121 lines
8.1 KiB
HTML
121 lines
8.1 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Plan security auditing" />
|
||
|
<meta name="abstract" content="Use this information to plan security auditing for your systems." />
|
||
|
<meta name="description" content="Use this information to plan security auditing for your systems." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvmonitorsec.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvsecauditchecklists.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvsetsecaudit.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvusesecauditjournal.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvanalyzeobjauth.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvanalyzeprogadoptauth.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvanalyzeuserprof.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvauditsecofraction.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzamvaudits.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="plansecauditing" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Plan security auditing</title>
|
||
|
</head>
|
||
|
<body id="plansecauditing"><a name="plansecauditing"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Plan security auditing</h1>
|
||
|
<div><p>Use this information to plan security auditing for your systems.</p>
|
||
|
<div class="p">When monitoring your security, the operating system can log security events
|
||
|
which occur on your system. These events are recorded in special system objects
|
||
|
called journal receivers. You can set up journal receivers to record different
|
||
|
types of security events, such as changing a system value or user profile,
|
||
|
or an unsuccessful attempt to access an object. The following values control
|
||
|
which events are logged:<ul><li>The audit control (QAUDCTL) system value</li>
|
||
|
<li>The audit level (QAUDLVL) system value</li>
|
||
|
<li>The audit level (AUDLVL) value in user profiles</li>
|
||
|
<li>The object auditing (OBJAUD) value in user profiles and objects</li>
|
||
|
</ul>
|
||
|
The information in the audit journals is used:<ul><li>To detect attempted security violations.</li>
|
||
|
<li>To plan migration to a higher security level.</li>
|
||
|
<li>To monitor the use of sensitive objects, such as confidential files.</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<p>Commands are available to view the information in the audit journals in
|
||
|
different ways.</p>
|
||
|
<p>The purpose of an audit is to detect and log activities that might compromise
|
||
|
the security of your system. When you choose to log actions that occur on
|
||
|
your systems, you might experience a trade-off in performance and, in some
|
||
|
cases, loss of disk space. If you decide to log security-related events on
|
||
|
your systems, the <a href="../icbase/secplanr/securwiz.htm" target="_blank">eServer™ Security
|
||
|
Planner</a> will provide some recommendations about what level of auditing
|
||
|
you should do.</p>
|
||
|
<div class="p">To plan the use of security auditing on your system, follow these steps:<ul><li>Use the eServer Security
|
||
|
Planner to see what it recommends about what level of auditing you should
|
||
|
do based on your system configuration and user requirements.</li>
|
||
|
<li>Determine which security-relevant events you want to record for all system
|
||
|
users. The auditing of security-relevant events is called <span class="uicontrol">action
|
||
|
auditing</span>.</li>
|
||
|
<li>Check whether you need additional auditing for specific users.</li>
|
||
|
<li>Decide whether you want to audit the use of specific objects on the system.</li>
|
||
|
<li>Determine whether object auditing should be used for all users or specific
|
||
|
users.</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<p>The security audit journal is the primary source of auditing information
|
||
|
on the system. A security auditor inside or outside your organization can
|
||
|
use the auditing function provided by the system to gather information about
|
||
|
security-related events that occur on the system. You use system values, user
|
||
|
profile parameters, and object parameters to define auditing.</p>
|
||
|
<p>The security auditing function is optional. You must take specific steps
|
||
|
to set up security auditing.</p>
|
||
|
<div class="p">You can define auditing on your system at three different levels: <ul><li>System-wide auditing that occurs for all users.</li>
|
||
|
<li>Auditing that occurs for specific objects.</li>
|
||
|
<li>Auditing that occurs for specific users.</li>
|
||
|
</ul>
|
||
|
</div>
|
||
|
<p>When a security-related event that may be audited occurs, the system checks
|
||
|
whether you have selected that event for audit. If you have, the system writes
|
||
|
a journal entry in the current receiver for the security auditing journal
|
||
|
(QAUDJRN in library QSYS).</p>
|
||
|
<p>For information on planning the auditing of actions and auditing of object
|
||
|
access, see Chapter 9 of the <a href="../rzahg/rzahgsecref.htm">iSeries™ Security Reference</a>.</p>
|
||
|
</div>
|
||
|
<div>
|
||
|
<ul class="ullinks">
|
||
|
<li class="ulchildlink"><strong><a href="rzamvsecauditchecklists.htm">Checklists for security auditing</a></strong><br />
|
||
|
Use this checklist to plan and audit system security.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzamvsetsecaudit.htm">Set up security auditing</a></strong><br />
|
||
|
This article describes how to set up security auditing, explains why it is important, and provides step-by-step instructions. The system collects security events in the QAUDJRN journal.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzamvusesecauditjournal.htm">Use the security audit journal</a></strong><br />
|
||
|
The security audit journal is the primary source of auditing information on the system. A security auditor inside or outside your organization can use the auditing function provided by the system to gather information about security-related events that occur on the system.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzamvanalyzeobjauth.htm">Analyze object authorities</a></strong><br />
|
||
|
This article describes how to analyze object authorities and provides step-by-step instructions.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzamvanalyzeprogadoptauth.htm">Analyze programs that adopt authority</a></strong><br />
|
||
|
This article describes the step-by-step procedure for analyzing programs that adopt authority.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzamvanalyzeuserprof.htm">Analyze user profiles</a></strong><br />
|
||
|
This article describes how to analyze user profiles and provides step-by-step instructions.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rzamvauditsecofraction.htm">Audit the Security Officer's actions</a></strong><br />
|
||
|
A security officer or security administrator is responsible for the security on a system. A security officer has *ALLOBJ and *SECADM special authority.</li>
|
||
|
</ul>
|
||
|
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvmonitorsec.htm" title="This set of topics discuss various techniques for monitoring and auditing security on your system.">Monitor security</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzamvaudits.htm" title="This topic describes the purpose of security audits.">Security audits</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|