× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2006

RE: Audit Journal Entry

Working my way through the Security Reference:

        GR - Generic Record

This appears to have to do with Exit Program activity - 

A Exit program added 
C Operations Resource Monitoring and Control Operations 
D Exit program removed 
F Function registration operations 
R Exit program replaced 

I don't see anything that connects it to an audit value... :-(

Dave

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
ChadB@xxxxxxxxxxxxxxxxxxxx
Sent: Tuesday, September 26, 2006 11:45 AM
To: Midrange Systems Technical Discussion
Subject: RE: Audit Journal Entry


What we are looking at doing is setting up a very simple audit journal
to satisfy some basic requests from our auditors.  We're looking to keep
it very low impact in terms of DASD so that we can basically keep one
receiver in place for a LONG time without having to change receivers and
take them to offline media.  What i'm finding is that any actual entries
of interest (system config changes, authority failures, profile changes,
security tools, etc.) are very few and far between.  This box runs
Mimix, Domino, and Websphere and all of these three tend to produce a
bunch of journal entries with the operations they perform (that will
cause the receivers to fill and grow to quickly).  I've been able to
filter them out by removing certain QAUDLVL entries (mainly under the
*SECURITY subsets).

The remaining one i'm seeing is the T-GR type entry that is exit
program/FTP related.  If I can get around that one i'll have exactly
what we're looking for!

 

             "Turnidge, Dave"

             <DTurnidge@OldRep

             ublicTitle.com>
To 
             Sent by:                  "Midrange Systems Technical

             midrange-l-bounce         Discussion"

             s@xxxxxxxxxxxx            <midrange-l@xxxxxxxxxxxx>

 
cc 
 

             09/26/2006 11:02
Subject 
             AM                        RE: Audit Journal Entry

 

 

             Please respond to

             Midrange Systems

                 Technical

                Discussion

             <midrange-l@midra

                 nge.com>

 

 






From Carol Woodbury's "Expert's Guide to OS/400 and i5/OS Security"


Recommended values:
*AUTFAIL
*CREATE
*DELETE
*SAVRST
*SECURITY or instead for v5r3 and on...
             *SECCFG and *SECRUN
*SERVICE

Do you have a need to have the other ones that you have chosen? Do you
not need the others that are recommended?

-------------------------------------
I'm trying to filter some of the items out of the security audit journal
that we are not interested in having a record of.  Does anyone know how
to prevent the specific type of entry listed below?

7314213   T     GR                           QTFTP00366  14:41:04
7314214   T     GR                           QTFTP00517  15:09:51
7314215   T     GR                           QTFTP00517  15:09:51
7314216   T     GR                           QTFTP00517  15:09:51
7314217   T     GR                           QTFTP00517  15:09:51
7314218   T     GR                           QTFTP00517  15:09:51
7314219   T     GR                           QTFTP00517  15:09:51


The manual says that it has to do with an exit program (which is used in
conjunction with FTP on our box).  I can't figure out which entries in
the QAUDLVL system value are causing these entries to be written.  We
currently have the following ones turned on:

 *AUTFAIL
 *SECCFG
 *SECDIRSRV
 *SECVLDL
 *SERVICE
 *SYSMGT
 *PGMADP
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


________________________________________________________________________
_____

Scanned by IBM Email Security Management Services powered by
MessageLabs.
For more information please visit http://www.ers.ibm.com
________________________________________________________________________
_____


ForwardSourceID:NT00052CAA

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


________________________________________________________________________
_____

Scanned by IBM Email Security Management Services powered by
MessageLabs.
For more information please visit http://www.ers.ibm.com
________________________________________________________________________
_____


ForwardSourceID:NT00052DFA

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.