CXL - Securing your mid-range systems.

unix, os400 vms security reviews
OS/400 security reviews
Oracle security reviews
unix, os400 vms security reviews
CXL review service
unix, os400 vms security reviews
unix, os400 vms security reviews
unix, os400 vms security reviews
Unix security reviews
 
unix, os400 vms security reviews
AZScan users
unix, os400 vms security reviews
unix, os400 vms security reviews
 
VMS reviews security
 
unix, os400 vms security reviews
Purchase azscan
 
VAX/VMS SYSTEM AUDIT PROGRAM
Contributed by Andy Ellweig (ecintaud@aol.com) to Auditnet http://www.auditnet.org/

INTRODUCTION

This program is designed to enable the auditor to examine and test the effectiveness of general controls, procedures, and security for DEC VAX/VMS operating system/logical security.

The auditor's study of internal controls includes two phases:
" Obtaining knowledge and understanding of the procedures and methods prescribed.
" Obtaining reasonable satisfaction that the prescribed procedures are in use and operating as planned.

Where AZScan-VMS/AZScan can assist in this work, the section is marked in red.


DEC VAX/VMS Operating System/Logical Security Controls

OBJECTIVES

" To ensure that adequate protection against intentional or unintentional damage to data files, libraries, and other resources exists, using DEC VAX/VMS security features.
" To ensure that controls are present to limit users, operators, and programmers to only those operations necessary to perform their duties.

Introduction

The DEC VAX Open VMS environment often consists of a large integrated system with several VAX computers connected through a network link (i.e., DECnet). Users share a variety of system resources including application programs, data files, and network terminals to meet their data processing needs.

DEC VAX/VMS security contains many features and options which may be turned on or off depending on the security and performance requirements of the particular installation.

DEC VAX Open VMS OS System accounts

The DEC VAX Open VMS Operating System has several VMS Accounts (vms_account_name) pertinent to audit review, of which the system accounts are the most important:

SYSTEM - allows the system administrator to log in with full privileges to the system, thus overriding UIC or ACL security. Default password is MANAGER.
FIELD - allows DEC field services personnel to check out a system and run diagnostics. Default password is SERVICE.
SYSTEST - sets up appropriate environment for running the User Environment Test Package (UETP). Default password is UETP.
SYSTEST_CLIG - used by UETP in cluster testing for a network login test. Account is delivered disabled.
DECNET - default DECnet account permits access to a system from remote nodes without specifying the account and password information. Account is used for file transfer and network management. Default password is DECNET.

1. Determine if the "SYSTEM" account is being used. Verify that the default password, "MANAGER" has been changed.
AZScan-VMS Section 4.1 AC-SYSTEM system account

2. Evaluate use of the SYSTEM account and associated SYSTEM account controls regarding the use of:
" PWDMINIMUM.
" PWDLIFETIME.
" REMOTE.
" NETWORK.
" DIALUP.
" Default Privileges.
" Enabled Auditing.
AZScan-VMS Section 4.1 AC-SYSTEM system account

3. Determine if the "FIELD" account is being used. Verify that the default password, "SERVICE" has been changed. Evaluate use of the FIELD account. It should be provided only on an "as-needed basis" through the DISUSER setting in the account. Network access for this account is not normally required (NETWORK, DIALUP, and REMOTE) and should be removed.
AZScan-VMS Section 4.2 AC-FIELD field account

4. Determine if the "SYSTEST" account is being used. Verify that the default password, "UETP" has been changed. Evaluate use of the SYSTEST account. It should be provided only on an "as-needed basis" through the DISUSER setting in the account.

5. Determine if the "SYSTEST_CLIG" account is being used. Test to ensure that the account has been set-up as password protected. Evaluate use of the SYSTEST_CLIG account. It should be provided only on an "as-needed basis" through the DISUSER setting in the account.

6. The DECNET account should be controlled to minimize the possibility of remote users gaining unauthorized access to local system privileges. The DECNET account should be provided only on an "as-needed basis" through the DISUSER setting in the account or flagged as "RESTRICTED".

Determine if the DECNET account is used. Test to ensure that the default password, "DECNET" has been changed by attempting to log-in to the system. Evaluate its use, and whether it has been set-up with the following restrictions which are used to ensure an appropriate level of control for this account:
LOGIN disabled?
NON-PRIVILEGED?
Is FAL (File access listener) disabled?
Are all special privilege (I.e., OPER, BYPASS, WORLD) removed from the DECNET account? Only default privileges should be included (NETMBX, TMPMBX).


DEC VAX Open VMS OS Management accounts

7. Determine if the "DEFAULT" account is being used. Test to ensure that the default password, (e.g. "DEFAULT") has been changed by attempting to log-in to the system. Evaluate use of the DEFAULT account. It should be provided only on an "as-needed basis" through the DISUSER setting in the account.

8. Determine if GUEST Accounts are used and evaluate their use. (GUEST accounts do not require a password).

9. CAPTIVE accounts are used to restrict a user's control access to theVMS OS DCL prompt (aka the Command Line) via restrictions to a particular command procedure upon login. Determine whether CAPTIVE accounts are used, evaluate their use, and evaluate the use of the following restrictions to control such accounts:
have the CAPTIVE and DISCTRLY flags been set in the CAPTIVE account?
have the LOCKPWD, DEFCLI, DISWELCOME, DSMAIL, and DISNEWMAIL flags been set?
Has the login command file, LGICMD, been defined in the captive account?
Is PRCLM = 0 (limits the number of subprocesses that can be spawned)?
Compensating controls: Flags set = DISMAIL, DISNEWMAIL
Is the group UIC for the captive account unique?
AZScan-VMS Section 5.9 CAPTIVE non-captive
AZScan-VMS Section 8.1 CAPTIVE captive

RESTRICTED accounts are similar to CAPTIVE accounts and are used to restrict a user's control access to theVMS OS DCL prompt (aka the Command Line) via restrictions to a particular command procedure upon login. Restricted accounts may be used instead of CAPTIVE accounts because some vendor software packages/languages spawn sub-processes which the CAPTIVE accounts cannot process appropriately. Determine whether RESTRICTED accounts are used and evaluate their use.
AZScan-VMS Section 8.12 RESTRICTED flag - restricted

10. PROXY accounts are recommended in DEC VAX Open VMS as an alternative to straight DECNET access - user name and password information in the DECNET command line travels accross the network in clear ASCII form. If an intruder gains access to a system with PROXY accounts, he/she can gain access to multiple systems through the use of PROXY accounts on each system. PROXY login permits a user logged in at a remote node to be logged in automatically to a specific account at a local node, without having to supply access control (e.g., user ID/password) information. The remote user must have a PROXY account on the remote node that maps to a local user account. The remote user assumes the same file access rights and default privileges of the local account. To limit access, the local account for the remote PROXY user should have only normal privileges (i.e., NETMBX and TMPMBX) to limit access. The existence of NETUAF.DAT is necessary before PROXY accounts can be added. Determine if PROXY accounts (non-privileged accounts) are used and evaluate their use.

11. FAL (File Access Listener) accounts are used to provide authorized access to the file system of a DECNET node on behalf of processes executing on any node in the network. Determine whether FAL accounts are used, evaluate their use, and evaluate the use of the following restrictions which are used to ensure an appropriate level of control for such accounts:
Is the FAL account password protected and doesn't use an easily guessed password such as FAL?
Is the group code in the UIC for the FAL account different from every other account in the system?
Is the FAL account set-up with only TMPMBX and NETMBX privileges?
Is the FAL account set-up to have only NETWORK access authorized?
Is the FAL directory set-up with the access set of (S:RWE,O:RWE,G:RWE,W), thus restricting access by the DECNET account?

12.The default DECNET account and the TASK 0 object, together, enable an outsider to become a non-privileged user on the system. Once in the system, a knowledgeable user could use the COPY command procedure to copy to a remote node and then use the TYPE command procedure to immediately cause it to execute. This method has been used for virus attacks. Many system administrators find TASK 0 to be very useful (e.g., for managing multiple systems). If TASK 0 is used , controls should be implemented to limit access by unauthorized users.

Determine whether TASK 0 is used, evaluate its use, and evaluate the use of the following restrictions which are used to ensure an appropriate level of control for such accounts:
Are different accounts, directories, and UICs used for the FAL object and default DECNET account?
Is the name of the FAL directory greater than 12 characters?
Has owner-delete permission been removed from the FAL directory?

13. Determine whether SERVER accounts are used, evaluate their use, and evaluate the use of the following restrictions which are used to ensure an appropriate level of control for such accounts:
Is the SERVER account password protected and doesn't use an easily guessed password such as SERVER?
Is the SERVER account set-up with only TMPMBX and NETMBX privileges?
Is the SERVER account set-up to have only NETWORK access authorized?

14. Determine if the ALLIN1 account is used, evaluate its use, and verify that the password is not set to MANAGER or ALLIN1 which are commonly used passwords for this account.

15. Determine if the MRGATE account is used, evaluate its use, and verify that the password is not set to VMSMAIL which is a commonly used password for this account.

16. Determine if the MRMANAGER account is used, evaluate its use, and verify that the password is not set to USPS which is a commonly used password for this account.

 


DEC VAX Open VMS OS Micro VAX (Pathworks) accounts

17. Determine if the USER account is used, evaluate its use, and determine if it is password protected (USER account is delivered without a password). If USER account is password protected, verify that the password is not set to USER which is a commonly used password for this account.

18. Determine if the USERP account is used, evaluate its use, and determine if it is password protected (USERP account is a privileged account which is delivered without a password). If USERP account is password protected, verify that the password is not set to USERP which is a commonly used password for this account.



DEC VAX Open VMS OS System Files

Determine if the following system files are used and evaluate controls (system files typically should be accessible only to system-level accounts/users). To ensure that access is restricted to system-level users only, the following privileges should be set for the system files listed in steps 19 - 24: (S:RWED,O:RWED,G,W) which indicates that the system and owner have READ, WRITE, EXECUTE, and DELETE privileges, while the group and world do not have any privileges associated with the file.

19. SYS$SYSTEM:AUTHORIZE.EXE
20. SYS$SYSTEM:NETUAF.DAT (or NETPROXY.DAT for V5)

Examine the NETUAF.DAT (NETPROXY.DAT for V5) and determine if the access set is equal to(S:RWED,O:RWED,G,W)?

21. SYS$SYSTEM:SYSUAF.DAT

System User Authorization File (SYSUAF) identifies users and associated restrictions. Each User has a corresponding record in the SYSUAF file. Record entries control users' access types/privileges and restrictions. Examine the SYSUAF.DAT file for group or shared accounts that may possess other than basic DEC VAX Open VMS privileges.

22. SYS$SYSTEM:FTSVQUEUE.DAT
23. SYS$MANAGER:VAXNOTES$STARTUP.COM
24. SYS$SYSTEM:FTSVACC.DAT


Determine if the following system files are used and evaluate controls. Generally these system files should be restricted from having WORLD WRITE access.

25. SYS$SYSTEM:TDMSEDIT.COM
26. SYS$SYSTEM:TMDSTRTUP.COM
27. SYS$SYSTEM:MODPARAMS.DAT
28. SYS$MANAGER:SYSHUTDWN.COM
29. SYS$MANAGER:SYLOGIN.COM
30. SYS$MANAGER:SYSTARTUP.COM (SYSTARTUP_V5.COM)
31. SYS$MANAGER:LOGIN.COM
32. SYS$MANAGER:STARTNET.COM
33. SYS$MANAGER:LOADNET.COM
34. SYS$MANAGER:RTTLOAD.COM

 

DEC VAX Open VMS OS VAX/VMS User Privileges

The DEC VAX Open VMS OS controls User access/privileges through a variety of mechanisms, which must be evaluated:

User Identification Codes (UICs) - the auditor needs to review the organization's security scheme relative to the formation of UIC groups and assignments of users within those groups/assignments. UIC protection is a system of codes that define the type of access a user has to files or programs. These codes can be numeric or alphanumeric. The UIC identifies which group the user falls into.
AZScan-VMS Section 6.1 SHUICS shared uics
AZScan-VMS Section 6.2 LOWUICS low value uics

Access Control Lists (ACLs), segregating users into UIC groups is sufficient for most files or objects on the system. Sometimes, a user must have access to a file within another user's group. Instead of giving someone unlimited access to all files within the UIC, ACLs are used. ACLs are a group of entries in the Rights Data Base (RIGHTS.DAT) specifying Access Attributes. Each entry in the ACL is known as an access control entry. ACLs can be defined for files, directories, or physical devices (e.g., disk drives). In addition, specific system-defined identifiers correspond directly with the types of log-ins allowed (e.g., dial-up or network log-in types).

Object Ownership, requires that a UIC be assigned to an object (i.e., a file or directory), and then extends flexibility in specifying the type of user access to that object. Object ownership allows the System Administrator to specify user access according to four types of ownership, which are:
- System (S) - all users with system privilege;
- Owner (O) - the user who created the object;
- Group (G) - all users within the same UIC group;
- World (W) - all users.

Note: The following privileges refer only to file objects, however, access to other objects (e.g., directories or volumes) is similar.
For each of these categories, an Access Type can be assigned:
- Read (R) - the user can read, print, or copy a file;
- Write (W) - the user can change or update the file;
- Execute (E) - the user can execute a file that is an executable program or image;
- Delete (D) - the user can delete files;
- Control (C) - the user can change the access type, or protection setting, on a file or object.

DEC VAX Open VMS OS Assigning User Identifcation Codes (UICs)

UICs protection is a system of codes that can define the type of access a user has to files or programs. The UICs on a system must be controlled to ensure that a unique UIC is assigned to each user. The UIC consists of a group number and a member number in the format [group,member]. The SYSGEN parameter MAXSYSGRP is used to define the set of UIC group numbers that is used to grant the user system privileges. Any UIC group number less than (<) or equal to (=) MAXSYSGRP has SYSTEM privileges. The value of MAXSYSGRP should range from 1 - 10 for most systems. In most VAX Open VMS shops, the default of MAXSGROUP is 8.

35. Determine what is value of the MAXSGROUP systems generation parameter and evaluate control of UICs relative to its setting.

36. Evaluate the account structure design established for UIC groups, as a control mechanism.

37. Determine if security procedures prohibit system administrators from reusing UICs of removed users. If a UIC is reused, the new user could inherit the access rights of the old user through existing ACL entries.

AZScan-VMS Section 6.1 SHUICS shared uics
AZScan-VMS Section 6.2 LOWUICS low value uics

DEC VAX Open VMS OS Default User Authorization File (UAF)

38. The UAF contains a record for each user. The default UAF is used as a template from which all other user accounts are made. When the ADD command is used to create a new account, the default UAF is automatically used. Therefore, it is important that the parameters within this account be carefully set. Review the default UAF record for the following:
no security problem qualifiers e.g.,/PRIVILEGES=SYSPRV;
LOGIN FLAGS - suggested values are: GENPWD
NODISREPORT PWD_EXPIRED
PWDMINIMUM - suggested values are 6 to 8;
PWDLIFETIME - less than or equal to 180 days;
PWDCHANGE - should be Pre-expired;
AUTHORIZED PRIVILEGES - should be: TMPMBX NETMBX
DEFAULT PRIVILEGES - should be: TMPMBX NETMBX
AZScan-VMS Section 4.3 AC-DEFAULT default account

39. Determine if security procedures address the adding of users, granting of privileges beyond default level (Authorized vs. Default), and the removal of users.

40. DEC VAX Open VMS OS allows privileges that generally should be limited to only system administrators and security officers. Review user accounts & evaluate use of the following privileges:

BYPASS - allows a user to read, write, execute, or delete any file on the system. All UIC and ACL protections are ignored.
AZScan-VMS Section 10.5 BYPASS privilege - bypass

CMKRNL - allows a user's process to change its access mode to kernal, execute a specified routine, and then return to the access mode that was orginally in effect.
AZScan-VMS Section 10.7 CMKRNL privilege - cmkrnl

GRPPRV - allows a user's process access to a file using the file's SYSTEM protection when the group number of the process matches the group number of the file owner. With this privilege a user can indirectly acquire privileges granted to other group members.
AZScan-VMS Section 10.13 GRPPRV privilege - grpprv

LOG_IO and PHY_IO - allows a user to read and write directly to devices. Users with these privileges could destroy information on the system device, destroy user data, intercept user passwords, and expose information to unauthorized persons.
AZScan-VMS Section 10.14 LOGIO privilege - logio
AZScan-VMS Section 10.19 PHYIO privilege - phyio

PFNMAP - allows a user's process to map to special physical pages of memory no matter who is using those pages.
AZScan-VMS Section 10.18 PFNMAP privilege - pfnmap

READALL - permits a user to bypass existing restrictions placed on files, allowing the file to be READ and the protections on the file to be changed. Allowing the modification of file protections could lead to deletion or modification of the file.
AZScan-VMS Section 10.24 READALL privilege - readall

SETPRV - allows the user to grant himself/herself any privilege using the SET PROCESS/PRIVILEGES command.
AZScan-VMS Section 10.26 SETPRV privilege - setprv

SYSNAM - allows a user to insert names into and delete names from the system logical name table. With this privilege, the user could redefine critical system logical names, such as SYS$SYSTEM and SYSUAF, thus gaining control of the system.
AZScan-VMS Section 10.31 SYSNAM privilege - sysnam

SYSPRV - gives a user the privileges of a system UIC when accessing files.
AZScan-VMS Section 10.32 SYSPRV privilege - sysprv

DEC VAX Open VMS OS User-Owned Files (ACL-Based) Protection

It is important that proper protection attributes be associated with directories, files, and devices. A sytem administrator can define default-protection Access Control List Entries (ACEs) that are associated with the directory within which the files are created. Since there could be more than one entry for a directory or file, an Access Control List (ACL) of all entries is used. The ACL specifies UIC, identifier, and alarm protection attributes associated with all files created within a given directory.

41. Verify with the Systems Manager if ACLs are used to protect at the device level. Also, identify if production data files and system directories are secured by ACLs. (NOTE: ACL overrides UIC protection).

42. Determine whether VMS procedures exist to identify which files are controlled by ACLs and the intent of the control.

43. Evaluate whether ACL Alarms are being utilized to monitor violations against Access Control Entries.

44. Evaluate how clusters are structured from a security stand-point

45. Evaluate use of ACL's within high risk clusters and determine the appropriateness of their use within the system.

46. Are default protection ACEs used on user directories?

47. Are identifier ACEs used to restrict access to a user or group of users?

48. Are identifier ACEs used to restrict access to devices?

Determine if the following system files are used. Evaluate the level of WRITE access allowed. WRITE access to system files should be limited. If WRITE access is allowed, are ACL's used to audit WRITE access to these system files:

49. SYS$SYSTEM:SYS.EXE?
50. SYS$SYSTEM:F11BXQP.EXE?
51. SYS$SYSTEM:LOGINOUT.EXE?
52. SYS$SYSTEM:DCL..EXE?
53. SYS$SYSTEM:JOBCTL.EXE?
54. SYS$SYSTEM:JBCSYSQUE.EXE?
55. SYS$SYSTEM:SYSUAF.EXE or SYS$SYSTEM:SYSUAF.DAT or SYS$SYSTEM:AUTHORIZE.EXE?
56. SYS$SYSTEM:NETUAF.DAT (or NETPROXY.DAT for V5)?
57. SYS$SYSTEM:RIGHTSLIST.DAT?
58. SYS$SYSTEM:STARTUP.COM?
59. SYS$LIBRARY:SECURESHR.EXE?
60. SYS$MANAGER:SYSTARTUP.COM?
61. SYS$MANAGER:VMSIMAGES?
62. SYS$SYSROOT:[000000]SYSEXE.DIR?
63. SYS$SYSROOT:[000000]SYSLIB.DIR?
64. SYS$SYSROOT:[000000]SYSMGR.DIR?
65. SYS$SYSROOT:[000000]SYS$LDR.DIR (for V5)?

 

DEC VAX Open VMS OS Protection for Files & Directories

66. Evaluate if UIC default protection that has been established for file protection and its appropriateness.

67. Evaluate all key production data files that they have appropriate protection. Explain any file with "W:RWED". (NOTE: It means read, write, execute, and delete access to the world.). The following systems should be reviewed, if applicable:
Customer Master;
Vendor Master;
Human Resources/Payroll;
Cost;
Price;
Part.

68. Evaluate protection set for key system directories and explain any directory with "W:RWED", e.g. examples:
DECNET no more than W:RE;
SYSMGR no more than W:RE;
SYSSEXE no more than W:RE.

69. Determine if there are adequate audit trails for identifying, reviewing, and reporting in regards to programs/files access.

Determine if additional controls have been established for a number of incorrect password attempts. Examples of such controls include setting special flags for a number of incorrect passwords. Examples are:
" 5 incorrect passwords; ID is flagged and reported in Operator Log audit trail as a "suspect". Also logs server and port in addition to ID.
" 6 incorrect passwords; ID is flagged and reported in Operator Log audit trail as a "intruder". Also logs server and port in addition to ID. ID is locked out of system. Need to contact DP Security to reset.

DEC VAX Open VMS OS Individual Accountability

The DEC VAX Open VMS OS enforces individual accountability if the following restrictions are applied:

Unique UICs must be used for all users. The UIC is used as an internal identifier for each user; therefore, unique UICs are important for accountability of actions and UIC-based access control. AZScan-VMS Section 6.1 SHUICS shared uics

A password must be used on each account on the system.

Each user must have a unique account (i.e., no sharing of accounts) for individual accountability (except for captive accounts).

The autologin feature cannot be used since it associates an account with a particular terminal instead of a person.

70. Are all users assigned unique UICs?
AZScan-VMS Section 6.1 SHUICS shared uics
AZScan-VMS Section 6.2 LOWUICS low value uics

71. Are users controlled by login date per the UAF provisions?

72. Are passwords assigned to validate user authorization? Are procedures associated with the setting of initial passwords appropriate?

73. Are passwords generated by the user?

74. Are passwords changed at frequent intervels?
AZScan-VMS Section 2.1 PWDLIFE password life
AZScan-VMS Section 2.3 PWDCHANGES distribution of password changes

75. Are passwords masked at log-in?

76. Several SYSGEN parameters are used to enable the detection and subsequent action of a possible break-in attempt. Evaluate controls regarding the recommended values as follows:
LGI_BRK_LIM less than or equal to 3;
LGI_BRK_TMO less than 300 seconds;
LGI_BRK_DISUSER = 1;
LGI_RETRY_LIM = 2;
LGI_RETRY_TMO less than 20 seconds.

77. Evaluate the policy and procedures in use over:
Minimum Password Length (PWDMINIMUM);
Password Expiration Date (PWDCHANGE);
Last Change Date (PWDLIFETIME).
AZScan-VMS Section 2.2 PWDLENU users password length
AZScan-VMS Section 2.4 PWDLEN password length

78. Evaluate the procedures in use to DisUser accounts that have not been used for periods of time.
AZScan-VMS Section 8.9 DISUSER flag - disuser

79. Evaluate controls over embedded passwords, if applicable.

80. Evaluate controls over duplicate UIC's (same UIC with same user but multiple user accounts.)
AZScan-VMS Section 6.1 SHUICS shared uics

81. Evaluate controls over LOGIN access restrictions like times and days.
AZScan-VMS Section 5.1 LINOI non-interactive logins
AZScan-VMS Section 5.2 LIBOT both types of login
AZScan-VMS Section 5.3 LIINT interactive logins
AZScan-VMS Section 5.4 LLOGINS last logins
AZScan-VMS Section 5.5 LIFAIL login failures

 

82. Determine if there is any limit to the number of incorrect password attempts and what the results are.

83. Is autologin restricted from use?

DEC VAX Open VMS OS Terminal Security

Terminals are the only means of establishing a communication with the system and thus classifying it as the first stepping stone for control and security.

84. Are operator consoles designated to monitor the system activity located in a physically secure area?

85. Is access to the terminals limited to business hours?

86. If any terminals are located in unsecured areas, are login protection methods used such as either :
secure terminal servers;
system passwords.

87. Do terminals lock after a period of inactivity via the use of the "LOCK" feature or otherwise?

88. Identify the Master Terminal or System Console and ensure that it is well controlled and secured from unauthorized access. The physical access to the terminal would depend on a person's access to the building. His/her terminal usage could be controlled through specifying time and days in the User Authorization File.

89. Are terminal services being used? If yes, has the default terminal password "SYSTEM" been changed? Are "Dedicated Services" used where appropriate?

DEC VAX Open VMS OS VAX/VMS Security Mechanisms

90. Identify the "accounting events" that have been enabled and evaluate for appropriateness.

91. Are audit alarms and/or accounting utility features used to determine system security access:
LOGIN failures;
Break-in attempts;
Modifications to the audit file
Determine whether procedures are in place to monitor changes to accounting/alarm events are adequate.

92. Ensure that appropriate file protection and retention is established over the SYS$MANAGER Operator.Log.

93. Evaluate whether procedures exist to regularly archive the current audit log file:
"SYS$MANAGER SECURITY_AUDIT.AUDIT$JOURNAL" on a scheduled basis.

94. Identify whether appropriate security have been established over all audit log files (default, archived, and binary).

95. Review the SET AUDIT events associated with the FILE_ACCESS flag for READALL, BYPASS, SYSPRV, and GRPPRV alarms (e.g. the CONTROL alarm for READALL should be enabled since it provides the ability to change file protection).

96. Identify whether procedures are in place to generate and review on a regular basis, ANALYZE/AUDIT security reports.

DEC VAX Open VMS OS Miscellaneous Exposures

97. Evaluate control over the UAFALTERNATE parameter, if used.
Description of liability - use of UAFALTERNATE:

Indicates whether the system should be bootstrapped using an alternate User Authorization File.
Access to this parameter can violate all security enabled on the system.
Identifying an Alternate UAF when one does not exist will allow the user to login with the first username and password entered following the boot, but does not create a UAF file.

To audit the use of the UAFALTERNATE parameter, invoke the SYSGEN utility and verify the value associated with UAFALTERNATE.

$ RUN SYS$SYSTEM:SYSGEN
SYSGEN> SHOW UAFALTERNATE

RUN SYS$SYSTEM:SYSMAN
SYSMAN> PARAMETER SHOW UAFALTERNATE

OSA
 
www.cxlsecure.com