SecureMyi.com Security and Systems Management Newsletter for the IBM i             July 23, 2014 - Vol 4, Issue 12
Security Training from SecureMyi.com

Security software from Powertech


Skyview Partners


Security Training from The 400 School

Feature Article

Save and Restore Reports - The Mysteries Revealed

By Dan Riehl - SecureMyi.com

Since version 5.4 of the IBM i operating system, IBM has included the capability to natively save and restore spooled files. A Spooled File is the common name used to generally refer to a report on IBM i; Perhaps a business report, or a compiler listing, or any generated report suitable for printing. Spooled files reside in an Output Queue(i.e. Printer Queue) before printing. Previously, when an output queue object was saved, only the output queue object itself was saved. The spooled files within the output queue weren't saved and therefore couldn't be restored. Even today, unless you specify that you want to save the spooled files in your saved output queues, the spooled files aren't saved.

Since 5.4, an output queue and its associated spooled files can be saved using standard SAVE commands such as Save Library (SAVLIB) and Save Object (SAVOBJ).

In the following example, I save an output queue named ADMIN5P to a save file by using the SAVOBJ command. On the command, I specify the parameter SPLFDTA(*ALL). The SPLFDTA(*ALL) parameter is what causes the spooled files to be saved. Had I not specified SPLFDTA(*ALL), only the output queue object would be saved and not the associated spooled files.

SAVOBJ OBJ(ADMIN5P) LIB(ADMIN5) DEV(*SAVF)  +
       OBJTYPE(*OUTQ) SAVF(DANWORK/DANTEST1) SPLFDTA(*ALL)

I display the contents of the save file by using this command:

DSPSAVF FILE(DANWORK/DANTEST1)

I then see the resulting display showing the saved ADMIN5P output queue.

                             Display Saved Objects                              
                                                                                
 Library saved . . . . . . . :   ADMIN5                                         
                                                                                
 Type Options, press Enter.                                                     
   5=Display                                                                    
                                                                                
 Opt  Object      Type      Attribute   Owner          Size (K)  Data           
  5   ADMIN5P     *OUTQ                 DANRIEHL             96  YES

Selecting option 5=Display aside the ADMIN5P output queue lets me see all the saved spooled files. Each spooled file is identified by the job name, job user, job number, and job spooled file number. These four pieces of information uniquely identify the spooled file to the system.

                          Display Saved Spooled Files                           
                                                                                
 Spooled     File                                     Creation  Creation         
 File        Number   Job         User        Number  Date      Time             
 DANSTART    000001   DANSTART    DANRIEHL    118125  03/29/14  15:31:52         
 QPJOBLOG    000001   DANTEST1    DANRIEHL    117677  03/29/14  16:24:44         
 QPSECUSR    000002   INSTRUCTA1  DANRIEHL    118089  03/29/14  10:59:08

Read More . .

In This Issue


Featured Article - Save and Resore Reports

Security Shorts - Auditing QSYS and IFS

Industry News and Calendar

Security Resources

Quick Links


Search Security Site for IBM i and i5/OS

SecureMyi Website

Security Training from The 400 School

SecureMyi Newsletter Home/Archives


Our Newsletter Sponsors


Platinum Sponsor
    The 400 School, Inc


Gold Sponsor

    PowerTech

    Skyview Partners, Inc

Silver Sponsor

    Cilasoft Security Solutions

IBM i Security Resources

IBM i Security Videos - SecureMyi

SecureMyi Newsletter Archives

Search Security for IBM i

IBM i Security Ref - 6.1

IBM i Security Ref - 7.1

QAUDJRN Entries By AUDLVL

QAUDJRN Entry Layouts

RedBook - Security Guide IBM i


Open Security Foundation - DataLoss DB

National Vulnerability Database - NIST

PCI Data Security Standard

COBIT - ISACA

HIPAA Resources

HITECH Enforcement

CISSP - Certification


Follow SecureMyi on Twitter

Follow SecureMyi on YouTube


Software from Cilasoft


Security software from Powertech
Security news and Events


Live Security Related Webcasts and Training for IBM i

July Events

Coffee with Carol Woodbury:   Book a Meeting with your DR Plan
           with guest presenter Richard Dolewski
Live Webcast - Presented by Skyview Partners
Wednesday, July 23 10:00am CDT
More Information and Register to Attend



5 Ways to Secure your IBM i Today from Cyber Attacks
Live Webcast - Presented by PowerTech
Tuesday, July 29 2:00pm BST (British Summer Time)
More Information and Register to Attend


August Events

Live Hands-On - IBM i System Administration and Control Workshop
with Dan Riehl
 Training Workshop - Aug 18-22 - Presented by The 400 School, Inc.
Dan Riehl presents this 5-Day Live Online Hands-on Workshop.
More Information and Register to Attend


September Events

Live Hands-On - Expanded Security Workshop for IBM i, iSeries AS/400
with Dan Riehl
 Training Workshop - Sep 8-11 - Presented by The 400 School, Inc.
Dan Riehl presents this 4-Day Live Online Hands-on Workshop.
More Information and Register to Attend



Live Hands-On - QAUDJRN Auditing and Forensic Analysis Workshop
with Dan Riehl
 Training Workshop - Sep 25-26 - Presented by The 400 School, Inc.
Dan Riehl presents this 2-Day Live Online Hands-on Workshop.
More Information and Register to Attend


Skyview Partners


Security Training from The 400 School


Security Training from The 400 School

Security Shorts - Object Auditing in QSYS and in the IFS

By Dan Riehl - SecureMyi.com

The IBM i has excellent built-in auditing capabilities. You can audit various types of important events, you can audit object access, and you can audit access to IFS "objects". I have used the object auditing facilities quite heavily for QSYS objects, and have written about object auditing often in the newsletter. But, the other day I was stumped. I was asked the question "How do you turn on auditing for newly created files and directories in the IFS?"

I knew that there was a way to do this, but the method did not come readily to mind. After searching the web for and performing quite a bit of testing, I now have the answer to that question. I hope that the information is helpful to you. Perhaps you had the same question.

Auditing newly Created QSYS.LIB Objects

The System value QCRTOBJAUD specifies the global default value for the auditing level specified for newly created objects. The shipped value is *NONE, meaning, newly created objects will not be audited at the global/system level. You can override the QCRTOBJAUD system value at the library level by specifying the CRTOBJAUD parameter of the CRTLIB and CHGLIB command as shown here.

CHGLIB LIB(MYLIB) CRTOBJAUD(*CHANGE)

When a library is created, the default value for the CRTLIB's CRTOBJAUD parameter is *SYSVAL, but can be set as desired to *ALL, *CHANGE, *USRPRF, *NONE or *SYSVAL.

CRTLIB LIB(MYLIB) - - CRTOBJAUD(*CHANGE)

So, now, whenever a new object is created in MYLIB, the object's OBJAUD value will automatically be set to *CHANGE.

Auditing newly Created IFS "Objects"

The IFS /root file system is used to store various types of files, directories, folders and documents. Often sensitive data is stored there; MS/Excel spreadsheets, document images, pdf files, and PC application objects to name a few types.

In addition to being the global setting for the QSYS file system, the system value QCRTOBJAUD is also the global setting applied to IFS directories. If you want to turn on auditing for all newly created IFS "objects", you set the system value QCRTOBJAUD as required to *ALL, *CHANGE or *USRPRF. Within the IFS, this global setting can be overridden at the directory level using the CHGATR command as shown here.

CHGATR OBJ('home/myuser') ATR(*CRTOBJAUD) VALUE(*CHANGE)

If you want the *CRTOBJAUD auditing attribute to be applied to subdirectories also, include the SUBTREE(*ALL) option of the CHGATR command.

So, the key to managing auditing for newly created objects in the IFS is the CHGATR command. You specify the *CRTOBJAUD attribute and corresponding value for the directory, and optionally for the associated sub-directories.

Sponsored Links

IBM i, iSeries and AS/400
Security Services from SecureMyi


IT Security and Compliance Group

In Depth Security Assessment of IBM i
Upgrade to QSECURITY level 40 or 50
Forensic Research and Analysis
Audit Assistance and Remediation
Security Training for IT and Audit Staff
Software Selection & Configuration
Security and Systems Programming



Live Training from The 400 School, Inc


Customized IBM i (AS/400) Training -
    Presented Live at your offices

Live Online Hands-On Workshops

ILE RPG IV Programming Workshop
RPG/400 Programming Workshop
IBM i COBOL Programming
Interactive Programming Workshops
System Operations Workshops
System Administration and Control
Security and Audit Workshops
Control Language Programming
IBM i Concepts and Facilities
Query Workshop

Security Training from The 400 School
Security Services from SecureMyi.com

Send your IBM i Security and Systems Management News and Events!           Send your Questions, Comments, Tips and Stories

Copyright 2014 - SecureMyi.com, all rights reserved

SecureMyi.com | St Louis MO 63017