| |
NetWare is installed with auditing disabled for each container. Consequently, you must enable auditing to begin to accumulate container audit data.
The first time you enable auditing, AUDITCON creates an Audit File object for the container audit trail you're enabling. This Audit File object remains in place when you disable auditing.
NOTE: To enable auditing for a container with a password, one of the two following conditions must exist:
(1) The server that contains the master replica must have the parameter Allow Audit Passwords set to ON.
or
(2) the server you are logged in to must have a replica of the partition that contains the container you want to audit.
Under the second condition, choose Change Replica from the Available Audit Options menu, then choose the server containing the read/write replica and set Allow Audit Passwords to ON for the server containing the replica.
When the auditor logs in to audit the container, the auditor will be prompted for a password for the container. This password is the one specified by the administrator. Once the auditor is logged in to the container, he or she must change the password to protect the data.
From menu 1010, choose the desired container to be audited and press F10.
To enable auditing of the container, choose Enable container auditing from the Available audit options menu.
This option is available only in menu 1102 (when auditing is not already enabled for the container). AUDITCON then checks the container object's Audit File Link to determine whether the container already has an Audit File object; if so, AUDITCON enables auditing and returns to menu 1101.
If the container does not have an Audit File object (for example, auditing was not previously enabled for this container), AUDITCON creates an Audit File object in the container.
The name of the Audit File object is AFOid_contname, where id is a counter used if there is already an object with the desired name, and contname is the name of the container. For example, if the container name is FINANCE.ACME, then the Audit File object would be named AFO0_FINANCE.ACME, or if that object already exists, then AFO1_FINANCE.ACME.
NOTE: If having an independent auditor is important to you, you might want to set the Access Control List and Inherited Rights Filter for the Audit File object to prevent access by administrators who are not auditors.
AUDITCON builds links from the Audit File object and Container object to each other. The server gives you the Supervisor object right to the Audit File object, and the Write right to the Object Trustees (ACL) property. In addition, AUDITCON gives you Read and Write rights to the Audit File object audit Policy property, and Read rights to the Audit Contents property. See Controlling Access to Online Audit Data for information on giving other auditors rights to the Audit File object.
AUDITCON enables auditing for the container and returns to menu 1101.
NOTE: When auditing is enabled for the first time on a container, there are no events selected. You should continue by using menu 1497, 1498, or 1499 to select the desired audit events.
When the server creates the audit file, it defines a password hash that can never be matched by a hashed password submitted by AUDITCON. If you intend to permit password-based access to the audit files, you must set the console parameter ALLOW AUDIT PASSWORDS=ON and use AUDITCON (Auditing configuration menu, Change audit password or Set audit password menu) to set an audit password for the audit files.
See note under Change Replica in this chapter for additional information.
| |