× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 1998

Re: Security. Level 40. Audit Journal

At 05:52 PM 12/22/98 -0500, you wrote:
>-----------
>Cyndi Bradberry wrote:
>
>> Stupid security question. We are planning to go to level 40 in January
>with
>> the upgrade to V4R3. I have turned on the audit journal with system value
>of
>> *PGMFAIL. The audit journal only shows entries for our nightly saves.
>> 
>> Does this mean that we are safe in changing the security level?
>----------------------------------------------------------------------------
>----------------------------------------------------------
>
>Here's my stupid question:  How do I turn "ON" the audit journal?
>
 From my System Values pitch on Auditing:
                      



Name:               QAUDCTL                                          V2 R3.0 

Description:        Audit Control
            

IBM Initial Value:  '*NONE' * 
                      Value is a list. 

Length & Type:      Character:  50
            


Valid Values and their Meanings: 
'*NONE'       No auditing occurs.  The system value QAUDLVL is inactive. 

        '*NOQTEMP'    Auditing for most objects in QTEMP is            V3
R6.0 
                      suppressed.  This value can only be specified in 
                      conjunction with *OBJAUD or *AUDLVL. 
'*OBJAUD'     The auditing of objects that have been selected by the Change
Object Audit (CHGOBJAUD) command is done. 
'*AUDLVL'     Auditing changes controlled by the QAUDLVL system value and
on the AUDLVL parameter of individual user profiles.  The audit level for a
user profile is specified by the Change User Audit (CHGUSRAUD) command. 

Comments:           QAUDCTL specifies when object and user level auditing
is active. 
When this value is changed to other than *NONE, the journal QSYS/QAUDJRN
must exist.  When this value is changed to other than *NONE, a journal
entry is sent to QSYS/QAUDJRN to verify the existence of the journal. 
User must have *AUDIT authority to change this system value. 










* When installing V2R3M0, if auditing is active (i.e.:  QAUDLVL is not
*NONE), this system value will be installed as *AUDLVL. 

 


Name:               QAUDLVL                                          V1 R3.0 

Description:        Audit Level
            

IBM Initial Value:  '*NONE' 
                      Value is a list. 

Length & Type:      Character:  160
            


Valid Values and their Meanings:
Effective: 


'*NONE'       No auditing occurs on the system. 
'*SAVRST'     Save restore information is audited. 
'*AUTFAIL'    Authorization failures are audited. 
'*DELETE'     All object deletions are audited. 
'*SECURITY'   All security related functions are audited. 
'*PGMFAIL'    Integrity violations are audited.                  V2 R1.0 
'*CREATE'     Object creates are audited.                        V2 R2.0 
'*OBJMGT'     Object moves and renames are audited.              V2 R2.0 
'*JOBDTA'     Actions that affect a job are logged.              V2 R3.0 
'*OFCSRV'     Changes to the system distribution directory       V2 R3.0 
                      and office mail actions are logged. 
'*PGMADP'     Obtaining authority from a program that adopts     V2 R3.0 
                      authority is logged. 
'*PRTDTA'     Printing (spooled and non-spooled) is logged.      V2 R3.0 
'*SERVICE'    Using service tools is logged.                     V2 R3.0 
'*SPLFDTA'    Actions that affect spooled files are logged.      V2 R3.0 
'*SYSMGT'     Use of system management functions is logged.      V2 R3.0 
'*OPTICAL'    Most optical functions are audited.                V3 R6.0 
'*NETCMN'     Violations detected by APPN security are audited.  V3 R7.0 

Comments:           When this value is changed to other than *NONE, the
journal QSYS/QAUDJRN must exist. 
Prior to implementing level 40 security, while at level 30, you must first
change the system value QAUDLVL to include *PGMFAIL.  This will log (but
will not deny access) security violations under level 40, so that
unsupported interfaces and MI instructions may be identified and corrected
before the system Security Level is changed from 30 to 40. 
A change is effective to this system value immediately for all new job
initiation. 
User must have *AUDIT authority to change this system value. 


Al




+--------------------------------------------------+
| Please do not send private mail to this address. |
| Private mail should go to barsa@ibm.net.         |
+--------------------------------------------------+

Al Barsa, Jr. - Account for Midrange-L
Barsa Consulting, LLC.  
400 > 390

Phone:  914-251-1234
Fax:    914-251-9406
http://www.barsaconsulting.com

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.