Yogesh,

Obviously the issue is auditing these users and printing a joblog is just a
method to do this, albeit not a very good one.
You will have to convince the auditors that
a. The joblog contains everything you need to audit and is not modifiable.
b. You read the joblog printout and verify that only good stuff happened
there.

You will find that both are difficult to do.
I recommend that you use AS400 Auditing to track these users.
See the CHGUSRAUD command. For example, the following command will set
auditing on user SHALOM on all commands, object creation, object deletion,
adopting authority, restoring something and modifying security parameters
such as their own auditing.

CHGUSRAUD USRPRF(SHALOM) AUDLVL(*CMD *CREATE *DELETE *PGMADP *SAVRST
*SECURITY)

You will have to turn on the system level auditing, and you will have to
read and parse the audit journal to understand what's in it.
Luckily there is a lot of documentation on brewing your own system, as well
as commercial tools to help you out.

Some of the vendors who sell Audit analysis tools are:
Raz-Lee , PowerTech , BSafe , NetIQ and there are more that I don't recall
at the moment.

Being on the advisory board of RazLee, I can recommend their product from
first hand experience.

Shalom Carmel




message: 2
date: Tue, 1 Nov 2011 17:38:56 +0530
from: "Yogesh Pathak" <yogesh@xxxxxxxxxxxxxxxxx>
subject: Re: [Security400] Printing Job Log

Dear All,

Thanks for all the replies. At present I am looking at adding exit program
to the Signoff command. If I run into trouble will ping you guys again.

Thanks and Regards
?
Yogesh Pathak
Technoforte Software Pvt. Ltd.
(An ISO 9001:2008 Company)
#42, 14th Main, 15th Cross,
Sector IV, HSR Layout,
Bangalore 560 034
?
Ph: 91-80-25729663 / 64 Ext: 212
Fax: 91-80-25729665
?
Mobile(India): +91-99455 10993
Mobile(UAE): +971-50 2450290
?
URL: www.technoforte.co.in
email: yogesh@xxxxxxxxxxxxxxxxx
?
______________________________________________________
?
"You have a right to expect all that is good and high from yourself -
indeed
you must demand it from yourself - but as far as others are concerned, you
must be tolerant."
- Parthasarathi Rajagopalachari





------------------------------

_______________________________________________
This is the Security Administration on the AS400 / iSeries (Security400)
digest list
To post a message email: Security400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/security400
or email: Security400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/security400.



End of Security400 Digest, Vol 9, Issue 18
******************************************


As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.