| |
AUDITCON is stored in SYS:PUBLIC of the server file system, from where it is normally executed by the client workstation. Because AUDITCON runs with your identity and has your rights to the audit trails you manage, it is essential that AUDITCON be write-protected to prevent modification by untrusted users.
Permanently loading AUDITCON on your local trusted workstation is not recommended. Loading it locally has no advantages, and it complicates maintenance of the server Trusted Computing Base.
The audit utilities that configure and access their server's external audit trails must also be protected from modification by untrusted users. See your client documentation for information on the client-specific utilities and how they are protected.
| |