Use the JOURNAL command to display or clear information about invalid password conditions for a specific user ID or terminal.
To list current journal information:
JOURNAL {LIST | LISTPSWD } ["Parms"]
Parms:
[{userid1 | termaddr} [command [userid2 [vaddr]]]
To reset journal entries:
JOURNAL RESET {userid1 | termaddr} command [userid2 [vaddr]]
Displays current journal information. If you do not specify any variables, the command lists all journal information. If you specify any variables, the command lists only journal entries that contain the specified values, formatted to match the order of the specified variables. The display includes the number of times a particular activity occurred.
Displays the same journal information that the LIST parameter displays and invalid passwords if CA VM:Secure was initialized with the AUDINV startup parameter.
Removes any journal entries that exactly match the specified variables.
Specifies a user ID for which to review or reset invalid passwords.
Specifies a terminal address for which to review or reset invalid passwords. For more information about terminal addresses, see Terminal Addresses.
Possible values for termaddr are:
|
termaddr |
Meaning |
|---|---|
|
nnnn |
Address of a real terminal device, represented by four hexadecimal digits. (Example: 0024) |
|
Lnnnn |
Address of a logical device, represented by an L and four hexadecimal digits. (Example: L0123) |
|
nnn.nnn.nnn.nnn |
Address of a TN3270 connected terminal, represented by the standard dotted IPv4 address form. (Example: 10.0.89.51) |
|
nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn |
Address of an IPv6 TN3270 connected terminal, represented by a standard IPv6 address. |
|
nnnnnnnn |
Address of an SNA or VTAM logical unit name, represented by up to eight characters. (Example: WEST0016) |
|
nnnn |
Address of a remote 3270 line or terminal, represented by four characters. (Example: 0166) |
Specifies a command for which to check for the invalid password attempts, as follows:
|
Values for command |
Checks for |
|---|---|
|
AUTOLOG |
Invalid logon passwords were entered while autologging a virtual machine |
|
DIAL |
Invalid DIAL passwords were entered while dialing to a user ID |
|
LINK |
Invalid link passwords were entered while linking to a minidisk |
|
LOGON |
Invalid logon passwords were entered while logging on to the system |
|
LOGONBY |
Invalid logon passwords were entered while using the LOGONBY Facility or the CP LOGON BY command |
|
VALIDATE |
Invalid logon password phrases were entered while using DIAGNOSE X’88’ subcode X’08’ or DIAGNOSE X’A0’ Subcode X’04’. If a password check fails while changing a password with Diagnose X’A0’ Subcode X’60’, VALIDATE journal entries are created. |
|
VMXLINK |
Invalid link passwords were entered from the User Selection Screen option Define a Link to Another User’s Minidisk |
|
VMXLOGON |
Invalid logon passwords were entered while issuing CA VM:Secure commands or CP commands governed by rules with the LOGPASS option |
|
XAUTOLOG |
Invalid logon passwords were entered during AUTOLOG or XAUTOLOG command processing. |
Specifies the target user ID for command.
Specifies the target virtual address for command.
CA VM:Secure creates journal entries when it detects a user entering an invalid password. If the number of consecutive invalid attempts exceeds the limit specified on the JOURNAL record in the SECURITY CONFIG file, CA VM:Secure prevents further attempts until the JOURNAL RESET command is issued. CA VM:Secure automatically resets journal counters when the password is correctly entered.
When the Rules Facility is installed, CA VM:Secure handles consecutive invalid AUTOLOG, XAUTOLOG, or LINK attempts differently. If the number of invalid tries exceeds the maximum limit specified on the JOURNAL record, CA VM:Secure clears the journal counter and creates a rule for the target user ID, preventing further attempts from the requesting user ID.
If the Rules Facility is not implemented, the JOURNAL command only monitors the LOGON command by displaying or resetting invalid logon passwords entered while issuing CA VM:Secure commands (VMXLOGON) and invalid link passwords entered from the User Selection screen option, Define a Link to Another User’s Minidisk (VMXLINK).
|
Copyright © 2014 CA.
All rights reserved.
|
|