd server process must be started on any
system where auditing is desired. As part of the standard DCE
configuration start-up for auditd, a set of audit filters is specified for the
Security, DTS and auditd server processes. (You can modify these filters
as necessary for your site.).
You will need to do some planning to determine the degree of audit
proper for your site, and to allow for disk space overhead for your audit
logs. If you want to do some auditing, such as logging and tracking
modifications to the security registry database, audit filtering is highly
recommended. By using audit filtering, it is possible to change the types
of events being audited dynamically, without needing to restart the
servers for the changes to take effect.
Administrators must periodically monitor the size of the Security audit
logs on the Security server machines. Each audit trail log consists of two
files the actual trail log file and the associated index file. These logs
are in: