friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvqscanfsctl.htm

189 lines
11 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Scan file system control" />
<meta name="abstract" content="The scan file systems control system value controls the integrated file system scanning that is enabled when exit programs are registered with any of the integrated file system scan-related exit points." />
<meta name="description" content="The scan file systems control system value controls the integrated file system scanning that is enabled when exit programs are registered with any of the integrated file system scan-related exit points." />
<meta name="DC.Relation" scheme="URI" content="rzamvgensecsysval.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="qscanfsctl" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Scan file system control</title>
</head>
<body id="qscanfsctl"><a name="qscanfsctl"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Scan file system control</h1>
<div><p>The scan file systems control system value controls the integrated
file system scanning that is enabled when exit programs are registered with
any of the integrated file system scan-related exit points.</p>
<div class="p">This system value works with the scan file systems system value to provide
granular controls on how and what is scanned in the integrated file system.
You can choose the different scanning options and you can select to use default
scan options which provide the following scan controls:<ul><li>Perform write access upgrades </li>
<li>Fail close request if scan fails during close </li>
<li>Scan on next access after object has been restored</li>
</ul>
</div>
<p>See <a href="#qscanfsctl__quickref">Table 2</a> for details
on this system value.</p>
<p>Optionally you can select several scan options which control how and what
the registered exit programs will scan. These options are described in following
table:</p>
<div class="p">
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" frame="border" border="1" rules="all"><caption>Table 1. Possible values for the scan file system control
system value</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e38">iSeries™ Navigator </th>
<th valign="bottom" id="d0e42">Character-based interface</th>
<th valign="bottom" id="d0e44">Description</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e38 ">No selections</td>
<td valign="top" headers="d0e42 ">*NONE</td>
<td valign="top" headers="d0e44 ">No controls are being specified for the integrated file
system scan-related exit points.</td>
</tr>
<tr><td valign="top" headers="d0e38 ">Scan accesses through file servers only</td>
<td valign="top" headers="d0e42 ">*FSVRONLY</td>
<td valign="top" headers="d0e44 ">Only accesses through the file servers to the system
will be scanned. However, native or direct connections to the system are not
scanned. If this option is not selected, all accesses will be scanned no matter
if you connect directly to the system or through a file server.</td>
</tr>
<tr><td valign="top" headers="d0e38 ">Fail request if exit program fails</td>
<td valign="top" headers="d0e42 ">*ERRFAIL</td>
<td valign="top" headers="d0e44 ">This option specifies the request or operation that
started the exit program will fail if there are errors when the exit program
is called. If this happens, the requested operation receives an indication
that the scan fail on that object. If you do not select this option, the system
will skip the failing exit program and treat the object as if it was not scanned
by this exit program.</td>
</tr>
<tr><td valign="top" headers="d0e38 ">Perform write access upgrades (selected) <sup>1</sup></td>
<td valign="top" headers="d0e42 ">NA </td>
<td valign="top" headers="d0e44 ">This option allows the system to upgrade the access
for the scan descriptor passed to the exit program to include write access,
if possible. Use this option if you want the exit program to be able to fix
or modify objects even though they were originally opened with read-only access. </td>
</tr>
<tr><td valign="top" headers="d0e38 ">Perform write access upgrades (deselected)</td>
<td valign="top" headers="d0e42 ">*NOWRTUPG</td>
<td valign="top" headers="d0e44 ">This option specifies that the system will not upgrade
the access to include write access.</td>
</tr>
<tr><td valign="top" headers="d0e38 ">Use <span class="uicontrol">only when objects have changed</span> attribute
to control scan</td>
<td valign="top" headers="d0e42 ">*USEOCOATR</td>
<td valign="top" headers="d0e44 ">With this option, the system specifies the 'object change
only' attribute to scan the object if it has been changed. </td>
</tr>
<tr><td valign="top" headers="d0e38 ">Fail close request if scan fails during close</td>
<td valign="top" headers="d0e42 ">*NOFAILCLO</td>
<td valign="top" headers="d0e44 ">This option specifies that the system will fail the
close request if an object failed a scan during close processing. This option
only applies to close requests. If the <span class="uicontrol">Fail request if exit program
fails</span> option is selected and this option is not selected, the
system will not send a failure indication even though an object failed a scan
during close processing. But, the object will be marked as failing a scan.</td>
</tr>
<tr><td valign="top" headers="d0e38 ">Scan on next access after object has been restored</td>
<td valign="top" headers="d0e42 ">*NOPOSTRST</td>
<td valign="top" headers="d0e44 ">This option indicates that regardless of how an object
is defined with its scan attribute, the object will be scanned after it is
restored. If the object scan attribute indicates that the object will not
be scanned, this option forces a scan after the object is restored. If the
object scan attribute indicates that the object will be scanned if it has
been changed since the last scan, then the object will be scanned after a
restore since the restore operation is considered a change to the object.</td>
</tr>
</tbody>
</table>
</div>
</div>
<p><strong>Relationship to security policy</strong></p>
<p>Scanning control options provide granular control to using scan-related
exit programs for the integrated file system. For security purposes, you can
use these options to enhance detection of computer viruses and suspicious
programs that may be in your integrated file system when the exit programs
are designed to detect viruses.</p>
<div class="p">
<div class="tablenoborder"><a name="qscanfsctl__quickref"><!-- --></a><table cellpadding="4" cellspacing="0" summary="" id="qscanfsctl__quickref" frame="border" border="1" rules="all"><caption>Table 2. Quick reference. Provides details
for the scan file system control system value.</caption><thead align="left"><tr valign="bottom"><th valign="bottom" id="d0e127">iSeries Navigator name</th>
<th valign="bottom" id="d0e131">Scan control</th>
</tr>
</thead>
<tbody><tr><td valign="top" headers="d0e127 ">Character-based interface name</td>
<td valign="top" headers="d0e131 ">QSCANFSCTL</td>
</tr>
<tr><td valign="top" headers="d0e127 ">Authority</td>
<td valign="top" headers="d0e131 "><p>*ALLOBJ<br />
*SECADM</p>
<div class="note"><span class="notetitle">Note:</span> The QSECOFR user profile is shipped with these authorities. </div>
</td>
</tr>
<tr><td valign="top" headers="d0e127 ">How to access</td>
<td valign="top" headers="d0e131 "><div class="p"><strong>iSeries Navigator</strong><ol><li>Expand <span class="menucascade"><span class="uicontrol">Security</span> &gt; <span class="uicontrol">Policies</span></span>.</li>
<li>Right click <span class="uicontrol">Security Policy</span> and select <strong>Properties</strong>.</li>
<li>On the <span class="uicontrol">Scan</span> page, you will find the options for
scan control.</li>
</ol>
</div>
<div class="p"><span class="uicontrol">Character-based interface</span><ol><li>In the character-based interface, type <samp class="codeph">WRKSYSVAL QSCANFSCTL</samp>.</li>
</ol>
</div>
</td>
</tr>
<tr><td valign="top" headers="d0e127 ">Changes take effect</td>
<td valign="top" headers="d0e131 ">Immediately</td>
</tr>
<tr><td valign="top" headers="d0e127 ">Default value</td>
<td valign="top" headers="d0e131 ">Use default scan control options</td>
</tr>
<tr><td valign="top" headers="d0e127 ">Recommended values</td>
<td valign="top" headers="d0e131 "><dl><dt class="dlterm">For strict security environments</dt>
<dd>Select the <span class="uicontrol">Fail request if exit program fails</span> option
and ensure that the <span class="uicontrol">Perform write access upgrades</span> is
deselected. These options provide that any failures from the scan exit programs
will prevent associated operations or the scan exit program from gaining additional
access levels. </dd>
<dt class="dlterm">For less strict security environments</dt>
<dd>For most environments, you can choose not to select these options or simply
use the default options.</dd>
</dl>
</td>
</tr>
<tr><td valign="top" headers="d0e127 "><a href="rzamvlockdown.htm">Lockable</a></td>
<td valign="top" headers="d0e131 ">Yes</td>
</tr>
<tr><td valign="top" headers="d0e127 ">Special considerations </td>
<td valign="top" headers="d0e131 "> When installing code that is shipped from a trusted
source, it is recommended that you specify <span class="uicontrol">Scan on next access
after object has been restored</span> during the installation.</td>
</tr>
</tbody>
</table>
</div>
</div>
<p>For more detailed information about this security value, see Chapter 3,
"Security System Values" in <a href="../books/sc415302.pdf" target="_blank">Security Reference</a>.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvgensecsysval.htm" title="General security system values provide the cornerstone for your security policy.">General security system values</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink