<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html lang="en-us" xml:lang="en-us"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="security" content="public" /> <meta name="Robots" content="index,follow" /> <meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' /> <meta name="DC.Type" content="reference" /> <meta name="DC.Title" content="Commands for customizing security" /> <meta name="abstract" content="This section describes the commands and menus for security tools." /> <meta name="description" content="This section describes the commands and menus for security tools." /> <meta name="DC.Relation" scheme="URI" content="rzamvtoolsecurity.htm" /> <meta name="copyright" content="(C) Copyright IBM Corporation 2006" /> <meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" /> <meta name="DC.Format" content="XHTML" /> <meta name="DC.Identifier" content="toolcustomsec" /> <meta name="DC.Language" content="en-us" /> <!-- All rights reserved. Licensed Materials Property of IBM --> <!-- US Government Users Restricted Rights --> <!-- Use, duplication or disclosure restricted by --> <!-- GSA ADP Schedule Contract with IBM Corp. --> <link rel="stylesheet" type="text/css" href="./ibmdita.css" /> <link rel="stylesheet" type="text/css" href="./ic.css" /> <title>Commands for customizing security</title> </head> <body id="toolcustomsec"><a name="toolcustomsec"><!-- --></a> <!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script> <h1 class="topictitle1">Commands for customizing security</h1> <div><p>This section describes the commands and menus for security tools.</p> <div class="section"><h4 class="sectiontitle">Commands and menus for security commands</h4> Examples of how to use the commands are included throughout this information. Two menus are available for security tools:<ul><li>The SECTOOLS (Security Tools) menu to run commands interactively.</li> <li>The SECBATCH (Submit or Schedule Security Reports to Batch) menu to run the report commands in batch. </li> </ul> The SECBATCH menu has two parts. The first part of the menu uses the Submit Job (SBMJOB) command to submit reports for immediate processing in batch. The second part of the menu uses the Add Job Schedule Entry (ADDJOBSCDE) command. You use it to schedule security reports to be run regularly at a specified day and time.</div> <div class="section"><h4 class="sectiontitle">Security Tools menu options</h4> <div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Tool commands for user profiles</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e35">Menu option<sup>1</sup></th> <th valign="bottom" id="d0e39">Command name</th> <th valign="bottom" id="d0e41">Description</th> <th valign="bottom" id="d0e43">Database file used</th> </tr> </thead> <tbody><tr><td valign="top" headers="d0e35 ">1</td> <td valign="top" headers="d0e39 ">ANZDFTPWD</td> <td valign="top" headers="d0e41 ">Use the Analyze Default Passwords command to report on and take action on user profiles that have a password equal to the user profile name.</td> <td valign="top" headers="d0e43 ">QASECPWD<sup>2</sup></td> </tr> <tr><td valign="top" headers="d0e35 ">2</td> <td valign="top" headers="d0e39 ">DSPACTPRFL</td> <td valign="top" headers="d0e41 ">Use the Display Active Profile List command to display or print the list of user profiles that are exempt from ANZPRFACT processing.</td> <td valign="top" headers="d0e43 ">QASECIDL<sup>2</sup></td> </tr> <tr><td valign="top" headers="d0e35 ">3</td> <td valign="top" headers="d0e39 ">CHGACTPRFL</td> <td valign="top" headers="d0e41 ">Use the Change Active Profile List command to add and remove user profiles from the exemption list for the ANZPRFACT command. A user profile that is on the active profile list is permanently active (until you remove the profile from the list). The ANZPRFACT command does not disable a profile that is on the active profile list, no matter how long the profile has been inactive.</td> <td valign="top" headers="d0e43 ">QASECIDL<sup>2</sup></td> </tr> <tr><td valign="top" headers="d0e35 ">4</td> <td valign="top" headers="d0e39 ">ANZPRFACT</td> <td valign="top" headers="d0e41 ">Use the Analyze Profile Activity command to disable user profiles that have not been used for a specified number of days. After you use the ANZPRFACT command to specify the number of days, the system runs the ANZPRFACT job nightly. You can use the CHGACTPRFL command to exempt user profiles from being disabled.</td> <td valign="top" headers="d0e43 ">QASECIDL<sup>2</sup></td> </tr> <tr><td valign="top" headers="d0e35 ">5</td> <td valign="top" headers="d0e39 ">DSPACTSCD</td> <td valign="top" headers="d0e41 ">Use the Display Profile Activation Schedule command to display or print information about the schedule for enabling and disabling specific user profiles. You create the schedule with the CHGACTSCDE command.</td> <td valign="top" headers="d0e43 ">QASECACT<sup>2</sup></td> </tr> <tr><td valign="top" headers="d0e35 ">6</td> <td valign="top" headers="d0e39 ">CHGACTSCDE</td> <td valign="top" headers="d0e41 ">Use the Change Activation Schedule Entry command to make a user profile available for sign on only at certain times of the day or week. For each user profile that you schedule, the system creates job schedule entries for the enable and disable times.</td> <td valign="top" headers="d0e43 ">QASECACT<sup>2</sup></td> </tr> <tr><td valign="top" headers="d0e35 ">7</td> <td valign="top" headers="d0e39 ">DSPEXPSCD</td> <td valign="top" headers="d0e41 ">Use the Display Expiration Schedule command to display or print the list of user profiles that are scheduled to be disabled or removed from the system in the future. You use the CHGEXPSCDE command to set up user profiles to expire.</td> <td valign="top" headers="d0e43 ">QASECEXP<sup>2</sup></td> </tr> <tr><td valign="top" headers="d0e35 ">8</td> <td valign="top" headers="d0e39 ">CHGEXPSCDE</td> <td valign="top" headers="d0e41 ">Use the Change Expiration Schedule Entry command to schedule a user profile for removal. You can remove it temporarily (by disabling it) or you can delete it from the system. This command uses a job schedule entry that runs every day at 00:01 (1 minute after midnight). The job looks at the QASECEXP file to determine whether any user profiles are set up to expire on that day. Use the DSPEXPSCD command to display the user profiles that are scheduled to expire.</td> <td valign="top" headers="d0e43 ">QASECEXP<sup>2</sup></td> </tr> <tr><td valign="top" headers="d0e35 ">9</td> <td valign="top" headers="d0e39 ">PRTPRFINT</td> <td valign="top" headers="d0e41 ">Use the Print Profile Internals command to print a report containing information on the number of entries contained in a user profile. The number of entries determines the size of the user profile.</td> <td valign="top" headers="d0e43 "> </td> </tr> <tr><td colspan="4" valign="top" headers="d0e35 d0e39 d0e41 d0e43 "><div class="note"><span class="notetitle">Note:</span> <ol><li>Options are from the SECTOOLS menu.</li> <li>This file is in the QUSRSYS library.</li> </ol> </div> </td> </tr> </tbody> </table> </div> </div> </div> <div> <div class="familylinks"> <div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtoolsecurity.htm" title="This information describes how to set up your system to use the security tools that are part of i5/OS.">Configure the system to use security tools</a></div> </div> </div> </body> </html>