Audit User Manual - Raz-Lee
Contents
1. Command User Manual Chapter 3 Definitions Analysis and Maintenance 262. Option 4 Displays the Remove Restricted Command screen Press Enter to remove the selected command and return to the Work with Restricted Commands screen Activates the selected command Command User Manual Chapter 2 Command Security RAZLEE The iSeries Security Experts Parameter Description Option 8 Deactivates the selected command FeO Opens the Add Restricted Command screen Adding a New Command Restriction To create a new command restriction select F6 from the Work with Restricted Commands screen The following Add Restricted Command screen is displayed Add Restricted Command Type choices press Enter Command Library Activate definition Y Yes N No F3 Exit F4 Prompt F12 Cancel Modify data or press Enter to confirm Add Restricted Command Screen After completing the various fields described below press Enter to continue The new command restriction 1s added to the list on the Work with Restricted Commands screen Parameter Command Description Enter the name of the command to restrict If a specific library has already been defined press F4 to display a prompt with the existing commands available to choose from in the library Command User Manual Chapter 2 Command Security RAZLEE The iSeries Security Experts Parameter Description Library Enter the name of the specific library where the command will run If entering a command when LIBL is displayed Comma
3. Password Password provides a first tier wall of defense for users by ensuring that user passwords cannot be easily cracked Screen Screen protects unattended terminals and PC workstations from unauthorized use It provides adjustable terminal and user specific timeout capabilities View e View is a unique patent pending field level solution that hides sensitive fields and records from restricted users This innovative solution hides credit card numbers customer names etc Restricted users see asterisks or zeros instead of real values View requires no change in existing applications It works for both SQL and traditional I O Visualizer Visualizer is an advanced DWH statistical tool with state of the art technology This solution provides security related data analysis in GUI and operates on summarized files hence it gives immediate answers regardless of the amount of security data being accumulated Command User Manual About This Manual 3 Chapter 1 Introducing Command Raz Lee Security s Command part of the iSecurity suite provides total control over CL commands command parameters their qualifiers and elements as well as the users who are permitted to issue specific commands and change parameters Command filters the use of specific commands both IBM supplied and user defined by specific users It also includes a variety of industry unique parameter selection criteria which enable adding re
4. Alert The following Modify Alert screen appears This screen also appears after completing the Work with a Command Rule screen To specify a specific alert enter its number in the Type column then define its recipient address types and formats as described in the table below Command User Manual Chapter 2 Command Security 17 RAZLEE The iSeries Security Experts Type choices press Enter Action Name GS110019QP Description Created by Action Define alert message recipients 1 E mail 2 Message Queue 3 User 4 Remote User 5 LRN user 6 SMS 7 Special 8 Syslog 9 SNMP T Twitter Type Recipient address xUSER xDEV xJOB xSYSTEM JeJ COM QSYSOPR QSECOFR 2019976520 F3 Exit F12 Cancel Add Alert Screen Parameter Description Action Name ID of the alert message Description Description of the alert E mail E mail address in standard format user company com Message Queue Fully qualified name of the message queue or SYSOPR For further details see Audit User Manual Working with Message Queues section User User profile or AS 400 group profile Remote User Remote system user SNDNETMSQ LAN User Valid network user name or DOMAIN for all users on your domain SMS Phone number including country code and area code as necessary Special Phone number and access codes for the pager service Syslog As defined in 81 System Configuration 71 Syslog SNMP As defined in 81 System
5. Configuration 81 iSecurity Base gt 32 SNMP Twitter As defined in 81 System Configuration 81 iSecurity Base gt 33 Twitter Command User Manual Chapter 2 Command Security 18 STRCMD RAZ LEE The iSeries Security Experts Edit Action Script Once an alert is completed the Edit Action Script screen appears Use this screen to define one or more command scripts to run whenever the command rule s conditions are met Commands execute sequentially according to a user defined order They may include replacement variables that extract data from the history log record and insert it as command parameters Command also supports conditional branching in the event that an error occurs during script execution Edit fiction Script Action GS0940140P Type choices press Enter Note Add quotes where needed e g CALL PGM PARM amp PARMQ1 amp PRRMG2 Order Label Command GOTO label unconditional 1 00 CHGUSRPF USRPF amp ZRUSPF PRSSHORD STRTUS XDISRBLED On error go to label ERRORI1 ENDJOB JOB amp ZRJOB amp ZRUSER amp ZRNBR OPTION XIHMHMED On error go to label ERRORI On error go to label On error go to label More F3 Exit F4 Prompt F Replacement variables F8 Replacement job F12 Cancel Edit Action Script Screen Parameters Options Description Order Order in which the commands are executed Label Optional alohanumeric label for the c
6. If the command rule will run Yes No Action that will run and description Opens a new Add Command Rule screen see the Work with a Command Rule screen Sequence number and press Enter The rows are re ordered according to the correct sequence but may not begin at 1 or increment uniformly e g 2 4 5 Select option 22 Renumber to reset the first command rule in the sequence to 1 incrementing by 1 for each new row mE To change the order that command rules run change the To edit a specific command rule row choose 1 Select The Work with a Command Rule screen appears When done press Enter press Enter again to confirm the update Work with a Command Rule A command rule triggers an action and or sends a message to a defined list of recipients It appears as a single row above the actual command in the Work with Command Rules screen To create a new command rule press F6 To edit a specific command rule choose 1 Select The Work with Command Rule screen opens Command User Manual Chapter 2 Command Security 11 RAZLEE The iSeries Security Experts Work with a Command Rule Command QSYS PHRDHNSYS Power Down System Type choices press Enter Sequence Id E 1 8 Description Alert System Operator and Restart the System Select options Work with conditions Y Y Yes Alert by Action Id Name XRDD xNONE F4 Prompt Work with message text to send Y Yes Work with chang
7. Type choices press Enter F3 Exit Filter Id 1 8 TEST DSPSYSSTS 8 TEST DSPSYSSTS Copy a Command Rule Screen Parameter Description From Filter Sequence ID of the current rule ID Description of the rule To Filter Enter a new sequence number for the new rule ID Change the description of the rule Command User Manual Chapter 2 Command Security 22 RAZ LEE gt The iSeries Security Experts Adding a New Restricted Command To add a new restricted command select 1 Work with Commands from the main menu When the Work with Restricted Commands appears select F6 Add New The following Add Restricted Command screen 1s displayed Add Restricted Command Type choices press Enter Command il Name Library Name XLIBL Activate definition F3 Exit F4 Prompt F12 Cancel Add Restricted Command Screen Parameter Description Command Name Enter the name of the command If a specific library has been defined pressing F4 will display the Select Command popup Choose a command from the list and enter 1 Select Library Name Enter the name of a specific library LIBL Associate the command with all libraries Activate Definition Y Yes N No Command User Manual Chapter 2 Command Security 23 STRCMD RAZLEE The iSeries Security Experts Deleting a Restricted Command To remove a command choose it and select 4 Remove The following Re
8. is message text displays the Message to Send screen when cycling through the different rule screens Work with changes to YzYes apply before running When updating the rule if Yes is selected i e there is a the command replacement value displays the Replace Values screen when cycling through the different rule screens Allow the Y Yes with out changes command to run N No reject it This symbol appears when a definition already exists NOTE Each time Enter is pressed the next screen in the Command Rule cycle is displayed if it was previously enabled Default Yes in the Work with a Command Rule screen To access each of these screens directly from the Work with a Command Rule screen select its option number 6 7 8 9 in the Work with Command Rules screen Filter Conditions Filter conditions are the criteria that must be matched when a command is entered by a user in order to trigger the command s alerts messages and changes Each filter condition consists of a comparison test applied against one of the fields in the journal record such as a parameter originator job user IP or context from which program environment The Filter Conditions screen appears immediately after completing the Work with a Command Rule screen To open it directly choose a rule and select 6 Condition in the Work with Command Rules NOTE Filter conditions are optional If no filter condition is defined the command rule will pe
9. Command The Command Filtering and Notification Component of iSecurity iSecurity User Manual Version 1 1 RAZ LEE gt The iSeries Security Experts Updated 11 09 2012 Copyright Notice Copyright Raz Lee Security Inc All rights reserved This document is provided by Raz Lee Security for information purposes only Raz Lee Security O is a registered trademark of Raz Lee Security Inc Action System Control User Management Assessment Firewall Screen Password Audit Capture View Visualizer FileScope Anti Virus AP Journal are trademarks of Raz Lee Security Inc Other brand and product names are trademarks or registered trademarks of the respective holders Microsoft Windows is a registered trademark of the Microsoft Corporation Adobe Acrobat is a registered trademark of Adobe Systems Incorporated Information in this document is subject to change without any prior notice The software described in this document is provided under Raz Lee s license agreement This document may be used only in accordance with the terms of the license agreement The software may be used only with accordance with the license agreement purchased by the user No part of this document may be reproduced or retransmitted in any form or by any means whether electronically or mechanically including but not limited to photocopying recording or information recording and retrieval systems without written permission given by R
10. alifier Element enter its Id or leave blank Parameter Q E Id Oper Value Hou to end Controlled end delay time Restart options SET IPL source Image catalog End subsystem option Timeout option Conf irm v denotes List Command name Command library Bottom F3 Exit F Prompt CMD F8 CMD help F1 Long value F11 Text Fld F12 Cancel Replace Values Screen Parameters Options Description Parameter Parameters associated with the current command rule Q E Qualifier or Element to replace ID ID of the Qualifier or Element Oper Action to take as defined in the Operations line above DFTPRM Default Parameter OMTPRM Omit Parameter DFTLST Default List OMTLST Omit List SET Set Parameter RPL Replace Parameter Value Replacement value F7 Prompt CMD to display the command parameters F10 Long Value F11 Toggles the parameter s descriptive name and field name Command User Manual Chapter 2 Command Security 21 RAZLEE The iSeries Security Experts Copying a Command Rule To make a copy of a command rule choose the rule in the Work with Command Rules screen and select 3 Copy The following Copy a Command Rule screen appears Update the changes as described in the table below and press Enter The command rule is displayed with the new rule added in the sequence defined Command QSYS DSPSYSSTS Copy a Command Rule Display System Status
11. all User Manual 83 Central Administration Audit User Manual Command User Manual Chapter 3 Definitions Analysis and Maintenance 25 STRCMD RAZ LEE The iSeries Security Experts Command General Definitions The Command General Definitions is a unique Maintenance screen that enables users to disable the product completely determine which mode to run it in and what data to log To open the Command General Definitions screen select 81 System Configuration from the main screen then 31 General Definitions Command General Definitions Type options press Enter Secure Check commands 1 Yes 2 No Information to log 1 None 2 Rejects and changes 4 Al Work in XFYIX Simulation mode N Y N XFYI is an acronym for For Your Information In this mode security rules are fully operational but no action is taken F3 Exit F12 Previous Command General Definitions Screen Parameter Description Secure 1 Yes enables Command Check commands 2 No disables Command Information to log 1 None 2 Rejects and changes 4 All Work in FYI FYI is an acronym for For Your Information In this mode Simulation mode command rules are fully operational but no action is actually taken This enables one to review the History Log for analysis and thereby create valid security rules at a later time Yz Enable FYI N Do not enable FYI
12. az Lee Security Inc Visit our website at http www razlee com Record your Product Authorization Code Here Computer Model Serial Number Authorization Code Table of Contents ADONI IAS Mantal c M M 1 Product Documentation Overview eeesssssesssssssssseseee nennen nennen nnn senis sna nns sna nnns nans 1 Printed Materials axscentesteneqietam aE i entai dra amd ptu MEUM iq utt uu 1 iac uU c 1 Typography Conventions ccccccccssssseecceeeeeeaeeeesecceeeeeeaueaeeeeeeeeseaeeeueeeeeeeessseeuaeeeeeeeessaaaseeeeeeees 1 euge erii RETE 2 Chapter 1 Introducing Command 11 e cesse Lees eere eese enne nana nnns 4 Ji 3 reRiekSnu j NETT EE E EE E 5 FOAILING OVOTVICW AE E ANN T E E O A O I N E A 5 BENCH DNE TERR AEE E A A E A EEEE 5 System Requirements sisisrsersksisi area EKE ENEE aANT sanas nnns 6 Native OS 400 Text Based User Interface seeeessssssssessssesseeeeennnne nennen nnns 6 Wnuse 6 Data ERI O CGEM Sit cee cet secrete o I neces ms 6 Chapter 2 Command Security scccsssccsnseceseeecnseccesseeaseecseenenseeneseeseasseoesseseaees 8 Work with Restricted COImilfidlit sese una voce qEQIUAIIOU AUI MEYER DIES TUNIRIUNT QUEUNT SSUC ON ERU 8 Adding a New Command BeslrICLlIODk asco ooo daria o eau ade sacue ses scu bes cg sone
13. command parameters Wide variety of parameter selection criteria Indicates Qualified amp Element parameters as well as a list of values parameter B Enables replacing Based on a popular signature file used in the Open Source Linux environment Command User Manual Chapter 1 Introducing Command 5 RAZ LEE gt The iSeries Security Experts System Requirements B Disk space 110MB B PASE Portable Application Solutions Environment a special Linux like environment installation required For further details see http en wikipedia org wiki IBM System 1i B Operating System V5R3 or higher Native OS 400 Text Based User Interface Command is designed to be a user friendly product The user interface follows standard System 1 CUA Common User Access conventions All product features are available via the menus so users are never required to memorize arcane commands Many features are also accessible via the command line for the convenience of experienced users Menus Product menus allow for easy access to all features with a minimum of keystrokes Menu option numbering and terminology are consistent throughout this product as well as other Raz Lee products To select a menu option simply type the option number and press Enter The command line is available from nearly all product menus If the command line does not appear and your user profile allows use of the command line press F10 to display it Data E
14. e various features that are central to Command security Work with Restricted Commands Restricted commands are the basis for the rules that one creates and associates with specific libraries to control user activity on the system To work with restricted commands select 1 Work with commands from the main menu The following Work with Restricted Commands screen appears It displays each command rule that has been entered into the system the associated library in which it resides if it has a rule and its description If Command is currently tracking a specific command its status is marked as Active Work with Restricted Commands Type options press Enter 1 Sel ect Status Active Active F3 Exit Parameter 4 Remove Command ADDACC ADDCLUNOD CHGUSRAUD CHGUSRPRF CHKSLAUT CPYF DSPAULOG DSPFSDTAQ DSPSYSSTS IBI PHRDHNSYS TELNET HRKFSTRC WRKSBSJOB F6 Add New 7 Activate Library QSYS E QSYS QSYS QSYS SMZ1 QSYS SMZ4 SMZ2 QSYS SMZ1 QSYS QSYS SMZ1 QSYS F8 Print Subset 8 Deactivate Add Access Code Add Cluster Node Entry Change User Auditing Change User Profile SL Check Site License Authorization Copy File Display Audit Log FST Edit Data Q Display System Status i Business Intelligence Pouer Doun System Start TCP IP TELNET FS trace Work with Subsystem Jobs F12 Cancel Work with Restricted Commands Screen Description Option Select 1 to edit the selected command rule
15. en in Times New Roman bold Command User Manual About This Manual 1 RAZ LEE gt The iSeries Security Experts Other iSecurity Products Raz Lee s iSecurity 1s an integrated state of the art security solution for all System 1 servers providing cutting edge tools for managing all aspects of network access data and audit security Its individual components work together transparently providing comprehensive out of the box security Other iSecurity products include Command User Manual About This Manual Action Action automatically intercepts and responds to security breaches system activity events QHST contents and other message queues Inquiring messages can be automatically answered Alerts are sent by e mail SMS pagers or the message queues Command scripts with replacement variables perform customized corrective actions such as terminating a user session or disabling a user profile AP Journal AP Journal automatically manages database changes by documenting and reporting exceptions made to the database journal Assessment Assessment checks your ports sign on attributes user privileges passwords terminals and more Results are instantly provided with a score of your current network security status with its present policy compared to the network if iSecurity were in place Audit Audit is a security auditing solution that monitors System 1 events in real time It includes a p
16. es to apply before running the command gt Y Yes Allow the command to run Y Yes uith out changes N No reject it gt appears when definitions already exist F3 Exit F4 Prompt F12 Cancel Work with a Command Rule Screen Parameter Description Command name and description not editable Sequence Id The number of this rule in the complete sequence of rules An editable description for the command rule Work with conditions Y Yes or empty When updating the rule if Yes is selected i e there is a rule condition displays the Filter Condition screen when cycling through the different rule screens Note For the actual command i e final command rule row this option is called Default and is empty Alert by Action Id When updating the rule displays the Add Modify Alert screen when cycling through the different rule screens If the option NONE is selected the Add Modify Alert will not be displayed Name Name of an action ADD default Define a new action for this rule NONE no action is defined F4 Prompt to display a list of pre defined messages Pre defined messages are stored in a special message file and are identified by their unique message ID Command User Manual Chapter 2 Command Security 12 RAZ LEE gt The iSeries Security Experts Parameter Description Work with message text Y Yes or empty to send When updating the rule if Yes is selected i e there
17. move Restricted Command appears Press Enter to confirm its removal Remove Restricted Command Press Enter to confirm remove Press F12 to cancel and return uithout removing Command Library CHD QSYS Bottom F3 Exit F12 Cancel Remove Restricted Command Screen Command User Manual Chapter 2 Command Security 24 RAZ LEE gt The iSeries Security Experts Chapter 3 Definitions Analysis and Maintenance In addition to the unique features of Command there are powerful functions included from the Audit Firewall and Password products During the initial setup Command also installs the required libraries from these external products For inherited Definitions Analysis and Maintenance screens that appear within Command and require a pre set product type Command is the default For a full explanation of the inherited functionality please see the latest version of the documentation referenced in the following table Functionality Reference Definitions 31 Time Groups Audit User Manual 32 General Groups Audit User Manual Analysis 41 Work with Queries Audit User Manual 42 Command Log Audit User Manual Maintenance 81 System Configuration Firewall User Manual 21 Password Dictionaries see Password User Manual 31 General Definitions see section below 81 iSecurity Base see Audit User Manual 82 Maintenance Menu Firew
18. nd will automatically insert the first library form the Library List that includes this command Activate Definition Work with Command Rules From the Work with Restricted Commands screen choose 1 Select to view a command s rules and edit them The Work with Command Rules screen is displayed with each rule numbered according the sequence in which it runs To update the position of a rule in the sequence give it a new number and press return The rules are resorted according to their numbers but the actual numbers in the sequence are not updated To update the numbers press F22 The final item in the sequence cannot be moved and runs only when all items higher in the sequence are completed successfully Work with Command Rules Command QSYS CHGUSRPRF Change User Profile Type option press Enter 1 Select 3 Copy 4 Delete 6 Condition Replace values 8 Message 9 Alert Allow Opt Seq Run Action 1 0 XNONE Only xRLLOBJ user can give XRLLOBJ tother limits 2 0 RU155636MI User profile xDISABLED XNONE Default for QSYS CHGUSRPRF Bottom F3 Exit F6 Add New F8 Print F12 Cancel F22 Renumber Modify data or press Enter to confirm Work with Command Rules Screen Command User Manual Chapter 2 Command Security 10 RAZ LEE gt The iSeries Security Experts Parameter Description Library Command The specific library where the command will run and the name of the command The order in which the command rule will run
19. ntry Screens Data entry screens include many convenient features such as B Pop up selection windows B Convenient option prompts E Easy to read descriptions and explanatory text for all parameters and options a Search and filtering with generic text support The following describes the different data entry screens B To enter data in a field type the desired text and then press Enter or Field Exit B To move from one field to another without changing the contents press Tab B To view options for a data field together with an explanation press F4 B To accept the data displayed on the screen and continue press Enter Command User Manual Chapter 1 Introducing Command 6 RAZ LEE gt The iSeries Security Experts The following function keys may appear on data entry screens Function Key Description Display context sensitive help End the current task and return to the screen or menu from which the task was initiated F4 Prompt Display a list of valid options for the current field or command For certain data items a pop up selection window appears F6 Add New Create a new record or data item Print the current report or data item F9 Retrieve Retrieve the previously entered command F12 Cancel Return to the previous screen or menu without updating Command User Manual Chapter 1 Introducing Command RAZLEE The iSeries Security Experts Chapter 2 Command Security This chapter describes th
20. owerful query generator plus a large number of predefined reports Audit can also trigger customized responses to security threats by means of the integrated script processor contained in Action Capture Capture silently captures and documents user screens for tracking and monitoring without any effects on system performance It also preserves job logs for subsequent review Capture can run in playback mode and can be used to search within texts Change Tracker Change Tracker automatically tracks modifications in production libraries at both the object and source levels It does not require any special actions by programmers relying solely on the changes actually made to libraries as logged in QAUDJRN STRCMD RAZ LEE gt The iSeries Security Experts DB Gate DB Gate lets users open concurrent and transparent SQL connections to numerous types of remote data sources and databases on any IBM or non IBM platform using STRSQL and compile using CRTSQL for programs which refer to these databases Firewall Firewall protects and secures all types of access to and from the System 1 within or outside the organization under all types of communication protocols Firewall manages user profile status secures entry via pre defined entry points and profiles activity by time Its Best Fit algorithm determines the validity of any security related action hence significantly decreasing system burden while not compromising security
21. placing or removing qualifiers elements and lists of values used as command parameters As Command is totally integrated into the infrastructure of products in the iSecurity suite it can send real time alerts as event specific e mails or SMS Syslog Twitter and other forms of messages In addition Command can execute corrective CL command scripts in response to specific command related situations Command s iSecurity based look and feel relates to print command log options as well To start the Command program type STRCMD on any command line NOTE If system password is requested type QSECOFR The main screen is displayed which provides access to the different features of the product The various feature groups are described in the following chapters B Command Security B Definitions B Analysis E Maintenance CMMENU Command iSecurity System 520 Command Security Anal ysis 1 Work with commands 41 Work with Queries 42 Command log Definitions Maintenance 31 Time Groups 81 System Configuration 32 General Groups 82 Maintenance Menu 83 Central Administration Selection or command gt i F3 Exit F4 Prompt F9 Retrieve F12 Cancel Fi3 Information Assistant F16 AS 400 main menu Command MainScreen Command User Manual Chapter 1 Introducing Command A 4 RAZ LEE gt The iSeries Security Experts The Need for Command The IBM 1 AS 400 has traditionally been used as an application serve
22. r accessed by users via menu driven interfaces Such an interface reduces the risk of users entering potentially damaging commands however these facilities are not air tight and can easily be bypassed As the need for full compliance with industry and best practice regulations has become the norm companies worldwide demand greater control of command line access At the same time companies and their auditors must be able to log and monitor command line usage more effectively in order to ensure its proper business use Indeed all regulations SOX HIPAA PCI BASEL II and auditor mandated regulations require auditing and traceability of commands issued by users whether they be system or database administrators help desk or application users Feature Overview B Designed and implemented based upon specific customer requests for a total solution to command line control and monitoring E Incorporates easy to define rules for controlling both command and parameter usage B Includes advanced features such as displaying the programs in the command stack which generated the command and displaying the program library from which the command was entered B Displays and enables replacing or changing qualified parameters element parameters and parameters which contain a list of values B Log File Benefits Easy to use and even easier to set up Totally protects and monitors command usage Flexible and dynamic support of
23. r the conditions listed in Group 1 or the conditions listed in Group 2 Group 2 includes the Or condition and all of the And conditions that follow it Parameter Parameters denotes a list of additional values Pink fields are part of the generic header common to all journal types Green fields represent data specific to this journal type Command User Manual Chapter 2 Command Security 14 RAZ LEE gt The iSeries Security Experts Parameter Description Q E Qualifier Element of the parameter enter its ID or leave it blank Example 1 Reference to a specific qualifier or element enables one to differentiate between PAYROLL as part of the file name or the library name itself Example 2 Some of the Change User Profile CHGUSRPRF parameters are e Qualifier such as INLPGM library program e Composed of elements such as EIMASSOC admin ADMIN REPLACE e Include a list of values such as SUPGRPPRF grpprf1 grpprf2 gprpprf3 Test Comparison test type see table below for details Value Comparison value text Note This filed is case sensitive F4 Displays explanatory information and or options applicable to the data field on the line where the cursor is located F6 Select another comparison test from a pop up window and insert it at the current cursor position F7 Prompt CMD to display the command parameters F8 Change Caps Lock from lo
24. rmit all attempts to run the specified command Press Enter to complete and save this screen Command User Manual Chapter 2 Command Security 13 RAZ LEE The iSeries Security Experts Filter Conditions Cmd QSYS CHGUSRPRF Type conditions press Enter Test EQ NE LE GE LT GT N LIST N LIKE N STRRT N ITEM N PGM Q E Qual ifier Element enter its Id or leave blank denotes List Parameter Group 1 User profile Status User profile Q E Id Test Value use F4 for ITEM xN Missing EQ QSECOFR EQ xDISRBLED EQ MICHREL EQ SECOFR Job description EQ LIBRARY User profile User password Special authority Set password to expired Status More F3 Exit F4 Prompt F6 Insert F Prompt CMD F8 CMD help Fii Text Fld F12 Cancel Filter Conditions Screen Parameter Description And Or A or Blank And O Or Combine multiple filter conditions in one rule using Boolean AND OR operators to create complex rules that produce precise results When using Or operators in filter conditions the order in which each condition appears in the list of conditions is critical The Or operator allows grouping of several conditions together because it includes all And conditions that follow it until the next Or operator or until the end of the list And condition groups the Or condition which was defined before it Example This rule will apply to all events meeting eithe
25. ropriate location in the command script within the Edit Action Script window 2 Press F7 to display the Select Parameter screen 3 Select the desired parameter from which to extract data and press Enter Conditional Branching Action command scripts support conditional branching in the event of a script error The Label field identifies a command line for branching purposes The On Error Go To Label field instructs the script to branch to the line indicated by the label in the event that an error 1s generated by the command To end script processing in the event of a script error insert a label on a blank line following the last command Enter that label 1n the On Error Go To Label field on each active command line Replace Values The Replace Value screen enables users to define what to replace prior to execution of a command any element qualifier an entire parameter or the CL command itself To define replacement values choose the command rule in the Work with Command Rules screen and select 7 Replace Values The following Replace Values screen appears This screen also appears when cycling though the screens after the Work with Command Rule screen Command User Manual Chapter 2 Command Security 20 RAZLEE The iSeries Security Experts Replace Values Cmd QSYS PHRDHNSYS Type conditions press Enter Operations DFTPRM OMTPRM DFTLST OMTLST SET RPL For RPL use ZaaaA4bb to replace every aaa with bb Q E Qu
26. s will be able to make full use of this product after reading this book STRCMD Product Documentation Overview Raz Lee takes customer satisfaction seriously Our products are designed for ease of use by personnel at all skill levels especially those with minimal AS400 experience The documentation package includes a variety of materials help users become familiar with this software quickly and effectively Printed Materials This user guide is the only printed documentation necessary for understanding this product It is available in user friendly PDF format and may be displayed or printed using Adobe Acrobat Reader version 4 0 or higher Acrobat Reader is included on the product CD ROM This manual contains concise explanations of the various product features as well as step by step instructions for using and configuring the product Online Help AS400 context sensitive help is available at any time by pressing the F1 key A help window appears containing explanatory text that relates to the function or option currently in use Online help will shortly be available in Windows help format for viewing on a PC with terminal emulation Typography Conventions Menu options field names and function key names are written in Bold References to chapters or sections are written in talic OS 400 commands and system messages are written in Bold Italic Key combinations are separated by a dash for example Shift Tab Emphasis is writt
27. sers Special Authority START Starts with Does not start with Starting characters of string PGM NPGM Calls a specific user program to The user program name library program conduct a comparison which replies with True or False Message to Send When a command rule is matched a message can be generated to alert different users Enter the text of the message in this screen To automatically insert a system parameter within the body of the text select F7 Replacement Fields The Select Parameter screen opens Move to the parameter you want to insert and choose 1 Select The screen closes and the parameter appears within the message Command User Manual Chapter 2 Command Security 16 RAZLEE The iSeries Security Experts Message to send Command QSYS PHRDHNSYS Pouer Doun System Sequence 1 0 Alert System Operator and Restart the System Type the message to send Use F to select file or event description fields Message lease be aware that user amp C USPF has run the PHRDHNSYS command The system wil automatically restart F Replacement fields F12 Cancel Message to Send Screen Adding a Command Alert The Modify Alert screen enables users to define how to send a command rule message that 1s already defined in the Message to Send screen and the recipients of the message To define alerts and alert recipients choose the command rule in the Work with Command Rules screen and select 9
28. t Un cube Fea soos oodd us 9 NV ONC MIU Oni Gl RUES ex storscanat eset A Seca enun Del coc E E 10 Work with a Command Rule ssseeseesssssssssseeseeee nennen nnne nn nnnn nir n nnn nnns nena annes 11 wii ere gle 11 6 E ee 13 BTS SACS 10 SENU PERIERE TEES 16 Adding a Command EA PME mom 17 IU PAC TOM SGN PR ERE X 19 Replacement Variables cccccccccccccccssseceeeeeeeseceeeeeeeeceeesaeeeeeeeeeseaeceeesseeaeeeeeesaaeeeeesesaaeeeees 20 Conditional BYANIC MING ssscasesisnaaapecdenrindodsananeatsgnasgctaaanandnenbntedtabentadnenmnedibeaartatanenataanaanesensaniacas 20 PRO DIACS Valos serrera one e E e E 20 9e ego ERO nnr icelzill 22 Adding a New Restricted Command ssssesssssssssssseeee nennen nennen nans nnns 23 Deleting a Restricted Command ssssssesesisssssseeene nennen nennen nnn naar nennen nnn nna 24 Chapter 3 Definitions Analysis and Maintenance 25 Command General Definitions llsssseeeessssssessseseseeee nennen nennen nnns nnns 26 Command User Manual i RAZ LEE gt The iSeries Security Experts About This Manual This user guide is intended for system administrators and security administrators responsible for the implementation and management of security on AS400 systems However any user with basic knowledge of AS400 operation
29. urrent line Used for the On Error Go To Feature Command Command text including all parameters On Error Go to Label Conditional branch to the line indicated by the label in the event a script error results from the command on the current line F4 Open prompt window for command parameters and options F7 Select a variable from pop up window and insert it at the current cursor position Variables insert contents of journal entry data fields as command parameters F8 Inserts the 3 job variables User Job and Number that are to be replaced when the command runs Command User Manual Chapter 2 Command Security 19 RAZ LEE gt The iSeries Security Experts Replacement Variables Replacement variables allow users to extract data from the history log record and insert it into command scripts as parameters For example in a command script intended to terminate a suspicious job the Job Name Job User and Job Number information would be extracted from the journal entry and inserted into the appropriate parameter fields for the ENDJOB command The command with replacement values would appear as follows ENDJOB JOB amp ZRJOB amp ZRUSER amp ZRNBR OPTION IMMED NOTE Replacement variables are always preceded by the amp character When selecting the data field from a list using F7 this character is inserted automatically To insert a replacement parameter do the following 1 Move the cursor to the app
30. wer to upper case An indicator appears on the screen Comparison Test Operators Comparison test operators help pinpoint specific conditions and users for example ensuring the existence of a specific user in an external table and verifying that the user has special authority Several different types of comparison test operators are available as shown in the following table Test Description Value Field Data EQ NE Equal to Not equal to Value LT LE Less than Less than or equal to Value GT GE Greater than Greater than or equal to Value LIST NLIST Included in list Not included in list Values separated by a space LIKE NLIKE Substring search Value preceded and or followed by Command User Manual Chapter 2 Command Security 15 RAZ LEE gt The iSeries Security Experts Description Value Field Data ITEM NITEM Item in a group checks if the value is USER Check that the value is a user in a among the groups members The 9eGROUP of users General group is an external value GRPPRF Check that the value is a user in an list that can be extended by creating OS 400 Group Profile new types USRGRP USER and all user profiles which are members of same user groups as USER ALL For both GRPPRF and USRGRP cases If the TYPE is missing USER or USRGRP is assumed based on the appearance of 96 sign as the first character in the GROUP SPCAUT Check that the value is in the u
Download Pdf Manuals
Related Search