× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Based on what your auditing/journaling today have you ran any reports
against this to produce any results that might help you in finding issues
etc. Has your system been audited in the past and what were the finding,
did you have to turn on/off more auditing etc.

On Mon, Aug 15, 2011 at 10:26 AM, <fbocch2595@xxxxxxx> wrote:


Well, you're certainly right that the security might not be set
properly...and it has not changed in at least 10 years and even though it's
overkill I'm not going to tell management that.











-----Original Message-----
From: Charles Wilt <charles.wilt@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Sent: Mon, Aug 15, 2011 9:34 am
Subject: Re: Audit of usrprf's


Just my .02....
Seems like overkill.
The only reason to audit everything for a user, is when the profile
an do everything...ie. *ALLOBJ profiles. Those profiles should be
sed on a limited basis.
Since this profile doesn't *ALLOBJ, if your security setup is good,
here should be a limited amount of approved things the user can do.
ow you might have a handful of things that you allow the user to do,
ut that you want to audit...touching certain files or using certain
ommands...
Auditing everything a non *ALLOBJ user does just seems to me that you
on't trust your current security setup. Personally, I'd fix that.
Charles
On Mon, Aug 15, 2011 at 9:21 AM, <fbocch2595@xxxxxxx> wrote:

Hi Folks, I want to audit everything a user does on our IBMi. I'm
wondering
ow you folks would approach it. Everything means everything, all the
commands
he usrprf enters and all objects the usrprf touches, whether updating or
not.
The user is a developer/programmer w/a user class of *PGMR, spcaut =
*JOBCTL
nd lmtcpb = *NO. I read Steve M’s article and I’m following it and I’ve
got;

QAUDCTL set to *AUDLVL/*NOQTEMP/ *OBJAUD.

QAUDLVL set to
*SECURITY/*JOBDTA/*DELETE/*PGMADP/*AUTFAIL/*PGMFAIL/*SERVICE/*CREATE/*OBJMGT/*SAVRST/*SYSMGT/*PRTDTA/*SPLFDTA.

I’ve set CHGUSRAUD OBJAUD(*ALL) and AUDLVL on CHGUSRAUD set to many of the
alues the command allows.

Next, I’m going to have to use CHGOBJAUD OBJAUD=*USRPRF on thousands of
bjects.

That looks like all there is to it…has anyone gone thru this procedure and
if
o, how did it work for you? It looks like all I have to do after that is
eport on the audit journal entries and disk space is not an issue for us.

Has anyone else done this or doing it currently? Any words of wisdom to
hare?

I can not get approval for 3rd party software (PowerLock/Pentasafe, etc.)
as
f yet and not sure if I’ll ever get approval for it.

Any input/info on this appreciated.

Thanks, Frank


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


-
his is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
o post a message email: MIDRANGE-L@xxxxxxxxxxxx
o subscribe, unsubscribe, or change list options,
isit: http://lists.midrange.com/mailman/listinfo/midrange-l
r email: MIDRANGE-L-request@xxxxxxxxxxxx
efore posting, please take a moment to review the archives
t http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.