[Info-vax] Move SECURITY.AUDIT$JOURNAL off the system disk?
Bob Koehler
koehler at eisner.nospam.encompasserve.org
Wed Aug 3 09:44:09 EDT 2011
In article <89gi37557klul1n8ahhn0cf366u1ua21fg at 4ax.com>, Joe Bloggs <JBloggs at acme.com> writes:
>
> $! reply/enable/temp
> $ set audit/journal/destination=device:[dir]SECURITY.AUDIT$JOURNAL
> $ set audit/server=new_log
> $! reply/dis
Not only putting it in a non-standard place, but also giving it
a non-standard name are good techniques. If someone familiar
with VMS finds a weak password or succeeds in social engineering
and gets into your system, the first thing they may do is look
for that file to erase records of thier actions.
More information about the Info-vax
mailing list