|
midrange.com
What we are looking at doing is setting up a very simple audit journal to
satisfy some basic requests from our auditors. We're looking to keep it
very low impact in terms of DASD so that we can basically keep one receiver
in place for a LONG time without having to change receivers and take them
to offline media. What i'm finding is that any actual entries of interest
(system config changes, authority failures, profile changes, security
tools, etc.) are very few and far between. This box runs Mimix, Domino,
and Websphere and all of these three tend to produce a bunch of journal
entries with the operations they perform (that will cause the receivers to
fill and grow to quickly). I've been able to filter them out by removing
certain QAUDLVL entries (mainly under the *SECURITY subsets).
The remaining one i'm seeing is the T-GR type entry that is exit
program/FTP related. If I can get around that one i'll have exactly what
we're looking for!
"Turnidge, Dave"
<DTurnidge@OldRep
ublicTitle.com> To
Sent by: "Midrange Systems Technical
midrange-l-bounce Discussion"
s@xxxxxxxxxxxx <midrange-l@xxxxxxxxxxxx>
cc
09/26/2006 11:02 Subject
AM RE: Audit Journal Entry
Please respond to
Midrange Systems
Technical
Discussion
<midrange-l@midra
nge.com>
From Carol Woodbury's "Expert's Guide to OS/400 and i5/OS Security"
Recommended values:
*AUTFAIL
*CREATE
*DELETE
*SAVRST
*SECURITY or instead for v5r3 and on...
*SECCFG and *SECRUN
*SERVICE
Do you have a need to have the other ones that you have chosen? Do you
not need the others that are recommended?
-------------------------------------
I'm trying to filter some of the items out of the security audit journal
that we are not interested in having a record of. Does anyone know how
to prevent the specific type of entry listed below?
7314213 T GR QTFTP00366 14:41:04
7314214 T GR QTFTP00517 15:09:51
7314215 T GR QTFTP00517 15:09:51
7314216 T GR QTFTP00517 15:09:51
7314217 T GR QTFTP00517 15:09:51
7314218 T GR QTFTP00517 15:09:51
7314219 T GR QTFTP00517 15:09:51
The manual says that it has to do with an exit program (which is used in
conjunction with FTP on our box). I can't figure out which entries in
the QAUDLVL system value are causing these entries to be written. We
currently have the following ones turned on:
*AUTFAIL
*SECCFG
*SECDIRSRV
*SECVLDL
*SERVICE
*SYSMGT
*PGMADP
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.
________________________________________________________________________
_____
Scanned by IBM Email Security Management Services powered by
MessageLabs.
For more information please visit http://www.ers.ibm.com
________________________________________________________________________
_____
ForwardSourceID:NT00052CAA
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
_____________________________________________________________________________
Scanned by IBM Email Security Management Services powered by MessageLabs.
For more information please visit http://www.ers.ibm.com
_____________________________________________________________________________
ForwardSourceID:NT00052DFA
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
