FERRET is the tool you've always wanted for managing your UAF. Besides many security related features, Ferret allows you to easily make mass changes to your UAF and includes a report generator with a powerful selection criteria interface.
UAF Security Features
Ferret automatically detects changes in your UAF and notifies your site's security manager.
Ferret reports when accounts such as FIELD or SYSTEST are not DISUSERSED.
Ferret reports accounts that have been inactive for a user specified length of time.
Ferret reports users with poor passwords.
Ferret shows you accounts that have never logged in.
Ferret has various pre-formatted reports (Login times, flags, privilges, etc) that allow you to easily analyze your UAF.
Ferret detects incorrect file protections on your UAF.
Ferret reports users that have excessive login failures.
UAF Reporting Features
Ferret comes with various pre-formatted reports to allow security and system managers to easily analyze their systems.
Ferret has a report generator that allows you to create reports with any fields in the UAF.
Ferret allows you to enter almost any selection criteria for any report.
UAF Management Features
Ferret allows you to use selection criteria to change multiple accounts with one command.
Ferret allows you to copy accounts from one UAF to another.
Ferret allows you to compare two UAF files and report the differences.
New Features in Version 4.0 and Version 4.1
A /IDENTIFIER qualifier has been added. Now you can use identifiers as selection criteria when generating FERRET reports. Use this qualifier when making mass changes to the User Authorization File with FERRET to only modify users that hold a particular identifier.
Users can now specify which privileges are considered ELEVATED for reporting purposes. The file FERRET_ELEVATED.DAT in the FERRET_DAT contains a list of privileges considered ELEVATED. To direct FERRET to a different file users can define a system logical FERRET_ELEVATED.
An Identifier report has been added to FERRET. This report shows identifiers and all the users that hold them. It is formatted the opposite of the current AUTHORIZE report that shows users and the identifiers they hold. Use the /IDENTIFIER qualifier to limit the identifiers shown in the report.
Users can now include identifiers in the output of a row-based reported. We added an Identifier keyword to the /LIST qualifier to support this. The list item "identifiers" CANNOT be included in column-based reports.
The FERRET_PASSWORD.DAT file FERRET uses to check for bad passwords can now handle up to 5,000 passwords.
Users can now control what checks the FERRET Audit report makes; previously FERRET made all checks every time you ran the report. Using /EXCLUDE and specifying any combination of PASSWORD, LOGFAIL, DISUSER, LOGIN, UIC, EXPIRED, PRIORITY and FILE. By default the FERRET Audit report still makes all checks.
Support has been added to FERRET for the new AUDIT and IMPORT privileges. These privileges are new eith OpenVMS 6.1. They have no meaning on systems running earlier versions of OpenVMS.
The daily and monthly audit batch jobs have had a check for elevated privileges added to them. This check is commented out, by default, but included as an example.
The ability to sort list reports on almost any test or numeric value in the UAF record has been added. Sorts maybe in ascending or descending order.
A new utility has been added to help copy identifiers from one node to another.