Part of your security system should be controlling users' save
and restore capabilities.
Most users do not need to save and restore objects on your system. The
save commands provide the possibility of copying important assets of your
organization to media or to another system. Most save commands support save
files that can be sent to another system (by using the SNDNETF file command)
without having access to media or a save/restore device.
Restore commands provide the opportunity to restore unauthorized objects,
such as programs, commands, and files, to your system. You can also restore
information without access to media or to a save/restore device by using save
files. Save files can be sent from another system by using the SNDNETF command
or by using the FTP function.
Following are suggestions for restricting save and restore operations on
your system:
- Control which users have *SAVSYS special authority. *SAVSYS special authority
allows the user to save and restore objects even when the user does not have
the necessary authority to the objects.
- Control physical access to save and restore devices.
- Restrict access to the save and restore commands. When you install i5/OS™ licensed
programs, the public authority for the RSTxxx commands is *EXCLUDE. Public
authority for the SAVxxx commands is *USE. Consider changing the public authority
for SAVxxx commands to *EXCLUDE. Carefully limit the users that you authorize
to the RSTxxx commands.
- Use the QALWOBJRST system value to restrict restoration of system-state
programs, programs that adopt authority, and objects that have validation
errors.
- Use the QVFYOBJRST system value to control restoring signed objects on
your system.
- Use the QFRCCVNRST system value to control the recreation of certain objects
being restored on your system.
- Use security auditing to monitor restore operations. Include *SAVRST in
the QAUDLVL system value, and periodically print audit records that are created
by restore operations.