107 lines
7.0 KiB
HTML
107 lines
7.0 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Configure the system to use security tools" />
|
|
<meta name="abstract" content="This information describes how to set up your system to use the security tools that are part of i5/OS." />
|
|
<meta name="description" content="This information describes how to set up your system to use the security tools that are part of i5/OS." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvmanagesec.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvtoolsave.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvtoolcustomsec.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvconfigsysseccmd.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvrevokepubauthcmd.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzamvsectools.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="toolsecurity" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Configure the system to use security tools</title>
|
|
</head>
|
|
<body id="toolsecurity"><a name="toolsecurity"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Configure the system to use security tools</h1>
|
|
<div><p>This information describes how to set up your system to use the
|
|
security tools that are part of i5/OS™. </p>
|
|
<p>When you install i5/OS, the security tools are ready to use. The topics
|
|
that follow provide suggestions for operating procedures with the security
|
|
tools.</p>
|
|
<div class="section"><h4 class="sectiontitle">Use security tools securely</h4><p>When you install i5/OS,
|
|
the objects that are associated with the security tools are secure. To operate
|
|
the security tools securely, avoid making authority changes to any security
|
|
tool objects. </p>
|
|
<div class="p">Following are the security settings and requirements
|
|
for security tool objects:<ul><li>The security tool programs and commands are in the QSYS product library.
|
|
The commands and the programs ship with the public authority of *EXCLUDE.
|
|
Many of the security tool commands create files in the QUSRSYS library. When
|
|
the system creates these files, the public authority for the files is *EXCLUDE.
|
|
Files that contain information for producing changed reports have names that
|
|
begin with QSEC. Files that contain information for managing user profiles
|
|
have names that begin with QASEC. These files contain confidential information
|
|
about your system. Therefore, you should not change the public authority to
|
|
the files.</li>
|
|
<li>The security tools use your normal system setup for directing printed
|
|
output. These reports contain confidential information about your system.
|
|
To direct the output to a protected output queue, make appropriate
|
|
changes to the user profile or job description for users who will be running
|
|
the security tools.</li>
|
|
<li>Because of their security functions and because they access many objects
|
|
on the system, the security tool commands require *ALLOBJ special authority.
|
|
Some of the commands also require *SECADM, *AUDIT, or *IOSYSCFG special authority.
|
|
To ensure that the commands run successfully, you should sign on as a security
|
|
officer when you use the security tools. Therefore, you should not need to
|
|
grant private authority to any security tool commands.</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
<div class="section"><h4 class="sectiontitle">Avoid file conflicts</h4><p>Many of the security tool report
|
|
commands create a database file that you can use to print a changed version
|
|
of the report. [Commands and menus for security commands] tells the file name
|
|
for each command. You can only run a command from one job at a time. Most
|
|
of the commands now have checks that enforce this. If you run a command when
|
|
another job has not yet finished running it, you will receive an error message. </p>
|
|
<p>Many
|
|
print jobs are long-running jobs. You need to be careful to avoid file conflicts
|
|
when you submit reports to batch or add them to the job scheduler. For example,
|
|
you might want to print two versions of the PRTUSRPRF report with different
|
|
selection criteria. If you are submitting reports to batch, you should use
|
|
a job queue that runs only one job at a time to ensure that the report jobs
|
|
run sequentially. </p>
|
|
<p>If you are using the job scheduler, you need to schedule
|
|
the two jobs far enough apart that the first version completes before the
|
|
second job starts.</p>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<ul class="ullinks">
|
|
<li class="ulchildlink"><strong><a href="rzamvtoolsave.htm">Save security tools</a></strong><br />
|
|
You save the security tool programs whenever you run either the Save System (SAVSYS) command or an option from the Save menu that runs the SAVSYS command.</li>
|
|
<li class="ulchildlink"><strong><a href="rzamvtoolcustomsec.htm">Commands for customizing security</a></strong><br />
|
|
This section describes the commands and menus for security tools.</li>
|
|
<li class="ulchildlink"><strong><a href="rzamvconfigsysseccmd.htm">Values set by the Configure System Security command</a></strong><br />
|
|
This table lists the system values that are set when you run the CFGSYSSEC command. The CFGSYSSEC command runs a program that is called QSYS/QSECCFGS.</li>
|
|
<li class="ulchildlink"><strong><a href="rzamvrevokepubauthcmd.htm">Functions of the Revoke Public Authority command</a></strong><br />
|
|
You can use the Revoke Public Authority (RVKPUBAUT) command to set the public authority to *EXCLUDE for a set of commands and programs.</li>
|
|
</ul>
|
|
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvmanagesec.htm" title="Once you've planned and implemented your security strategy, there remains the task of managing the security of your system.">Manage security</a></div>
|
|
</div>
|
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|
<div><a href="rzamvsectools.htm" title="You can use security tools to manage and monitor the security environment on your system.">System security tools</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |