× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. SECURITY400
  3. May 2008

Re: Wayne Evans' LOGCMD

Steve McKay wrote on 05/01/2008 10:58:27 AM:

I have a copy of Wayne Evans' LOGCMD program/command. This allows
specified
non-admin users to gain *ALLOBJ authority and records the commands they
enter to QAUDJRN by acquiring a user profile handle, turning on *CMD
auditing on the user profile, and processing the entered commands as
messages from the external message queue. This works well if the user
stays
on the QCMD screen that is initially displayed. If the user enters some
command that has it's own command line (WRKACTJOB, for instance), any
commands entered on that command line do not get recorded in QAUDJRN.

Does someone know of a way to correct this behavior or of another method
of
giving users (on-call programmers, actually) a way to respond to problems
which would require *ALLOBJ authority without actually giving them
*ALLOBJ
on their user profile?

I do not believe that I have ever seen the source for Wayne's LOGCMD
program and I have never used that program. (Also I could not find the
source when I looked on the internet.) From your description I can make a
few guesses about what the program is doing. The help text for CHGUSRAUD
indicates that the changes take effect the next time a job is started for
the user. Years ago Wayne showed me a trick that would cause changes to a
user profile to be effective right away. The trick was to swap user profile
to the same profile (but not using *CURRENT). This causes the changes to be
picked up in the current job. I do not know if this works for all
attributes of a user profile but it does work for some. So this explains
why the profile handle was used to swap user profiles after *CMD auditing
was turned on for the user profile.

I have placed commands on an external message queue and then run them by
calling QCMD. I can also explain why that trick does not work for command
lines like the one on WRKACTJOB. What I can't explain is why the LOGCMD
program does this. Using an external message queue would not help the
auditing of the commands to the security audit journal. Are you sure that a
CD (Command String) audit record is written to the security audit journal
for every command written under LOGCMD except for the ones entered on other
commands lines than QCMD? That does not make any sense. Once command
auditing is on for a user, every command they enter should be audited. Even
commands from within CL programs they use will be audited, but sometimes
not all command parameters will be placed in the audit journal. Is it
possible that you are looking for the audited commands in the external
message queue instead of the security audit journal?

I believe that one or more of the more popular security vendors have
products similar to what you are looking for.

Ed Fishel,
edfishel@xxxxxxxxxx


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.