|
Since the subject of auditing has been bought up I have noticed what appears to be a bit of a hole (at least to me). Find a user that has LMTCPB *NO, security auditing is enabled and the user is one of the audited profiles. The user is set to have commands saved to the audit journal. STRQSH under that user and do a few things, say, "rm somedir" (is that the right command ?) or some other equally innocuous stuff. Where in the audit journal do these commands turn up ? Seems like commands issued under QSH don't get logged or I'm looking in the wrong place. Anyone else come across this or located the where the QSH commands might live in the audit journal ? Or discovered what has to be done to get them there ? The idea of a someone being able choose a different "wavelength" for their commands bothers more than a little bit if this turns out to be correct.... regards Evan Harris +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
