× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MI400
  3. October 2001

Re: permanent spaces

Leif,

To start auditing on your system:

probably run CrtJrnRcv to create a journal receiver
CrtJrn Qsys/qaudjrn
ChgSysVal QAudLvl Value(*Create *SavRst *Delete *Security *Service ...)
ChgSysVal QAudCtl Value(*AudLvl)

Then create a space using either method.

Use DspJrn QAudJrn to display the entries in the journal.

Report back here with results, I am curious to know what you find out.

( every stmt is a guess, but I am really, really sure that the above steps are 
in the ballpark )

-Steve



---------- Original Message ----------------------------------
From: "Leif Svalgaard" <leif@leif.org>
Reply-To: mi400@midrange.com
Date: Sat, 20 Oct 2001 19:31:44 -0500

>Journaling is at the MI-interface, so why wouldn't CRTS create an journal
>entry?.
>(I could be wrong, but I think not). How about many other objects created at
>the
>MI, aren't they journaled?
>[journaling is not something I have studied, so I want to be educated, but
>not
>with guesses :-) ]
>
>
>----- Original Message -----
>From: srichter <srichter@mail.autocoder.com>
>To: <mi400@midrange.com>
>Sent: Saturday, October 20, 2001 6:58 PM
>Subject: Re: [MI400] permanent spaces
>
>
>> Leif,
>>
>> An informed guess ...
>>
>> I assume you mean creating spaces using the CRTS instruction, since
>QUSCRTUS works at all security levels.
>>
>> The restricted use of CRTS at sec 40+ enables the logging of all object
>creates in the security audit journal. QUSCRTUS logs in the audit journal.
>CRTS does not.
>>
>> -Steve Richter
>>
>>
>> ---------- Original Message ----------------------------------
>> From: "Leif Svalgaard" <leif@leif.org>
>> Reply-To: mi400@midrange.com
>> Date: Sat, 20 Oct 2001 18:42:21 -0500
>>
>> >can't be as that would pertain to ANY permanent object then.
>> >Furthermore the authority bits are no longer in the pointer.
>> >
>> >----- Original Message -----
>> >From: Steve Glanstein <mic@aloha.com>
>> >To: <mi400@midrange.com>
>> >Cc: Leif Svalgaard <leif@leif.org>
>> >Sent: Saturday, October 20, 2001 4:18 PM
>> >Subject: RE: [MI400] permanent spaces
>> >
>> >
>> >> I think it has something to do with the fact that the DOD standards for
>C2
>> >> security require complete auditing of security authority, including its
>> >> transfer between users.
>> >>
>> >> Security authority is in the pointer. Therefore the creation of
>permanent
>> >> space objects would violate this principle.
>> >>
>> >> Steve Glanstein
>> >> mic@aloha.com
>> >>
>> >>
>> >> > -----Original Message-----
>> >> > From: mi400-admin@midrange.com [mailto:mi400-admin@midrange.com]On
>> >> > Behalf Of Leif Svalgaard
>> >> > Sent: Saturday, October 20, 2001 8:52 AM
>> >> > To: MI400 List
>> >> > Subject: [MI400] permanent spaces
>> >> >
>> >> >
>> >> > While we are the subject of spaces. why is it that permanent space
>> >> > objects cannot be created by user state programs when the security
>> >> > level is 40 or above?  where is the security breach?
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > This is the MI Programming on the AS400 / iSeries (MI400) mailing list
>> >> > To post a message email: MI400@midrange.com
>> >> > To subscribe, unsubscribe, or change list options,
>> >> > visit: http://lists.midrange.com/cgi-bin/listinfo/mi400
>> >> > or email: MI400-request@midrange.com
>> >> > Before posting, please take a moment to review the archives
>> >> > at http://archive.midrange.com/mi400.
>> >> >
>> >> >
>> >>
>> >
>> >_______________________________________________
>> >This is the MI Programming on the AS400 / iSeries (MI400) mailing list
>> >To post a message email: MI400@midrange.com
>> >To subscribe, unsubscribe, or change list options,
>> >visit: http://lists.midrange.com/cgi-bin/listinfo/mi400
>> >or email: MI400-request@midrange.com
>> >Before posting, please take a moment to review the archives
>> >at http://archive.midrange.com/mi400.
>> >
>> >
>> _______________________________________________
>> This is the MI Programming on the AS400 / iSeries (MI400) mailing list
>> To post a message email: MI400@midrange.com
>> To subscribe, unsubscribe, or change list options,
>> visit: http://lists.midrange.com/cgi-bin/listinfo/mi400
>> or email: MI400-request@midrange.com
>> Before posting, please take a moment to review the archives
>> at http://archive.midrange.com/mi400.
>>
>
>_______________________________________________
>This is the MI Programming on the AS400 / iSeries (MI400) mailing list
>To post a message email: MI400@midrange.com
>To subscribe, unsubscribe, or change list options,
>visit: http://lists.midrange.com/cgi-bin/listinfo/mi400
>or email: MI400-request@midrange.com
>Before posting, please take a moment to review the archives
>at http://archive.midrange.com/mi400.
>
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.