Previous Page: Auditing in a Client-Server Network  Next Page: Overview of Auditor Responsibilities

Creating the Auditor Account

For an auditor to audit the operation of a NetWare server, a network administrator must first create an account for the auditor.

The following procedure describes how an administrator creates your auditor home directory, creates your auditor User object, gives your Auditor object rights to the home directory, and maps a drive on your client workstation to the audit programs on the server.


Procedure

  1. Create a directory in the file system for the auditor to use.

    The auditor needs space to store audit reports. Consider creating a directory in SYS:HOME or wherever you have created other user account directories.

    2.

  2. Create the auditor as a User object.

    3.

  3. If the auditor will audit NDS events, assign the auditor the Browse object right for the container objects to be audited.

    4.

  4. Give the auditor trustee rights to the directory you created for the auditor.

    You can grant the auditor the Supervisor trustee right to the directory, or you can assign the auditor all rights but the Supervisor right. Either method produces the same result.

    5.

  5. Map a drive to the directory containing the audit program files.

    6.

  6. If you have not included a search drive mapping to SYS:PUBLIC in the system login script, create a user login script for the auditor and map a drive to this directory.

    7.

  7. Give the auditor the Browse object right and the File Scan directory trustee right to SYS:PUBLIC.

    AUDITCON and Unicode* files are in SYS:PUBLIC unless you have moved them.

    8.

Each auditor also needs rights to the Audit File objects corresponding to the audit trails he or she is responsible for managing. See Controlling Access to Online Audit Data for a definition of the rights needed for audit trail management.


Optional Steps for Increased Auditor Isolation

The administrator can create the auditor User object in any container in the Directory tree. However, for increased isolation from administrative users, you might want to request the administrator to perform the following additional steps.


Procedure

  1. Create a separate NDS container to hold auditor User objects.

    2.

  2. Create an auditor User object who has all rights to the container.

    Subsequently, this auditor will perform all administrative functions (such as adding other auditor User objects, setting rights, and deleting auditor objects) in the auditor container.

    3.

  3. Set an Inherited Rights Filter (IRF) for the auditor container object to filter out all inherited rights.

    This will prevent administrators (other than the auditor created in Step 2) from accessing the auditor container object.

    4.

  4. Enable auditing for the auditor container object.

    The administrator must run AUDITCON to enable auditing. This creates the Audit File object in the tree. The administrator must then give the auditor rights to this object.

    5.

  5. Edit the ACL for the container object to remove the administrator (other than the auditor created in Step 2) as a trustee of the container.

    6.

  6. Edit the ACL for the Audit File object associated with the container to remove the administrator (other than the auditor created in Step 2) as a trustee of the Audit File object.

    7.

These steps help isolate auditor accounts from non-auditor administrative users, but do not protect auditor data from administrative users.



  Previous Page: Auditing in a Client-Server Network  Next Page: Overview of Auditor Responsibilities