SecureMyi.com Security and Systems Management Newsletter for the IBM i iSeries and AS/400 - August 28, 2013 - Create User Profile Exit Program

< SecureMyi.com Security and Systems Management Newsletter for the IBM i iSeries and AS/400 - August 28, 2013 - Create User Profile Exit Program

Tweet
SecureMyi.com Security and Systems Management Newsletter for the IBM i August 28, 2013 - Vol 3, Issue 34

	Feature Article Create User Profile - Exit Program for Customization By Dan Riehl - SecureMyi.com When creating User Profiles on the IBM i, whether through a Control Language command like Create User Profile (CRTUSRPRF) or through the IBM i Navigator for Windows interface, you have the option to include your own customized processing after the profile is created. IBM has established and documented an "Exit Point" for the Create User Profile operation. An exit point is a place in the process in which you can include your own custom logic (i.e. an exit program) to perform additional tasks. In this article we will examine adding your own logic to the Create User Profile event. There are two operations that must be performed when implementing any exit program. The first is to create the exit program, the second is to register your exit program with the operating system, which "turns ON" your custom logic. We'll discuss how to perform both of these steps. The Exit Program The exit program can be written in just about any language: CLP, CLLE, CLE, RPG, RPGLE, CBL, etc. It can be an ILE(Integrated Language Environment) program or an OPM(Original Program Model) program. In this sensitive task of adding logic to the Create User Profile operation, you'll want to make sure that the exit program is secured against potential abuse. Only give USE authority to those users that create your user profiles, PUBLIC authority should be set to EXCLUDE. The exit program runs within the same job as the Create User Profile function. So the current user of the job that is creating a new user profile will also be the user running the exit program. and so must have authority to the program. Read More*
In This Issue Featured Article - CRTUSRPRF Exit Pgm Security Shorts - Audit Exit Point Registry Industry News and Calendar Security Resources Quick Links Search Security Site for IBM i and i5/OS SecureMyi Website Security Training from The 400 School SecureMyi Newsletter Home/Archives Need Access to an IBM i? Visit RZKH.de Our Newsletter Sponsors Platinum Sponsor The 400 School, Inc Gold Sponsor The PowerTech Group Skyview Partners, Inc Silver Sponsor Cilasoft Security Solutions	IBM i Security Resources John Earl Memorial Tribute IBM i Security Videos from SecureMyi.com SecureMyi Newsletter Home and Archives Search Security Site for IBM i and i5/OS IBM i Security Reference - IBM i 6.1 IBM i Security Reference - IBM i 7.1 QAUDJRN Audit Types By AUDLVL 6.1 QAUDJRN Entry Type Record Layout 6.1 RedBook - Security Guide for IBM i 6.1 Open Security Foundation - DataLoss DB PCI SSC Data Security Standards COBIT Framework - ISACA HIPAA Resources HITECH Enforcement CISSP - Certification
SkyView Partners introduces IBM i Security Administrators’ Guide SEATTLE, Wash - SkyView Partners has announced the publication of a Security Administrators Guide for the IBM i platform. The new e-book, based on the experience of Carol Woodbury and her work with clients during the last 12 years at SkyView Partners Inc., defines the role of security administrator including the values for key security settings, why they should be set as such and how often they should be checked. "This guide is full of practical and logical advice that is current and relevant for the IBM i. It is a valuable reference component for logical access security deployment,” noted Herb Hill, Senior Manager of Information Security Services at a major Canadian financial institution. The IBM i Security Administrators Guide is now available online through SkyView Partners Inc.
Live Security Related Webcasts and Training for IBM i August Events Signs You May Have Been Hacked Importance of IBM i Logging and Monitoring Live Webcast - Sponsored by Townsend Security Wednesday, August 28 11:00 CDT More Information and Register to Attend September Events Live Hands-On - IBM i System Administration and Control Workshop with Dan Riehl Full Length Training Workshop - September 4,5,6 and 11,12 Dan Riehl presents this 5-Day Live Online Hands-on Workshop. More Information and Register to Attend Best Practices for IBM i Security Administration With Carol Woodbury Live Webcast - Presented by Skyview Partners Thursday, September 5 10:00am CDT More Information and Register to Attend COMMON 2013 Fall Conference and Expo Three Day Conference and Expo - September 9-11 Renaissance Grand St. Louis • St. Louis, Missouri More Information and Register to Attend IFS Security - Don't Leave Your Server Vulnerable! Live Webcast - Presented by PowerTech Tuesday, September 17 1:00pm CDT More Information and Register to Attend October Events Live Hands-On - QAUDJRN Auditing and Forensic Analysis Workshop for IBM i with Dan Riehl Training Workshop - October 2-3 Dan Riehl presents this 2-Day Live Online Hands-on Workshop. More Information and Register to Attend Live Hands-On - Expanded Security Workshop for IBM i with Dan Riehl Training Workshop - October 7-10 Dan Riehl presents this 4-Day Live Online Hands-on Workshop. More Information and Register to Attend

Security Shorts Auditing Changes to your Exit Point Registry By Dan Riehl I have heard the question many times; 'Who removed my exit program?" or 'Where did my FTP and Create User Profile registered Exit Programs go? Perhaps a more interesting question might be "How did that Exit Program get Registered in the first place?" If you have created the QAUDJRN journal, and have set the associated System Values(QAUDCTL and QAUDLVL) correctly, you have an audit trail of all changes that have been made to the Exit Point Registry. There are 2 auditing methods you can use to collect information about Exit Point Registry changes. You can use Object Auditing, and/or you can use Event auditing. When dealing with the Exit Point Registry, I think you will find that Event auditing may be a better choice for you. But, I'll present both methods and you can choose which one you like. You may prefer to use both, which is what I actually recommend. Auditing the Object The Exit Point Registry is stored in the object QUSEXRGOBJ in library QUSRSYS. The object type is EXITRG. In order to start auditing the Exit Point Registry object you first need to ensure that the QAUDCTL system value includes the value OBJAUD. This allows you to being auditing access to objects. Once this is done, you can then start auditing changes to the registry object using the following command. *CHGOBJAUD OBJ(QUSRSYS/QUSEXRGOBJ) OBJTYPE(EXITRG) OBJAUD(CHANGE)* Now, whenever a change is made to the registry, a ZC(Object Accessed for Change) journal entry is written to the QAUDJRN journal, indicating that the QUSEXRGOBJ object was accessed in Update mode, and/or was changed. Additional information provided in the ZC journal entry includes information like Job User, Current User, Job Name, Program that made the change, the timestamp of the entry, etc. The operations that can be audited for the QUSEXRGOBJ object are: ADDEXITPGM --- Add Exit Program CL Command QUSADDEP --- Add Exit Program API QusAddExitProgram --- Add Exit Program API QUSDRGPT --- Unregister Exit Point API QusDeregisterExitPoint --- Unregister Exit Point API QUSRGPT --- Register Exit Point API QusRegisterExitPoint --- Register Exit Point API QUSRMVEP --- Remove Exit Program API QusRemoveExitProgram --- Remove Exit Program API RMVEXITPGM --- Remove Exit Program CL Command WRKREGINF --- Work with Registration Information CL Command To review all ZC entries, you can use your favorite QAUDJRN reporting software. In V5R4 IBM provided the command CPYAUDJRNE(Copy Audit Journal Entries) which is a very nice command to extract information from QAUDJRN. Here's the command you can use to extract the ZC(Object Accessed for Change) entries into a formatted output file. CPYAUDJRNE ENTTYP(ZC) OUTFILE(MYLIB/QAUDIT) This will create a file QAUDITZC in library MYLIB. The columns in the output file are specific to the ZC journal entry type. To list the ZC entries, you can use the command: *RUNQRY N MYLIB/QAUDITZC** If you are auditing numerous objects on your system, you will need to select only the records where the object name is QUSEXRGOBJ. Auditing the Event of a change to the Exit Point Registry To audit security configuration events, like a change to the exit point registry, you set the System value QAUDCTL to include the value AUDLVL, and include the value SECCFG or SECURITY in the QAUDLVL, or QAUDLVL2, system value. If this is done, and someone or some process manipulates the Exit Point Registry, a journal entry is written to the QAUDJRN journal. The journal entry type for this access is GR(Generic Record). As of IBM i 6.1, all GR entries are related to the Exit Point Registry. You can review the GR entries just like the ZC entries. Here's the command you can use to extract the GR entries into a formatted output file. CPYAUDJRNE ENTTYP(GR) OUTFILE(MYLIB/QAUDIT)* This will create a file QAUDITGR in library MYLIB. The columns in the output file are specific to the GR journal entry type. To list the GR entries, you can use the command: *RUNQRY N MYLIB/QAUDITGR** The information provided includes what function was performed, Job User, Current User, Job Name, Program used, Timestamp, etc.		Sponsored Links IBM i, iSeries and AS/400 Security Services from SecureMyi Expert IBM i Security Consulting IT Security and Compliance Group. LLC In Depth Security Assessment of IBM i Upgrade to QSECURITY level 40 or 50 Forensic Research and Analysis Audit Assistance and Remediation Security Training for IT and Audit Staff Security Software Selection & Configuration Customized Security/System Programming Live Training from The 400 School, Inc Customized IBM i (AS/400) Training - Presented Live at your offices Live Online Hands-On Workshops ILE RPG IV Programming ILE COBOL Programming Interactive Programming Workshops System Operations Workshops System Administration and Control Security and Auditing Workshops Control Language Programming IBM i Concepts and Facilities Query Workshop


Send your IBM i Security and Systems Management News and Events! Send your Questions, Comments, Tips and Stories Copyright 2013 - SecureMyi.com, all rights reserved SecureMyi.com \| St Louis MO 63017