ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalz_5.4.0.1/rzalzintegrityverification.htm

73 lines
4.7 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Code checker integrity verification function" />
<meta name="abstract" content="Learn how you can verify the integrity of the code checker function that you use to verify the integrity of your system." />
<meta name="description" content="Learn how you can verify the integrity of the code checker function that you use to verify the integrity of your system." />
<meta name="DC.Relation" scheme="URI" content="rzalzobjconcepts.htm" />
<meta name="DC.Relation" scheme="URI" content="rzalzcheckthechecker.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="integrity_verification" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Code checker integrity verification function</title>
</head>
<body id="integrity_verification"><a name="integrity_verification"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Code checker integrity verification function</h1>
<div><p>Learn how you can verify the integrity of the code checker function
that you use to verify the integrity of your system.</p>
<p>Beginning in V5R2, i5/OS™ shipped with a code checking function that you
can use to verify the integrity of signed objects on your system, including
all operating system code that IBM<sup>®</sup> ships and signs for your system. Now
in V5R3, you can use a new Application Programming Interface (API) to verify
the integrity of the code checking function itself, as well as key operating
system objects. </p>
<p>The Check System (<a href="../apis/qydochks.htm">QydoCheckSystem</a>)
API provides i5/OS system
integrity verification. You use this API to verify the programs (*PGM) and
service programs (*SRVPGM) and selected command (*CMD) objects in the QSYS
library. Additionally, the Check System API tests the Restore object (<a href="../cl/rstobj.htm">RSTOBJ</a>) command,
the Restore Library (<a href="../cl/rstlib.htm">RSTLIB</a>)
command, the Check Object Integrity (CHKOBJITG) command, and Verify Object
API. This test ensures that these commands and the Verify Object API report
signature validation errors when appropriate; for example, when a system supplied
object is not signed or contains an invalid signature.</p>
<p>The Check System API reports error messages for verification failures and
other errors or verification failures to the job log. However, you can also
specify one of two additional error reporting methods, depending on how you
set the following options: </p>
<ul><li>If the QAUDLVL system value is set to *AUDFAIL, then the Check System
API generates auditing records to report any failures and errors that the
Restore Object (RSTOBJ), Restore Library (RSTLIB), and Check Object Integrity
(CHKOBJITG) commands find.</li>
<li>If the user specifies that the Check System API use a results file in
the integrated file system, then the API either creates the file if it does
not exist or the API appends to the file to report any errors or failures
that the API finds.</li>
</ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzalzobjconcepts.htm" title="Use this concept and reference information to learn more about digital signatures and the object signing and signature verification processes work.">Object signing concepts</a></div>
</div>
<div class="reltasks"><strong>Related tasks</strong><br />
<div><a href="rzalzcheckthechecker.htm" title="Learn how to verify the integrity of the code checker function that you use to verify i5/OS system integrity.">Verifying code checker function integrity</a></div>
</div>
</div>
</body>
</html>