HP OpenVMS Guide to System Security: OpenVMS Version 8.4 > Chapter 12 Securing a Cluster

Storing Profiles and Auditing Information

The audit server creates and maintains the security elements of clusterwide objects in a database called VMS$OBJECTS.DAT, located in SYS$COMMON:[SYSEXE]. You should ensure that the object database is present on each node in the cluster by specifying a file name that resolves to the same file through the cluster, not to a file that is unique to each node.

To reestablish the logical name after each system boot, define the logical in SYSECURITY.COM. The command procedure SYSECURITY.COM has to be defined before the audit server starts up.

The object database contains the following information:

  • Audit and alarm settings for all objects, established through the DCL command SET AUDIT

  • Template profiles for all security profiles, as described in “Descriptions of Object Classes”Chapter 5

  • Security profiles for all resource domain objects, all security class objects, and all cluster-visible devices (see “Protecting Objects”)

This database is updated whenever characteristics are modified, and the information is distributed so that all nodes participating in the cluster share a common view of the objects.

You cannot change security profiles or create protected objects when the object server is absent and cannot update the cluster database VMS$OBJECTS.DAT. However, you can modify the system parameter SECURITY_POLICY to allow security profile changes to protected objects on a local node (bit 4) or the creation of protected objects on a local node (bit 5).