ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvauditsecofraction.htm

76 lines
4.7 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Audit the Security Officer's actions" />
<meta name="abstract" content="A security officer or security administrator is responsible for the security on a system. A security officer has *ALLOBJ and *SECADM special authority." />
<meta name="description" content="A security officer or security administrator is responsible for the security on a system. A security officer has *ALLOBJ and *SECADM special authority." />
<meta name="DC.Relation" scheme="URI" content="rzamvplansecauditing.htm" />
<meta name="DC.Relation" scheme="URI" content="rzamvspecialauth.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="auditsecofraction" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Audit the Security Officer's actions</title>
</head>
<body id="auditsecofraction"><a name="auditsecofraction"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Audit the Security Officer's actions</h1>
<div><p>A security officer or security administrator is responsible for
the security on a system. A security officer has *ALLOBJ and *SECADM special
authority. </p>
<div class="p">You might want to keep a record of all actions performed by users with
*ALLOBJ and *SECADM special authority. You can use the action auditing value
in the user profile to perform this task:<ol><li>For each user with *ALLOBJ and *SECADM special authority, use the CHGUSRAUD
command to set the AUDLVL to have all values that are not included in the
QAUDLVL or QAUDLVL2 system values on your system. For example, if the QAUDLVL
system value is set to *AUTFAIL, *PGMFAIL, *PRTDTA, and *SECURITY, use this
command to set the AUDLVL for a security officer user profile:<pre>CHGUSRAUD USER((SECUSER)
AUDLVL(*CMD *CREATE *DELETE +
*OBJMGT *OFCSRV *PGMADP +
*SAVRST *SERVICE, +
*SPLFDTA *SYSMGT)</pre>
</li>
<li>Remove the *AUDIT special authority from user profiles with *ALLOBJ and
*SECADM special authority. This prevents these users from changing the auditing
characteristics of their own profiles.<div class="note"><span class="notetitle">Note:</span> You cannot remove special authorities
from the QSECOFR profile. Therefore, you cannot prevent a user signed on as
QSECOFR from changing the auditing characteristics of that profile. However,
if a user signed on as QSECOFR uses the CHGUSRAUD command to change auditing
characteristics, an AD entry type is written to the audit journal.<p><span class="uicontrol">Recommendation:</span> Security
officers (users with *ALLOBJ or *SECADM special authority) should use their
own profiles for better auditing. The password for the QSECOFR profile should
not be distributed.</p>
</div>
</li>
<li>Make sure the QAUDCTL system value includes *AUDLVL.</li>
<li>Use the DSPJRN command to review the entries in the audit journal.</li>
</ol>
</div>
<p>For more information, see <span class="q">"Analyzing Audit Journal Entries with Query
or a Program"</span> in the <a href="../rzahg/rzahgsecref.htm">iSeries™ Security
Reference</a>.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplansecauditing.htm" title="Use this information to plan security auditing for your systems.">Plan security auditing</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzamvspecialauth.htm" title="This topic describes special authorities that can be specified for a user.">Special authorities</a></div>
</div>
</div>
</body>
</html>