| Title: | VAX and Alpha VMS |
| Notice: | This is a new VMSnotes, please read note 2.1 |
| Moderator: | VAXAXP::BERNARDO |
| Created: | Wed Jan 22 1997 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 703 |
| Total number of notes: | 3722 |
A customer has a non-privledged restricted and captive user coming in
via a x.25 link through a Datability server and receiving the following
message:
Security alarm (SECURITY) and security audit (SECURITY) on BUR, system
id:
1055
Auditable event: Local interactive breakin detection
Event time: 3-JAN-1997 09:25:29.89
PID: 20409906
Process name: _LTA7397:
Username: RAMC26
Password: <none>
Terminal name: LTA7397, _LTA7397, DB_CSX7100/PORT_2
Status: %SYSTEM-S-NORMAL, normal successful
completion
Why are the security alarm "Local interactive breakin detection" and
a "%SYSTEM-S-NORMAL, normal successful" being generated?
Michael
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 242.1 | AUSS::GARSON | DECcharity Program Office | Mon Feb 24 1997 19:02 | 7 | |
re .0
What does $ SHOW INTRU give?
Is the user getting the password wrong?
What are the LGI SYSGEN parameters set at?
| |||||
| 242.2 | * Sucessful denial to intruder w/correct authentication * | CSC32::L_SOBCZYNSKI | Wed Feb 26 1997 07:11 | 12 | |
Michael,
***reason*** user had migrated from suspect to intruder based on the
LGI parameter setting. the SYSTEM-S-NORMAL in the Audit is stating
that user had entered the correct password, however since the user
status is that of INTRUDER, the user is denied login.
Cheers
Co-Authored
N & L
| |||||