Easily Manage Your Journal Receivers with RMVJRNRCV

Tweet
SecureMyi.com Security and Systems Management Newsletter for the IBM i May 13, 2015 - Vol 5, Issue 6

	Feature Article Easily Manage Your Journal Receivers with RMVJRNRCV Code by Carsten Flensberg - Article by Dan Riehl - SecureMyi.com When you decide to begin auditing security related events on your system to the QAUDJRN journal, or when you start journaling changes to physical files, data areas or data queues, you must also decide how you are going to manage the online retention of the journal's receivers. The journal receivers are the storage areas used for the audit records generated by system auditing or database journaling. If left unchecked, these journal receivers will continue to expand in size and number, and may ultimately consume all of your available disk space. When you want to control how long journal receivers are available online, you will want to "age" the receivers. For example, if you want to keep five days' worth of transactions online, you can either manually delete the old receivers or run the RMVJRNRCV(Remove Journal Receivers) CL command presented here. The Remove Journal Receivers (RMVJRNRCV) command lets you age the receivers and optionally connect the journal to a new receiver. You can run this command from a command line, or better yet, place the command in your job scheduler to ensure daily or weekly "Aging" of your journal receivers. You can use this command to manage all of your journals, including QAUDJRN and Database Journals to perform an intelligent deletion of old receivers. Here's a view of the RMVJRNRCV command prompt: Remove Journal Receivers (RMVJRNRCV) Type choices, press Enter. Journal . . . . . . . . . . . . ______ Name Library . . . . . . . . . . . LIBL Name, LIBL, CURLIB Journal receiver retain days . . NONE 1-999, NONE Journal receivers to retain . . NONE 1-999, NONE Force receiver deletion . . . . NO NO, YES Change journal receiver . . . . NO NO, YES Journal receiver: Journal receiver . . . . . . . GEN Name, SAME, GEN Library . . . . . . . . . . Name, LIBL, CURLIB Journal receiver . . . . . . . Name, GEN Library . . . . . . . . . . Name, LIBL, CURLIB Sequence option . . . . . . . . CONT CONT, RESET The command performs a clean-up process against the specified journal's receiver directory. You can specify the number of journal receivers to retain, the number of days (since detachment), or a combination of both. *Read More and Download the Source Code for this Great CL Command*
In This Issue Featured Article - Journal Receivers Security Shorts - QSECURITY Fake Out Industry News and Calendar Security Resources Quick Links Search Security Site for IBM i and i5/OS SecureMyi Website Security Training from The 400 School SecureMyi Newsletter Home/Archives Our Newsletter Sponsors Platinum Sponsor The 400 School, Inc Gold Sponsor PowerTech Skyview Partners, Inc Software Engineering of America Silver Sponsor Cilasoft Security Solutions	IBM i Security Resources IBM i Security Videos - SecureMyi SecureMyi Newsletter Archives Search Security for IBM i IBM i Security Ref - 6.1 IBM i Security Ref - 7.1 QAUDJRN Entries By AUDLVL QAUDJRN Entry Layouts RedBook - Security Guide IBM i Open Security Foundation - DataLoss DB National Vulnerability Database - NIST PCI Data Security Standard COBIT - ISACA HIPAA Resources HITECH Enforcement CISSP - Certification

Security Related News for IBM i State of IBM i Security Study 2015 Released PowerTech, a division of HelpSystems has announced the release of the 2015 State of IBM i Security Study. Now in its 12th year, the study includes data from 110 servers and partitions reviewed using PowerTech’s automated assessment tool. The participating organizations spanned a broad range of industries, including finance, healthcare, communication, transportation and others. You can Download the Free 2015 Security Study Here Live Security Related Webcasts and Training for IBM i May Events PowerTech 2015 State of IBM i Security Study with Robin Tatam Live Webcast - Presented by PowerTech Wednesday, May 20 - 10:00am CDT More Information and Register to Attend Live Hands-On - IBM i, iSeries System Administration and Control Workshop with Dan Riehl Training Workshop - May 18-22 - Presented by The 400 School, Inc. Dan Riehl presents this 5-Day Live Online Hands-on Workshop. More Information and Register to Attend June Events Live Hands-On - Security and Vulnerability Assessment Workshop for IBM i with Dan Riehl Training Workshop - June 2-5 - Presented by SecureMyi and The 400 School, Inc. Dan Riehl presents this 4-Day Live Online Hands-on Workshop. More Information and Register to Attend Live Hands-On - IBM i Concepts with Control Language Programming Workshop with Dan Riehl Training Workshop - June 15-19 - Presented by The 400 School, Inc. Dan Riehl presents this 5-Day Live Online Hands-on Workshop. More Information and Register to Attend Live Hands-On - IBM i, iSeries System Administration and Control Workshop with Dan Riehl Training Workshop - June 22-26 - Presented by The 400 School, Inc. Dan Riehl presents this 5-Day Live Online Hands-on Workshop. More Information and Register to Attend Live Hands-On - IBM i, iSeries, AS/400 Expanded Security Workshop with Dan Riehl Training Workshop - June 29 -July 2 - Presented by SecureMyi and The 400 School, Inc. Dan Riehl presents this 4-Day Live Online Hands-on Workshop. More Information and Register to Attend July Events Live Hands-On - QAUDJRN Auditing and Forensic Analysis Workshop for IBM i with Dan Riehl Training Workshop - July 7 - 8 - Presented by The 400 School, Inc. Dan Riehl presents this 2-Day Live Online Hands-on Workshop. More Information and Register to Attend Live Hands-On - Expanded System Operations Workshop for IBM i, iSeries, AS/400 with Dan Riehl Training Workshop - July 13-17 - Presented by The 400 School, Inc. Dan Riehl presents this 5-Day Live Online Hands-on Workshop. More Information and Register to Attend Live Hands-On - Query for i WRKQRY Workshop for Technical Staff and End Users with Dan Riehl Training Workshop - July 28 - Presented by The 400 School, Inc. Dan Riehl presents this Full-Day Live Online Hands-on Workshop. More Information and Register to Attend August Events Live Hands-On - IBM i, iSeries System Administration and Control Workshop with Dan Riehl Training Workshop - August 10-14 - Presented by The 400 School, Inc. Dan Riehl presents this 5-Day Live Online Hands-on Workshop. More Information and Register to Attend
Security Shorts QSECURITY Level - The Auditor Fake Out Lesson? By Dan Riehl - SecureMyi.com When assessing the security posture of an IBM i server, there are numerous critical focus areas. How are the users configured? How are the permissions assigned? What are the settings for security system values, etc.? In evaluating security for IBM i, we examine the Security System Values for settings that are outside the norm for a secure system. One prime system value to examine is QSECURITY. QSECURITY specifies the Security Level of the system, a numeric value ranging from 20 to 50, with 50 typically being the most secure, 20 typically being the least secure. (I say "typically" because the security level itself can't be used to determine how secure a system is, only that it can be more secure at a higher security level.) A security colleague told me about a recent assessment he performed in which the customer's QSECURITY system value was set to the highest value of 50. This was verified using the Display System Value (DSPSYSVAL) command. This setting indicated that someone at the company was certainly paying attention to the security of the system. But, when reviewing the Security setting that determines if Security Related System Values were correctly locked out from modification, the real truth came out. The command Display Security Attributes (DSPSECA) can be used to examine the System Service Tools(SST) setting of whether Security System Values are protected from modification. It also shows additional security settings, including the QSECURITY level, as shown here: Display Security Attributes User ID number . . . . . . . . . . . . . . : 591 Group ID number . . . . . . . . . . . . . : 165 Security level . . . . . . . . . . . . . . : 30 Pending security level . . . . . . . . . : 50 Password level . . . . . . . . . . . . . . : 0 Allow change of security related system values . . . . . . . . . . . . . . . . . : NO Allow add of digital certificates . . . . : NO Allow service tools user ID with default and expired password to change its own password . . . . . . . . . . . . . . . . : NO While the Service Tools setting of "Allow Change of Security Related System Values" was securely set as "NO," my colleague also noticed that the system wasn't actually running Security Level 50. The DSPSECA display above shows the security level 50 as a "Pending security level" setting. The pending setting showed that the QSECURITY System Value had indeed been changed to level 50, but that the system was still running QSECURITY level 30 until an IPL (i.e., reboot) was performed. This was an IPL that was never going to happen. In preparation for the upcoming assessment, the customer had set the QSECURITY system value to 50, knowing that the higher security setting wouldn't actually go into effect until an IPL was performed. The customer sadly acknowledged that the pending setting was an attempt to make the system appear more secure that it actually was and that as soon as the assessment was completed, the system value would have be reset to the original security level 30 setting. Because security level 30 is known to have very serious flaws, the customer wanted to make the system appear to be running at the highest security level of 50. This ruse would have succeeded with a less competent auditor. If you are running at a Security Level less than 40, you really need to get the level up to at least level 40. For almost all systems I've seen, it's not a huge project to move from QSECURITY level 30 to 40. And the upgrade provides a mountain of additional protection for your system.		Sponsored Links IBM i, iSeries and AS/400 Security Services from SecureMyi IT Security and Compliance Group In Depth Security Assessment of IBM i Upgrade to QSECURITY level 40 or 50 Forensic Research and Analysis Audit Assistance and Remediation Security Training for IT and Audit Staff Software Selection & Configuration Security and Systems Programming LIVE Training from The 400 School, Inc Customized IBM i (iSeries, AS/400) Training - Presented Live at your offices LIVE Online Hands-On Workshops Security and Auditing Workshops System Operations Workshops System Administration and Control ILE RPG IV Programming ILE COBOL Programming Control Language Programming IBM i Concepts and Facilities Query Workshop


Send your IBM i Security and Systems Management News and Events! Send your Questions, Comments, Tips and Stories Copyright 2015 - SecureMyi.com, all rights reserved SecureMyi.com \| St Louis MO 63017