HP OpenVMS Systems Documentation
OpenVMS User's Manual
19.6.2 Events That Can Trigger Security Alarms
In the following example, assume you decide to audit the file CONFIDREVIEW.MEM. If user ABADGUY accesses CONFIDREVIEW.MEM and has delete access, the following audit record is written to the system security audit log file.
The auditing message reveals the name of the perpetrator, the method of
access (successful deletion accomplished by using the program
[SYSEXE]DELETE.EXE), time of access (9:21 A.M.), and the use of a
privilege (SYSPRV) to gain access to the file. With this information,
the security administrator can take action.
Security audit messages are written to the security audit log file every time any file is accessed and meets the conditions specified in the audit entry of the ACL for that file (see Section 19.6.4). Access to the file CONFIDREVIEW.MEM, as well as access to any file on the system that is protected with security auditing, prompts an audit record to be written to the security audit log file.
After auditing has been introduced, check with your security
administrator periodically to see if any additional break-ins have
If you have key files that might have been accessed improperly, you might want to develop a strategy with your security administrator to audit access to the files.
Once you review the situation and ensure that you have done everything possible to protect your files with standard protection codes and general ACLs (described in the OpenVMS Guide to System Security), you may conclude that security auditing is required.
To specify security auditing, you can add special access control entries (ACEs) to files you own or to which you have control access. Keep in mind, however, that the audit log file is a systemwide mechanism, so Compaq recommends that a site security administrator control the use of file auditing. Although you can add auditing ACEs to files over which you have control, the security administrator has to enable auditing of files on a system level.
If you suspect break-in attempts to your account, the security administrator may temporarily enable auditing for all file access. The security administrator can also enable auditing to monitor read access to your files to catch file browsers.
An access violation of one file frequently indicates access problems with other files. Therefore, the security administrator may need to monitor access to all key files having security-auditing ACEs. When undesired access is gained to key files, the security administrator must take immediate action.
In the following example, user RWOODS and his security administrator concur that they must know when a highly confidential file, CONFIDREVIEW.MEM, is being accessed, so RWOODS adds an entry to the existing ACL for the file CONFIDREVIEW.MEM:
DEFINE KEY [=key-name] command
The elements are as follows:
|key-name||The key to be defined|
|command||The command you assign to the key|
For example, the following command assigns the MOVE BY WORD command to keypad key 1 (KP1):
Command: DEFINE KEY=KP1 MOVE BY WORD
The following command assigns the FILL command to Ctrl/F:
Command: DEFINE KEY=Ctrl/F FILL
You can use one of three different separators when specifying key names: an underscore (_), a dash (--), or a slash (/). For example, the Ctrl/F key can be specified as Ctrl_F, Ctrl--F, or Ctrl/F.
To use the DEFINE KEY command and let EVE prompt you, invoke EVE, then press the Do key and enter the DEFINE KEY command, as follows:
[End of file] Buffer: MAIN | Write | Insert | Forward Command: DEFINE KEY
Type the EVE command you want to assign to a key and press the Return key.
[End of file] Buffer: MAIN | Write | Insert | Forward EVE command: START OF LINE
Press the key to be associated with the EVE command.
[End of file] Buffer: MAIN | Write | Insert | Forward Press the key you want to define: [F20]
The message "Key defined" appears if you have successfully defined a key.
Another way to assign EVE commands to keys is to create an initialization file. You can define keys and set the characteristics of an editing session in the initialization file. The file contains EVE commands and key definitions, and is executed when you invoke EVE. Use the syntax given in this section to put DEFINE KEY commands in the file. For more information about initialization files, see the online help topic called Initialization Files.
To remove a key definition, use the UNDEFINE KEY command.
Section A.1.8 contains more examples of defining keys to execute EVE commands.
You can type the name of a key as a parameter for the DEFINE KEY, SET GOLD KEY, SHOW KEY, and UNDEFINE KEY commands. EVE key names are generally the same as the labels on the keys---you can specify them by their labels as well as by their positional number on one of the keypads. For example, the 7 on the numeric keypad is named KP7 and the keys on the minikeypad are named E1 to E6.
You can abbreviate key names as long as your abbreviation is not ambiguous. For example, G Rem is a valid abbreviation for GOLD Remove and G R is an abbreviation for GOLD R. The case of letters does not matter in a key definition.
You can specify control keys by using Ctrl, Control, or the circumflex character (^). For example, Ctrl/A, Control/A, and ^A are the same. For a list of the control keys defined by EVE, see the EVE online help topic called Control Keys.
In specifying control keys or GOLD key sequences, use a dash (--), slash (/), or underscore (_) as a delimiter in the key name (for example, GOLD-F20, Alt/A, or Ctrl_N.) Thus, in an initialization file, you can use commands with typed key names such as the following:
DEFINE KEY= Ctrl/P MOVE BY PAGE DEFINE KEY= GOLD-N NEXT BUFFER DEFINE KEY= KP7 CENTER LINE SET GOLD KEY F17
Some EVE key names are different from key names that you use in DECTPU command files, as shown in Section A.1.4.
|In EVE Commands||In DECTPU Procedures|
|GOLD A||KEY_NAME (A, SHIFT_KEY)|
|GOLD MINUS||KEY_NAME (MINUS, SHIFT_KEY)|
|SHIFT/F14||KEY_NAME (F14, SHIFT_MODIFIED)|
A.1.5 EVE Key Names
The following table lists EVE key names and the key labels on the
keyboard or keypads. Some keys may not appear on some terminals. (For
example, VT100 series terminals do not have the F1 to F20 keys. VT200,
VT300, and VT400 series terminals do not have Backspace and line-feed
keys.) Do not use these key names in DECTPU built-in procedures. (Refer
to the table "Keywords Used for Key Names" in the Guide
to the DEC Text Processing Utility for the correct keywords to use
in DECTPU built-in procedures.)
|F7 ... F20||F7 ... F20|
|Help||HELP or F15|
|Do||DO or F16|
|Find||FIND or E1|
|Insert Here||INSERT_HERE or E2|
|Remove||REMOVE or E3|
|Select||SELECT or E4|
|Prev Screen||PREV_SCREEN or E5|
|Next Screen||NEXT_SCREEN or E6|
|Up arrow key||UP|
|Left arrow key||LEFT|
|Down arrow key||DOWN|
|Right arrow key||RIGHT|
|PF1 ... PF4||PF1 ... PF4|
|0 ... 9 (numeric keypad)||KP0 ... KP9|
|-- (numeric keypad)||MINUS|
|. (numeric keypad)||PERIOD|
|, (numeric keypad)||COMMA|
|< X| or Delete||DELETE|
|Tab or TAB||TAB or Ctrl/I|
|Backspace||BS or Ctrl/H|
|Line-feed||LF or Ctrl/J|
A.1.6 Undefinable Keys
You cannot define any of the following keys:
F1 to F6In addition, EVE does not let you define typing keys on the main keyboard (except in combination with a modifier), a key defined as DO if it is the only key defined as DO or the key currently set as GOLD, if any.
Ctrl (by itself)
Return or Ctrl/M
Escape or Ctrl/[
Lock or Caps Lock
Compaq recommends that you do not define the following keys and control keys. You can define these control keys, but you cannot execute them unless you set terminal characteristics in special ways.
If you redefine Ctrl/B or Ctrl/R, you should define other keys as
RECALL and REMEMBER, respectively, because you can execute those
commands only by pressing a key.
A.1.8 Defining the GOLD Key
You can assign two definitions to the same editing key if you create a GOLD key. Invoke one key definition by pressing the editing key. Invoke the other key definition by first pressing the GOLD key and then pressing the editing key.
To define a GOLD key, enter the SET GOLD KEY command and press the key you want to use as the GOLD key. When you successfully define the key, the message "GOLD key set." appears in the Messages buffer. EVE does not have a default GOLD key.
After you create a GOLD key, you can use the GOLD key definitions supplied by EVE. To see a diagram of these key definitions, enter the command HELP KEYPAD. The GOLD key definitions appear in the display in reverse video.
If you press the GOLD key by mistake, press the Select key to cancel
it. Use the SAVE ATTRIBUTES command or the SAVE EXTENDED EVE command to
save key definitions from one editing session to the next.
A.1.8.1 GOLD Key Combinations
The following table lists the GOLD key combinations on the EVE keypad and the definitions associated with them:
|GOLD F13||Restore Word (except with the WPS keypad)|
|GOLD Help||Help keys|
|GOLD Find||Wildcard Find|
|GOLD Insert Here||Restore|
|GOLD Remove||Store Text|
|GOLD Prev Screen||Previous Window|
|GOLD Next Screen||Next Window|
|GOLD up arrow key||Top|
|GOLD down arrow key||Bottom|
|GOLD left arrow key||Start of Line|
|GOLD right arrow key||End of Line|
You can also use the GOLD key to create your own key definitions. This tutorial demonstrates how to define a GOLD key and assign two commands to a single key. The tutorial defines the 4 key on the numeric keypad as the GOLD key and then assigns the BOTTOM and TOP commands to the Ctrl/G key. Thus, pressing Ctrl/G alone enters the BOTTOM command and pressing the GOLD key followed by Ctrl/G enters the TOP command.
To define a GOLD key and the bottom and top keys, follow these steps:
Define the GOLD key:
Define the bottom key:
Define the GOLD Ctrl/G key as the top key:
For the rest of your editing session, when you press Ctrl/G, EVE
executes the BOTTOM command. When you press the GOLD key (4 on the
numeric keypad) followed by Ctrl/G, EVE executes the TOP command.
A.1.8.2 Removing GOLD Keys
You cannot define more than one GOLD key at a time. To remove a GOLD key definition, enter the SET NOGOLD KEY command, then press the key you want to undefine. You can also define another GOLD key, which removes the original GOLD key.