ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvplansecauditing.htm

121 lines
8.1 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Plan security auditing" />
<meta name="abstract" content="Use this information to plan security auditing for your systems." />
<meta name="description" content="Use this information to plan security auditing for your systems." />
<meta name="DC.Relation" scheme="URI" content="rzamvmonitorsec.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvsecauditchecklists.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvsetsecaudit.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvusesecauditjournal.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvanalyzeobjauth.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvanalyzeprogadoptauth.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvanalyzeuserprof.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvauditsecofraction.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvaudits.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="plansecauditing" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Plan security auditing</title>
</head>
<body id="plansecauditing"><a name="plansecauditing"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Plan security auditing</h1>
<div><p>Use this information to plan security auditing for your systems.</p>
<div class="p">When monitoring your security, the operating system can log security events
which occur on your system. These events are recorded in special system objects
called journal receivers. You can set up journal receivers to record different
types of security events, such as changing a system value or user profile,
or an unsuccessful attempt to access an object. The following values control
which events are logged:<ul><li>The audit control (QAUDCTL) system value</li>
<li>The audit level (QAUDLVL) system value</li>
<li>The audit level (AUDLVL) value in user profiles</li>
<li>The object auditing (OBJAUD) value in user profiles and objects</li>
</ul>
The information in the audit journals is used:<ul><li>To detect attempted security violations.</li>
<li>To plan migration to a higher security level.</li>
<li>To monitor the use of sensitive objects, such as confidential files.</li>
</ul>
</div>
<p>Commands are available to view the information in the audit journals in
different ways.</p>
<p>The purpose of an audit is to detect and log activities that might compromise
the security of your system. When you choose to log actions that occur on
your systems, you might experience a trade-off in performance and, in some
cases, loss of disk space. If you decide to log security-related events on
your systems, the <a href="../icbase/secplanr/securwiz.htm" target="_blank">eServer™ Security
Planner</a> will provide some recommendations about what level of auditing
you should do.</p>
<div class="p">To plan the use of security auditing on your system, follow these steps:<ul><li>Use the eServer Security
Planner to see what it recommends about what level of auditing you should
do based on your system configuration and user requirements.</li>
<li>Determine which security-relevant events you want to record for all system
users. The auditing of security-relevant events is called <span class="uicontrol">action
auditing</span>.</li>
<li>Check whether you need additional auditing for specific users.</li>
<li>Decide whether you want to audit the use of specific objects on the system.</li>
<li>Determine whether object auditing should be used for all users or specific
users.</li>
</ul>
</div>
<p>The security audit journal is the primary source of auditing information
on the system. A security auditor inside or outside your organization can
use the auditing function provided by the system to gather information about
security-related events that occur on the system. You use system values, user
profile parameters, and object parameters to define auditing.</p>
<p>The security auditing function is optional. You must take specific steps
to set up security auditing.</p>
<div class="p">You can define auditing on your system at three different levels: <ul><li>System-wide auditing that occurs for all users.</li>
<li>Auditing that occurs for specific objects.</li>
<li>Auditing that occurs for specific users.</li>
</ul>
</div>
<p>When a security-related event that may be audited occurs, the system checks
whether you have selected that event for audit. If you have, the system writes
a journal entry in the current receiver for the security auditing journal
(QAUDJRN in library QSYS).</p>
<p>For information on planning the auditing of actions and auditing of object
access, see Chapter 9 of the <a href="../rzahg/rzahgsecref.htm">iSeries™ Security Reference</a>.</p>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzamvsecauditchecklists.htm">Checklists for security auditing</a></strong><br />
Use this checklist to plan and audit system security.</li>
<li class="ulchildlink"><strong><a href="rzamvsetsecaudit.htm">Set up security auditing</a></strong><br />
This article describes how to set up security auditing, explains why it is important, and provides step-by-step instructions. The system collects security events in the QAUDJRN journal.</li>
<li class="ulchildlink"><strong><a href="rzamvusesecauditjournal.htm">Use the security audit journal</a></strong><br />
The security audit journal is the primary source of auditing information on the system. A security auditor inside or outside your organization can use the auditing function provided by the system to gather information about security-related events that occur on the system.</li>
<li class="ulchildlink"><strong><a href="rzamvanalyzeobjauth.htm">Analyze object authorities</a></strong><br />
This article describes how to analyze object authorities and provides step-by-step instructions.</li>
<li class="ulchildlink"><strong><a href="rzamvanalyzeprogadoptauth.htm">Analyze programs that adopt authority</a></strong><br />
This article describes the step-by-step procedure for analyzing programs that adopt authority.</li>
<li class="ulchildlink"><strong><a href="rzamvanalyzeuserprof.htm">Analyze user profiles</a></strong><br />
This article describes how to analyze user profiles and provides step-by-step instructions.</li>
<li class="ulchildlink"><strong><a href="rzamvauditsecofraction.htm">Audit the Security Officer's actions</a></strong><br />
A security officer or security administrator is responsible for the security on a system. A security officer has *ALLOBJ and *SECADM special authority.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvmonitorsec.htm" title="This set of topics discuss various techniques for monitoring and auditing security on your system.">Monitor security</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzamvaudits.htm" title="This topic describes the purpose of security audits.">Security audits</a></div>
</div>
</div>
</body>
</html>