|
||
|
January 23, 2013 - Vol 3, Issue 22
|
||
|
||
|
Feature Article
Are you REALLY Saving the Right Stuff?
By Dan Riehl In 2005, IBM published a really cool chart named "Are you Saving the Right Stuff". It is quite useful, but, the chart is coming up on being a decade old. Perhaps we need to see if we are Really Saving the right Stuff for today's IBM i technology. Editors Note: I encourage you to also read the 'Security Shorts" Column in this Newsletter concerning "Important Objects that May Be Improperly Excluded from your Backup Process" As security and system administrators, one of our responsibilities is to ensure that our backups include all the information that may be needed to recover the entire system in the event of a very trivial error or the worst catastrophic failure. In recent releases of the IBM i OS, IBM has added several enhancements in the area of backup and recovery. But in order to take advantage of many of these enhancements, we need to update our backup policies and processes. On a recurring schedule, we typically back up application and user libraries, security data (including user profiles), system configuration data, some third-party-vendor-supplied libraries, folders and documents in the QDLS file system, and other directories and stream files residing in the rest of the IFS. A basic daily backup process may save only the changes that have occurred on the system since the previous full backup. Some of us have the luxury of running a daily save process that backs up all user data, security data and configuration data, instead of just those objects that have changed. We usually only save the operating system (using SAVSYS) before and after we install of a new OS release or after significant changes have been made to the OS, as in applying a cumulative PTF package. Obviously, your backup policy and processes may differ significantly from these specifics, all depending on your unique requirements. A Full SaveSome of us use the SAVE Menu Option 21 to get a full save of the system. Others may use a combination of SAVSYS, SAVLIB LIB(*NONSYS), SAVDLO, and SAV to craft their own full backups. But when you run SAVE Menu Option 21—or your custom full backup process—are you really getting a full backup of your system? |
|
In This Issue
Quick Links
Our Newsletter Sponsors
Platinum Sponsor |
IBM i Security ResourcesJohn Earl Memorial Tribute - Jan 2013 IBM i Security Videos from SecureMyi.com SecureMyi Newsletter Home and ArchivesSearch Security Site for IBM i and i5/OS IBM i Security Reference - IBM i 6.1 IBM i Security Reference - IBM i 7.1 QAUDJRN Audit Types By AUDLVL 6.1 QAUDJRN Entry Type Record Layout 6.1 RedBook - Security Guide for IBM i 6.1 PCI SSC Data Security Standards 
|
|
IBM i Security and Systems Management News BytesCongratulations to Help/Systems in 30th Anniversary CelebrationDecember 20, 2012 – Help/Systems, a rapidly growing systems management, security, and business intelligence software company, celebrates its 30th year of business this month with over 43,000 active product licenses. Founded in 1982 with two employees and a single product for automated job scheduling, the company has grown to 14 offices worldwide with more than 200 employees, 45 products, and 6,300 customers. Janet Dryer, CEO of Help/Systems, attributes the company’s steady growth to a consistent strategy of agile product development, a rewarding work environment, and a strong commitment to providing world-class customer service and support. Read the Help/Systems Press Release. Raz-Lee Software gets Multiple IBM Certifications for Security and Auditing Solutions Raz-Lee Security, a leading provider of IBM i security, auditing and compliance solutions, announced today that its iSecurity suite has met the criteria required for attaining IBM certifications in the areas of PureSystems, Security Intelligence, Tivoli and Power Systems. Raz-Lee Security, is a long-time member of IBM's PartnerWorld, and has partners with IBM in numerous countries worldwide, including the United States, Italy, Germany, Viet Nam, Japan, and Israel. Read the Raz-Lee Press Release. Help/Systems Makes Another Big Move into the Enterprise Data Center A few weeks ago Help/Systems announced the completion of the yet another acquisition. (The Third for 2012). In their latest move, Help/Systems acquired the well known Network Monitoring Pioneer Dartware. Dartware is the maker of InterMapper®, network monitoring, mapping, and alerting software for Mac®, Windows®, Linux®, and Solaris® platforms. InterMapper is known for its ease-of-use, affordability, and comprehensive feature set that provides real-time knowledge of an entire network’s health through visual maps. Read the Help/Systems Press Release. IBM i Security Calendar of Events
|
|
|
Featured YouTube Educational VideoIBM i Security - Common Misconceptions - Using Authorization Lists
Cannot Access YouTube from your office? Download the video in wmv format. 
|
||
Security Shorts -
By Dan Riehl In reviewing numerous systems, there are two categories of data that are routinely not backed up. These are journal receivers of the QAUDJRN journal and the system's History Log (QHST) files. I believe that in many cases we think that the History Log files are being backed up, so this may be a surprise to you. But in the case of the QAUDJRN journal receivers, there can be many reasons why we don’t back these up regularly. One common reason why QAUDJRN journal receivers are not saved is based on a High Availability software package in use. Certain HA packages will attempt to maximize disk space by deleting QAUDJRN journal receivers as soon as they are no longer needed by the HA software. I have seen another common reason why these QAUDJRN journal receivers are not saved. When first setting up the QAUDJRN journal, the initial receiver is placed in the QSYS library, or other new library that begins with the letter 'Q', as in the library name QAUDJRN. When we do our weekly backup, we select SAVLIB LIB(*ALLUSR). This will skip any library we have created that begins with the letter 'Q', including our QAUDJRN library. IBM's definition of SAVLIB LIB(*ALLUSR)*ALLUSR
All user libraries are saved.
All user libraries with names that do not begin with the letter Q are saved.
Are You Saving QAUDJRN Journal ReceiversIf you are auditing security-related events using the QAUDJRN journal, make sure you save the QAUDJRN journal receivers before deleting them. These are often needed when researching security events that have occurred on your system. If you delete the journal receivers before they are saved, your ability to track down changes to the system is severely degraded. The journal receivers for QAUDJRN should be created in a library that is included in your backup plan. Do not create the QAUDJRN journal receivers in library QSYS, unless you use special processing to save these critical journal receivers. Special handling of saving the QAUDJRN journal receivers, assuming the receivers reside in QSYS and start with the characters AUDRCV, could look like the following: SAVOBJ OBJ(AUDJRN*) LIB(QSYS) DEV(TAP01) OBJTYPE(*JRNRCV) If the receivers reside in a library other than QSYS, you can use your normal backup processes to save the entire library (AUDLIB), including all the journal receivers using the command: SAVLIB LIB(AUDLIB) DEV(TAP01) For a full backup, make sure to back up your QAUDJRN journal receivers. Are You Saving The History Log (QHST) FilesThe System History Log is a repository of special system messages that reflect the start and end of each job on the system and includes all important messages generated by user and IBM system jobs on the system. The History Log is the recorded history of the system and as such is a source of crucial information for the system administrator and IT auditor. The History Log consists of a message queue and a set of data files that reside in the QSYS library. Because saving the QSYS library is typically only performed during a SAVSYS operation, you must make special provisions in your backup routines in order to save the content of the History Log (QHST). You have probably seen the message that occasionally pops up on the System Operations message queue (QSYSOPR) that states: CPF2456 - Log version QHST11095A in QSYS closed and should be saved. As the message says, this log version data file should be saved. The system creates new QHSTxxxxxxx Log data files as needed to record the content of the QHST LOG message queue. You can view the current QHSTxxxxxxx data files on your system using the command: WRKOBJ OBJ(QSYS/QHST*) OBJTYPE(*FILE) The System Cleanup OptionsMake sure these History Log files are backed up before they are deleted. The system automatically deletes these QHSTxxxxx data files according to your specifications on the CLEANUP Menu (GO CLEANUP) options for the number of days to retain "System Journals and System Logs." This CLEANUP option is normally set to retain 30 days of history in the QHST log data files. Your system may have a different retention period. The QHSTxxxxx data files are deleted on this schedule even if they have not been previously saved. To back up the QHST log files that currently reside on the system, use the command: SAVOBJ OBJ(QHST*) LIB(QSYS) DEV(TAP01) OBJTYPE(*FILE) For a more complete backup, save these QHST data files that reside in library QSYS. |
Sponsored Links
Expert Level Security Consulting
Live Training from The 400 School, Inc
|
|
|
||
|
Send your IBM i Security and Systems Management News and Events! Send your Questions, Comments, Tips and Stories Copyright 2013 - SecureMyi.com, all rights reserved SecureMyi.com | St Louis MO 63017 |
||