76 lines
4.7 KiB
HTML
76 lines
4.7 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Audit the Security Officer's actions" />
|
|
<meta name="abstract" content="A security officer or security administrator is responsible for the security on a system. A security officer has *ALLOBJ and *SECADM special authority." />
|
|
<meta name="description" content="A security officer or security administrator is responsible for the security on a system. A security officer has *ALLOBJ and *SECADM special authority." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvplansecauditing.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvspecialauth.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="auditsecofraction" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Audit the Security Officer's actions</title>
|
|
</head>
|
|
<body id="auditsecofraction"><a name="auditsecofraction"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Audit the Security Officer's actions</h1>
|
|
<div><p>A security officer or security administrator is responsible for
|
|
the security on a system. A security officer has *ALLOBJ and *SECADM special
|
|
authority. </p>
|
|
<div class="p">You might want to keep a record of all actions performed by users with
|
|
*ALLOBJ and *SECADM special authority. You can use the action auditing value
|
|
in the user profile to perform this task:<ol><li>For each user with *ALLOBJ and *SECADM special authority, use the CHGUSRAUD
|
|
command to set the AUDLVL to have all values that are not included in the
|
|
QAUDLVL or QAUDLVL2 system values on your system. For example, if the QAUDLVL
|
|
system value is set to *AUTFAIL, *PGMFAIL, *PRTDTA, and *SECURITY, use this
|
|
command to set the AUDLVL for a security officer user profile:<pre>CHGUSRAUD USER((SECUSER)
|
|
AUDLVL(*CMD *CREATE *DELETE +
|
|
*OBJMGT *OFCSRV *PGMADP +
|
|
*SAVRST *SERVICE, +
|
|
*SPLFDTA *SYSMGT)</pre>
|
|
</li>
|
|
<li>Remove the *AUDIT special authority from user profiles with *ALLOBJ and
|
|
*SECADM special authority. This prevents these users from changing the auditing
|
|
characteristics of their own profiles.<div class="note"><span class="notetitle">Note:</span> You cannot remove special authorities
|
|
from the QSECOFR profile. Therefore, you cannot prevent a user signed on as
|
|
QSECOFR from changing the auditing characteristics of that profile. However,
|
|
if a user signed on as QSECOFR uses the CHGUSRAUD command to change auditing
|
|
characteristics, an AD entry type is written to the audit journal.<p><span class="uicontrol">Recommendation:</span> Security
|
|
officers (users with *ALLOBJ or *SECADM special authority) should use their
|
|
own profiles for better auditing. The password for the QSECOFR profile should
|
|
not be distributed.</p>
|
|
</div>
|
|
</li>
|
|
<li>Make sure the QAUDCTL system value includes *AUDLVL.</li>
|
|
<li>Use the DSPJRN command to review the entries in the audit journal.</li>
|
|
</ol>
|
|
</div>
|
|
<p>For more information, see <span class="q">"Analyzing Audit Journal Entries with Query
|
|
or a Program"</span> in the <a href="../rzahg/rzahgsecref.htm">iSeries™ Security
|
|
Reference</a>.</p>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvplansecauditing.htm" title="Use this information to plan security auditing for your systems.">Plan security auditing</a></div>
|
|
</div>
|
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|
<div><a href="rzamvspecialauth.htm" title="This topic describes special authorities that can be specified for a user.">Special authorities</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |