Re: Trusted Hosts facility implementation frustration

Doug McAllister@Fidelity Investments wrote:
After attempting to read the Trusted Hosts manual and going in several
loops with all of the circular references in the documentastion, I am
ready to retire.
Does anyone have any "readable" documentation with EXAMPLES on how to
implement the Trusted Hosts Facility? Especially what the config files
look like.

'Trusted Hosts' isn't recognizable - but I guess you are looking for information about auditing and find the 'Trusted Facility' manual too inscrutable?

What are you seeking to audit?

Do you need formal role separation - the DBSSO can't see what the AAO can see and vice versa - or is group informix going to handle both roles?

Which platform? Which version of IDS? It doesn't make a lot of difference, but it is always a help to know. (For example, enabling role separation on Windows is a re-install; it is not on Unix.)

Potted guide - working mostly from memory, assuming no role separation:

onaudit -l 7 -p /usr/informix/tmp -s 102400 -e 3
onaudit -a -u _exclude -e +INRW,UPRW,DLRW,RDRW
onaudit -a -u _require -e +CRTB,DRTB,ACTB,STSN


The first command turns on auditing, placing the logs in /usr/informix/tmp, setting the file size to 100KB, stopping the server if there is an error, and auditing user informix as well as everyone else.

The second ensures that the row-level operations are never audited.

The third demands that create table, drop table, access table and start session are audited for everyone.

--
Jonathan Leffler #include <disclaimer.h>
Email: jleffler@xxxxxxxxxxxxx, jleffler@xxxxxxxxxx
Guardian of DBD::Informix v2005.02 -- http://dbi.perl.org/
.

Relevant Pages

  • Re: Trusted Hosts facility implementation frustration
    ... information about auditing and find the 'Trusted Facility' manual too ... Do you need formal role separation - the DBSSO can't see what the AAO ... can see and vice versa - or is group informix going to handle both roles? ... Consequently, you are most likely to need to use some variant of triggers, as suggested by David. ...
    (comp.databases.informix)
  • Re: Trusted Hosts facility implementation frustration
    ... I need to audit a particular column in a particular table and need to ... implement the Trusted Hosts Facility? ... Do you need formal role separation - the DBSSO can't see what the AAO ... can see and vice versa - or is group informix going to handle both roles? ...
    (comp.databases.informix)
  • Re: DBSECADM question with Label-Based Access Control (v11)
    ... "You cannot grant DBSECADM to a role or to yourself." ... However, in my testing with v11, I was able (as user informix) to ... It does seem to violate the role separation ... I haven't test it but the DBSECADM is a role that can only be granted by a DBSA as the same chapter says. ...
    (comp.databases.informix)