/ENABLE=(keyword[,...])
Enables alarms or audits for the specified events. To enable all
system events and file access events, specify the keyword ALL.
You must specify at least one keyword. You must also specify
either the /ALARM or /AUDIT qualifier, or both, when you use the
/ENABLE qualifier.
The keywords that you can specify with either the /ENABLE or the
/DISABLE qualifier are as follows:
Keyword Description
ACCESS=(condition Specifies access events for all objects in
a class. (To audit a single object, use an
[:access[,...]] auditing ACE and enable the access control list
[,...]) (ACL) category.)
HP recommends that when you enable auditing
conditionally, you enable it for all possible
forms of access because the system can check
access rights at several points during an
operation. (For example, a FAILURE might occur
on a read or write access check.)
See the HP OpenVMS Guide to System Security for
information about the various types of access
permitted on each class. (For example, the
Access keyword, CREATE, is not defined for FILE
objects.)
Condition Description
Keyword
ALL All object access
BYPASS Successful object access due to
the use of the BYPASS privilege
FAILURE Unsuccessful object access
GRPPRV Successful object access due to
the use of the group privilege
(GRPPRV)
READALL Successful object access due to
the use of the READALL privilege
SUCCESS Successful object access
SYSPRV Successful object access due to
the use of the system privilege
(SYSPRV)
Access Description
Keyword
ALL All types of access
ASSOCIATE Associate access
CONTROL Control access to examine or
change security characteristics
CREATE Create access. To audit create
events for files, use the CREATE
keyword.
DELETE Delete access
EXECUTE Execute access
LOCK Lock access
LOGICAL Logical I/O access
MANAGE Manage access
PHYSICAL Physical I/O access
READ Read access
SUBMIT Submit access
WRITE Write access
ACL Specifies an event requested by an audit or
alarm ACE in the access control list (ACL) of
an object. To audit all objects of a class, use
the ACCESS keyword.
ALL Specifies all system events and file access
events. It does not enable access events for
object classes other than FILE.
AUDIT=keyword Specifies events within the auditing subsystem.
Only one keyword is currently defined.
Keyword Description
ILLFORMED Specifies illformed events from
internal calls (identified by
NSA$M_INTERNAL) to $AUDIT_
EVENT, $CHECK_PRIVILEGE,
$CHKPRO, or $CHECK_ACCESS system
services. An illformed event
is caused by an incomplete or
syntactically incorrect argument
being supplied to one of these
system services by a piece of
privileged code.
AUTHORIZATION Specifies the modification of any portion of
the system user authorization file (SYSUAF),
network proxy authorization file (NETPROXY),
or the rights list (RIGHTLIST) (including
password changes made through the AUTHORIZE,
SET PASSWORD, or LOGINOUT commands or the
$SETUAI system service).
BREAKIN=(keyword Specifies the occurrence of one or more classes
[,...]) of break-in attempts, as specified by one or
more of the following keywords:
ALL
DETACHED
DIALUP
LOCAL
NETWORK
REMOTE
CONNECTION Specifies a logical link connection or
termination through DECnet-Plus, DECnet Phase
IV, DECwindows, $IPC, or SYSMAN.
CREATE Specifies the creation of an object. Requires
the /CLASS qualifier if it is not a file.
DEACCESS Specifies deaccess from an object. Requires the
/CLASS qualifier if it is not a file.
DELETE Specifies the deletion of an object. Requires
the /CLASS=DEVICE qualifier.
FILE_ACCESS= This keyword is obsolete and is superseded
(keyword[,...]) by the ACCESS keyword, which is valid on all
OpenVMS Version 6.1 or higher systems. On
Alpha, this keyword specifies the occurrence
of file and global section access events
(regardless of the value given in the object's
access control list [ACL], if any).
IDENTIFIER Specifies that the use of identifiers as
privileges should be audited. For further
information, see the HP OpenVMS Guide to System
Security.
INSTALL Specifies modifications made to the known file
list through the INSTALL utility.
LOGFAILURE= Specifies the occurrence of one or more
(keyword[,...]) classes of login failures, as specified by
the following keywords:
ALL All possible types of login
failures
BATCH Batch process login failure
DETACHED Detached process login failure
DIALUP Dialup interactive login failure
LOCAL Local interactive login failure
NETWORK Network server task login
failure
REMOTE Interactive login failure
from another network node, for
example, with a SET HOST command
SERVER Server or TCB-based login
failure.
SUBPROCESS Subprocess login failure
LOGIN= Specifies the occurrence of one or more
(keyword[,...]) classes of login attempts, as specified by the
following keywords. See the LOGFAILURE keyword
for further description.
ALL BATCH
DETACHED DIALUP
LOCAL NETWORK
REMOTE SERVER
SUBPROCESS
LOGOUT= Specifies the occurrence of one or more classes
(keyword[,...]) of logouts, as specified by the following
keywords. See the LOGFAILURE keyword for
further description.
ALL BATCH
DETACHED DIALUP
LOCAL NETWORK
REMOTE SERVER
SUBPROCESS
MOUNT Specifies a mount or dismount operation.
NCP Specifies access to the network configuration
database, using the network control program
(NCP).
PRIVILEGE= Specifies successful or unsuccessful use
(keyword[,...]) of privilege, as specified by the following
keywords:
FAILURE [:privilege(,...)] - Unsuccessful
use of privilege
SUCCESS [:privilege(,...)] - Successful use
of privilege
For a listing of privileges, see the
online help for the DCL command SET
PROCESS/PRIVILEGES.
PROCESS= Specifies the use of one or more of the process
(keyword[,...]) control system services, as specified by the
following keywords:
ALL Use of any of the process
control system services
CREPRC All use of $CREPRC
DELPRC All use of $DELPRC
SCHDWK Privileged use of $SCHDWK
CANWAK Privileged use of $CANWAK
WAKE Privileged use of $WAKE
SUSPND Privileged use of $SUSPND
RESUME Privileged use of $RESUME
GRANTID Privileged use of $GRANTID
REVOKID Privileged use of $REVOKID
GETJPI Privileged use of $GETJPI
FORCEX Privileged use of $FORCEX
SETPRI Privileged use of $SETPRI
Privileged use of a process control system
service means the caller used GROUP or WORLD
privilege to affect the target process.
SYSGEN Specifies the modification of a system
parameter with the OpenVMS System Generation
utility.
TIME Specifies the modification of system time.