Verifying code checker function integrity

Learn how to verify the integrity of the code checker function that you use to verify i5/OS™ system integrity.

To use the new code checker integrity verification function to that you use to verify the integrity of your system, you must have *AUDIT special authority.

To verify the code checker function, run the Check System (QydoCheckSystem) API to determine whether any key operating system object has changed since it was signed. When you run the API it checks key system objects, including the programs and service programs and selected command (*CMD) objects in the QSYS library, as follows:

  1. Checks all program (*PGM) objects to which the system entry point table points.
  2. Checks all the service program (*SRVPGM) objects in the QSYS library and verifies the integrity of the Verify Object API.
  3. Runs the Verify Object (QydoVerifyObject) API to verify the integrity of Restore Object (RSTOBJ) command, the Restore Library (RSTLIB) command, and the Check Object Integrity (CHKOBJITG) command.
  4. Uses the RSTOBJ and RSTLIB commands on a special save file (*SAV) to make sure that errors are reporting correctly. A lack of error messages or the wrong error messages indicate a potential problem.
  5. Creates a command (*CMD) object that is designed to fail to verify correctly.
  6. Runs the CHKOBJITG command and the Verify Object API on this special command object to ensure that the CHKOBJITG command and the Verify Object API are reporting errors correctly. A lack of error messages or the wrong error messages indicate a potential problem.
Parent topic: Manage signed objects
Related concepts
Code checker integrity verification function
Related reference
Interpret code checker verification error messages