ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvmonitornewobjinstall.htm

58 lines
3.6 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Monitor for new objects installed on the system" />
<meta name="abstract" content="Prevent or restrict users' from installing their own programs" />
<meta name="description" content="Prevent or restrict users' from installing their own programs" />
<meta name="DC.Relation" scheme="URI" content="rzamvdevelopintrusiondetectstrat.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="monitornewobjinstall" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Monitor for new objects installed on the system</title>
</head>
<body id="monitornewobjinstall"><a name="monitornewobjinstall"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Monitor for new objects installed on the system</h1>
<div><p>Prevent or restrict users' from installing their own programs</p>
<p>When users on your system have unnecessary special authorities, your efforts
to develop a good object-authority security scheme may be wasted. Object authority
is meaningless when a user profile has *ALLOBJ special authority. A user with
*SPLCTL special authority can see any spooled file on the system, no matter
what efforts you make to secure your output queues. A user with *JOBCTL special
authority can affect system operations and redirect jobs. A user with *SERVICE
special authority may be able to use service tools to access data without
going through the operating system.</p>
<p>SECBATCH menu options: 29 to submit immediately 68 to use the job scheduler </p>
<div class="p">You can use the Print User Profile (PRTUSRPRF) command to print information
about the special authorities and user classes for user profiles on your system.
When you run the report, you have several options: <ul><li>All user profiles</li>
<li>User profiles with specific special authorities</li>
<li>User profiles that have specific user classes</li>
<li>User profiles with a mismatch between user class and special authorities.</li>
</ul>
</div>
<p>You can run these reports regularly to help you monitor the administration
of user profiles.</p>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvdevelopintrusiondetectstrat.htm" title="The following information is a collection of tips to help you detect potential security exposures.">Prevent and detect security exposures</a></div>
</div>
</div>
</body>
</html>