× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2005

Re: DSPAUDJRNE AF

BKUSA_QSECOFR wrote on 06/07/2005 04:53:41 PM:

> Can anyone tell me how to interpret this security audit ?  This is a
> DSPAUDJRNE for AF.
>
>  Line   ....+....1....+....2....+....3....+....4....+....5....+....6...
>           Violation User       Object     Library    Object   Office
>           type      profile    name       name       type     user
>
>  000579 AF    A     JFENNELL   QSECOFR    QSYS       *USRPRF
>  000580 AF    A     JFENNELL   QSECOFR    QSYS       *USRPRF
>  000581 AF    A     JFENNELL   QSECOFR    QSYS       *USRPRF
>  000582 AF    A     JFENNELL   QSECOFR    QSYS       *USRPRF
>  000583 AF    A     DBUTERA    *N         *N         *DIR
>  000584 AF    A     DBUTERA    *N         *N         *DIR
>  000585 AF    A     DBUTERA    QSECOFR    QSYS       *USRPRF
>  000586 AF    A     DBUTERA    QSECOFR    QSYS       *USRPRF
>  000587 AF    A     DBUTERA    QSECOFR    QSYS       *USRPRF
>  000588 AF    A     DBUTERA    QSECOFR    QSYS       *USRPRF
>  000589 AF    A     DBUTERA    *N         *N         *DIR
>  000590 AF    A     DBUTERA    *N         *N         *DIR
>  000591 AF    A     DBUTERA    QSECOFR    QSYS       *USRPRF
>  000592 AF    A     DBUTERA    QSECOFR    QSYS       *USRPRF
>  000593 AF    A     DBUTERA    QSECOFR    QSYS       *USRPRF
>  000594 AF    A     DBUTERA    QSECOFR    QSYS       *USRPRF
>  000595 AF    A     DBUTERA    *N         *N         *DIR

BKUSA_QSECOFR wrote on 06/08/2005 02:01:54 PM:

> If I am interpreting this correctly, the below users are in
> violation of trying to access Qsecofr.
>  Is this correct ?
>         AF    A     JRYAN  QSECOFR    QSYS       *USRPRF
>         AF    A     JRYAN  QSECOFR    QSYS       *USRPRF

You may be correct. But, based on the pattern shown in your first note, and
the fact that multiple users are involved, I think it is also possible that
some program these people are using is attempting to do something with
QSECOFR and monitoring for errors and continuing. Perhaps the program is
trying to get a profile handle or perhaps it is trying to do something
else.

It is very hard to make a determination of the problem by using the limited
information provided by DSPAUDJRNE. I suggest a better way to look at
security audit data by using DSPJRN in this article:
http://tinyurl.com/bnguo (Note: I got the URL from Steve Landess after I
messed up a much longer URL last month.) Some fields that may be helpful
are the Job Name, Program Name, and Program Library fields at offsets 640
through 685 of the QASYAFJ5 output file.

As someone else suggested, it may also be necessary to look at the job logs
of the jobs that caused the AF audit records.

Ed Fishel,
edfishel@xxxxxxxxxx

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.