LISTSERV - HP3000-L Archives

HP3000-L Archives

July 2008, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L July 2008, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: FW: [HP3000-L] Finding stream job signons
From:	"Bahrs, Art" <[log in to unmask]>
Reply To:	Bahrs, Art
Date:	Tue, 22 Jul 2008 13:51:57 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (71 lines)

Hi Jim & Mark :)
   Possible idea to explore:

    UDC/Command file replacement for stream command that creates your
audit trail for each and every job launch by all users whether they
should be doing it or not...You could have the UDC/command file/script
write out the information about the job being streamed and who is doing
it and when to both a log file of sorts *AND* the console...

    I did this with several programs (IOBOF, GOD, etc)in a former life
so that when a user other than the "command staff of the 3k" tried to
execute them... The Console printed a record of who, what where and when
and if they succeeded... If this was done outside of certain time
periods ... I got a page from the system with a specific numeric value.

    Was very funny (in a sick, paranoid, grim way ... I know I am a sick
puppy hehehe) when I narrowed down who was trying to use the GOD program
since we didn't have it!!! ... We had IOBOFX or whatever SRN named their
Nugget  I created the UDC when I noticed some "weird" system activity
and attempts to run SYS account programs and things...

    You can even nowadays with the POSIX shell do all sorts of other
wonderful things like emailing yourself details... Putting up TCPDUMP
and invoke it to watch who was streaming the job... All sorts of fun to
be had :) :) 

Art "off to get certified on Network Penetration Testing" Bahrs

Thanks,
Art
Art Bahrs, CISSP 
Security Engineer 
Providence Health & Services 
[log in to unmask] 
Phone: 503-216-2722 

-----Original Message-----
From: HP-3000 Systems Discussion [mailto:[log in to unmask]] On
Behalf Of Mark Wonsil
Sent: Tuesday, July 22, 2008 1:36 PM
To: [log in to unmask]
Subject: Re: FW: [HP3000-L] Finding stream job signons

Jim wrote:
> >I'm really looking for the batch signons. We have MANMAN, and some 
> >commands allow the user to submit a job via the output options. I'm 
> >doing this for auditing purposes - we want to limit the ability to 
> >submit jobs just to our batch signons. We don't want the application 
> >users to have the ability to submit jobs.

How about removing BA capability from the users? 

(:ALTUSER USER;CAP=-BA)

That would prevent them from submitting jobs. They could alter the !JOB
line for a different user but they'd have to know the password, which is
an entirely different auditing exercise...

Mark W.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

DISCLAIMER:
This message is intended for the sole use of the addressee, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone the message or any information contained in the message. If you have received this message in error, please immediately advise the sender by reply email and delete this message.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU