home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!cs.utexas.edu!swrinde!gatech!news.byu.edu!hamblin.math.byu.edu!arizona.edu!east.pima.edu!rharwood
- Newsgroups: vmsnet.sysmgt
- Subject: Another security awareness "device"
- Message-ID: <1992Dec23.091221.1@east.pima.edu>
- From: rharwood@east.pima.edu
- Date: 23 Dec 92 09:12:21 MST
- Lines: 25
-
- I've received many requests for my SECAUDIT.COM procedure to monitor LOGFAILs
- and BREAKINs detected by the AUDIT server, and I'm sure some folks have ftp'ed
- the file, too.
-
- Another security-monitoring "device" I use is a simple report generated every
- evening of who has logged on the day before. This way, I have some idea of the
- "normal" usage patterns, and can more easily detect anything unusual. I've not
- made that procedure very elaborate, so it's included here (slightly modified).
- It reports the amount of CPU time and the "number of accounting records" for
- each user-ID. Note that some CPU times will be zero (for accounts which only
- print files, for instance), and that login failures also get thrown into the
- counts.
-
- $ submit account.com /after="tomorrow+0:30" ! Run again at midnight:30
- $ set proc/priv=byp ! Get read access to accountng.dat
- $ account/since=yesterday/summary/report=(process,records)/out=account.lis
- $ mail account.lis rharwood/subj="Daily CPU Usage"/pers="Batch Job ACCOUNT"
-
- BTW, I use these files on all my client's machines, plus my own... for anyone
- who thinks it's too much trouble to do for just *one* machine! <grin>
- -----
- Ray Harwood |Data Basix |Adjunct Faculty, East Campus,
- Voice: (602)721-1988 |PO Box 18324 | Pima Community College
- FAX: (602)721-7240 |Tucson, AZ 85731 |Instructor in Ada and Pascal
- CompuServe: 76645,1370|AppleLink: DATA.BASIX|Internet: rharwood@east.pima.edu
-
