|
I wrote some stuff off top of my head from home PC then later at the office/400 realized I had said a few things not quite right ... here are corrections
GO ASSIST select messages to send, put cursor on who you sending message to, F4 prompt and scroll. Ignore the Q-people who are IBM owners of various kinds of 400 objects. You will probably have some other kinds of dummy sign-ons that your Security staff will know about. I figured out what API was being used to get at that GO ASSIST option to send one message to any or all users, and added it to our BPCS user menus so that end users did not need command line authority for the GO ASSIST options.
That is CALL PGM(QSYS/QEZSNDMG) I also put CHGPWD in a CL on one of our menus to encourage change password.
Look at the AS/400 SECURITY Manuals or sign on as the security officer and GO CMDSEC, GO CMDPRF, GO CMDAUT ... there are various different ways you can list all users, with statistics on when they last signed on, how long since they changed their password, what types of 400 security they have. Many of them also have *OUTFILE support. In the short term, inside the window that GO CLEANUP keeps the data, DSPLOG will help you see who signed on in the last few days, and what they sent to JOBQ. You can cursor on lines F1 to see message ids, jot them down, then DSPLOG F4 F10 to second screen and select ONLY text lines of particular message ids that interest you. I have written a CL program to extract just the lines relating to security violations, and other glitches that I want to stay on top of.
CPA1E01 CPF0998 CPF1806 CPF2234 CPF4058 CPF8192 CPF9E72 CPI0964 CPI2203 CPI1449 CPI5970 CPPEA13 MCH1604 I periodically adjust this list as I see other stuff in DSPLOG that I would like to have stand out more clearly that it happened.
I am using Security Auditing, but have not explored all the options available (I have not strayed from my current agenda).
Do you have message queue QSYSMSG?
If you create one, OS/400 will copy there what is now buried in QSYSOPR that IBM considers real serious (listed in the WORK Management Manual) ... you can also go into WRKSYSVAL and designate other message queues for various other types of error messages, such as all that hardware communication connection junk, so as to organize 400 messages by category and make it easier to drill down to the ones you really need to see. More info about this kind of thing in MDRANGE-L archives.
We are using QCFGMSGQ for that.
When matching *OUTFILE with ZSC, be sure to include all BPCS environments. You might also include 400 security officers, because sometimes consultants use 400 security officer to look at BPCS data instead of using the front door of BPCS. Look at everyone who can get into BPCS, not just who is setup to get in. RUNQRY *N then any file name = a quick eyeball at what is in that file ... do that with each of the Z* files ... that is how I found where BPCS stored info on who may access which BPCS User Menu options, from which I constructed Query/400 lists of who has security access to which menus & options. We can always review one menu's security, or the security on one person, but this gave me a big picture for security management.
ZMA has Security-11 data on our menus ... user menu and sequence which I have query/400 to compare which users setup for which menus ZMO has the actual stuff on the menus ... MOTYP EQ 'D' which I have query/400 to check program names are on which menus
Depending on your company policy for cleaning up spool files (ours is DO NOT KILL AUDIT TRAILS UNTIL AFTER YOUR UPDATES HAVE GONE THROUGH BACKUP), the odds are that anyone who recently was doing anything in BPCS other than simple inquiry, has left some evidence of their visitation in the spool file. WRKUSRJOB F4 & explore different options.Hello, Is there a way i can compile a list of all users? or last sign on/active dates? We are on 6.002. and i am new to BPCS. Thank you in advance. Juan Robledo Programmer Analyst ________Al Macintyre BPCS/400 Computer Janitor at http://www.globalwiretechnologies.com/ Al at home http://ryze.org/view.php?who=Al9Mac Find BPCS Documentation Suppliers http://radio.weblogs.com/0107846/stories/2002/11/08/bpcsDocSources.html _______________________________________________ This is the SSA's BPCS ERP System (BPCS-L) mailing list To post a message email: BPCS-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/bpcs-l or email: BPCS-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/bpcs-l.
- Al Macintyre (macwheel99@sigecom.net via Eudora) Al's thoughts http://radio.weblogs.com/0107846/ Al at home http://ryze.org/view.php?who=Al9Mac Cure cancer. http://members.ud.com/about/
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.