Learn how you can verify the integrity of the code checker function that you use to verify the integrity of your system.
Beginning in V5R2, i5/OS™ shipped with a code checking function that you can use to verify the integrity of signed objects on your system, including all operating system code that IBM® ships and signs for your system. Now in V5R3, you can use a new Application Programming Interface (API) to verify the integrity of the code checking function itself, as well as key operating system objects.
The Check System (QydoCheckSystem) API provides i5/OS system integrity verification. You use this API to verify the programs (*PGM) and service programs (*SRVPGM) and selected command (*CMD) objects in the QSYS library. Additionally, the Check System API tests the Restore object (RSTOBJ) command, the Restore Library (RSTLIB) command, the Check Object Integrity (CHKOBJITG) command, and Verify Object API. This test ensures that these commands and the Verify Object API report signature validation errors when appropriate; for example, when a system supplied object is not signed or contains an invalid signature.
The Check System API reports error messages for verification failures and other errors or verification failures to the job log. However, you can also specify one of two additional error reporting methods, depending on how you set the following options: