Wednesday, March 15, 2006

Four Hundred Guru--iSeries Security Journal Receiver Management, Part 1

When iSeries security monitoring is activated, the operating system logs security events that occur on your system. These events are recorded in special system objects called journal receivers, which are 'attached to' or exclusively associated with the QAUDJRN journal in library QSYS. You can set up the audit journal receivers to record different types of security events, such as a change to a system value or user profile, or an unsuccessful attempt to access an object. The following values control which events are logged:
The audit control (QAUDCTL) system value
The audit level (QAUDLVL and QAUDLVL2) system values
The audit level (AUDLVL) value specified in the user profiles
The object auditing (OBJAUD) value of the user profile objects (and all other system objects as well)
As I'm sure you've read somewhere before, the information that is recorded in the audit journals can be used:
To detect security errors and violations
To plan migration to a higher security level, say from level 30 to level 40
To monitor the use of sensitive objects, such as powerful commands and confidential files

No comments:

Post a Comment