[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference noted::hackers_v1

Title:-={ H A C K E R S }=-
Notice:Write locked - see NOTED::HACKERS
Moderator:DIEHRD::MORRIS
Created:Thu Feb 20 1986
Last Modified:Mon Aug 03 1992
Last Successful Update:Fri Jun 06 1997
Number of topics:680
Total number of notes:5456

343.0. "NOGOODNIKS" by CHUCKL::SSMITH () Wed Oct 29 1986 13:18

    Any neat little tricks (traps) out there for knowing when 
    someone is messing around in your account????? This person
    has priv's, and the EXPIRED date field is NOT active on this
    cluster.
T.RTitleUserPersonal
Name
DateLines
343.1alarm ACE's?FROST::HARRIMANknees are wierdWed Oct 29 1986 19:0515
    
    Set ACLs with ALARM ACE's, look for either SUCCESS or FAILURE -
    your choice...
    
    Either that or set auditing for use of the BYPASS or SYSPRV privs
    to successfully access something...
    
    note - you can only do this if you are a system mangler or you are
    on good terms with the system mangler...
    
    Look in Volume 4A of the VAX/VMS manuals under Access Control List
    Editor, or the guide to system security on VMS.
    
    /pjh
    
343.2SECPACK does it now!SEDSWS::KORMANTGIFMon Nov 03 1986 08:4110
 Securpack has some good utilities for sorting out file access alarms - you
could ask you system mangler to give you a copy of SECPACK_REPORT_SECURITY.COM
and modify it to suit. You will also need READALL priv or an ACL that allows
you to access OPERATOR.LOG using BACKUP/IGNORE=OVER.

I use this method successfully as a self-resubmitting batch job that runs
each day at 23.45 hours.

Dave K