The Capture Security Information tool allows you to capture the
current information for user profiles, system values, network
attributes, and registration information. A comparison may be made
at a later time against the same information captured on a different
date.
The following commands are provided:
** CRTSECINF to create a unique library for the information to be
stored in and establish the defaults for what will be
captured.
** CAPSECINF to capture the information.
** CMPSECINF to compare the information.
** RMVSECINF to remove old information.
** DLTSECINF to delete the files and library created by
CRTSECINF.
** RFMSECINF to reformat the files for a new version if needed.
You must have *ALLOBJ authority to any of the commands.
Getting started
---------------
** As an *ALLOBJ user, prompt for:
CRTSECINF
The default library name is TAASECINF. Any library may be
specified, but the library must not exist.
The library will contain all of the files used for capturing
information even if the defaults are set to not capture all of
the possible information. No members will exist for the
files. The files are created with ALWUPD(*NO) and
ALWDLT(*NO).
The library will be created with *PUBLIC(*EXCLUDE).
You may specify what information you want to collect when
using the defaults for CAPSECINF.
The information from CRTSECINF is stored in the Application
Value CAPSECINF in TAASECURE.
** As an *ALLOBJ user, prompt for:
CAPSECINF
A prompt override program accesses the values that were
entered on CRTSECINF and uses them as the parameter values.
If the command is entered without any parameters, the defaults
(*DFT) will also access the values specified on CRTSECINF for
what information you are interested in capturing.
For each set of information to be captured, a new member is
added to the corresponding file in the library you specified
(default is TAASECINF). The member will have the date
INcyymmdd.
You may want to schedule a job to capture the information on a weekly
or monthly basis.
** If you want to test the function, there are two solutions:
-- Wait for a week or so to let some normal changes to
your system occur before you use CAPSECINF again. Then
see the section on 'Comparing information'.
-- For a simple sanity test:
a) Use WRKNETA and increase the 'Maximum Intermediate
Sessions' by one.
b) Use CAPSECINF again.
c) Enter:
CMPSECINF TYPE(*NETATR) FROMMBR(*LAST)
TOMBR(*FIRST)
d) The spooled file should identify the change that was
made.
Comparing information
---------------------
After changes have been made to your system and new members created
by CAPSECINF, you can compare the information with the CMPSECINF
command. You name the type you want to compare and a From and To
member.
Assume you have used the default library of TAASECINF and you want to
compare the information captured on Dec 1, 2008 to the information
captured on Nov 1, 2009. For user profile information, you would
specify:
CMPSECINF TYPE(*USRPRF) FROMMBR(IN1081201)
TOMBR(IN1091101)
CMPSECINF provides a simple front end to the following TAA commands
which could be used directly:
CMPUSRPRF2
CMPSYSVAL
CMPNETA
CMPREGINF
You may compare all of the types by specifying TYPE(*ALL).
Special values exist for the FROMMBR and TOMBR parameters to allow
you to compare to the *FIRST, *LAST, or *PREV member. *PREV means
the member prior to the one that was specified. For example,
CMPSECINF TYPE(*USRPRF) FROMMBR(IN1051201)
TOMBR(*PREV)
or
CMPSECINF TYPE(*USRPRF) FROMMBR(*LAST)
TOMBR(*PREV)
The TOMBR would be the member added previously to the specified
FROMMBR.
A 'constant array' exists to allow you to bypass certain exit program
names during the processing of registration information. See the
section on 'Bypassing exit programs'.
Member naming convention
------------------------
The member names used are INcyymmddx. For the first member converted
on each day, the 'x' value will be blank. You can have up to 10
members created on each day. The subsequent members would be
INcyymmddA - INcyymmddJ.
Removing unwanted members
-------------------------
When old information is no longer needed, the RMVSECINF command may
be used to remove old members. You may remove old members from all
files or chose a specific file. For example, to remove members older
than 365 days from all files, you would specify:
RMVSECINF TYPE(*ALL) RETAINDAYS(365)
Changing the CAPSECINF defaults
-------------------------------
The CRTSECINF command sets the initial defaults for CAPSECINF.
You can change the CAPSECINF defaults by using:
EDTAPPVAL APPVAL(TAASECURE/CAPSECINF)
A prompt will appear and you may key over the existing values. If
you rename the library, you should change the LIB value. If you
delete the library and want to use a different name, use the
CRTSECINF command to start over.
Bypassing exit programs
-----------------------
In some cases there may be exit programs that you do not want to
include in the comparison of registration program information.
Two solutions are provided:
** You may use the CMPREGINF command directly with the BYPEXIT
parameter to list the exit programs that should be bypassed.
** A 'constant array' CMPSECINF in TAASECURE is provided to allow
you to list the exit programs that you want to bypass. The
array information is extracted by CMPSECINF and specified on
the CMPREGINF command.
As an *ALLOBJ user, enter:
EDTCONARR DTAARA(TAASECURE/CMPSECINF)
and enter up to 45 exit program names that should be bypassed.
CAPSECINF escape messages you can monitor for
---------------------------------------------
None. Escape messages from based on functions will be re-sent.
CRTSECINF command parameters *CMD
----------------------------
LIB The library where the security information will be
stored. The library must not exist. The default is
TAASECINF.
All of the required files will be created in the
library regardless of what other options are chosen.
The library is created with *PUBLIC(*EXCLUDE).
USRPRF The default value assigned when CAPSECINF
USRPRF(*DFT) is specified.
*YES is the default to cause user profile
information to be captured.
*NO may be specified to bypass user profile
information.
SYSVAL The default value assigned when CAPSECINF
SYSVAL(*DFT) is specified.
*YES is the default to cause system value
information to be captured.
*NO may be specified to bypass system value
information.
NETATR The default value assigned when CAPSECINF
NETATR(*DFT) is specified.
*YES is the default to cause network attribute
information to be captured.
*NO may be specified to bypass network attribute
information.
REGINF The default value assigned when CAPSECINF
REGINF(*DFT) is specified.
*YES is the default to cause registration
information to be captured.
*NO may be specified to bypass registration
information.
TEXT The text description for the library. The default
is 'TAASECINF tool library'.
CAPSECINF command parameters *CMD
----------------------------
USRPRF Whether to capture user profile information into the
USRPRFP file.
*DFT is the default to use the value specified in
the CAPSECINF Application Value in TAASECURE.
*YES may be specified to capture the user profile
information.
*NO may be specified to bypass user profile
information.
SYSVAL Whether to capture the system value information into
the SYSVALP file.
*DFT is the default to use the value specified in
the CAPSECINF Application Value in TAASECURE.
*YES may be specified to capture the system value
information.
*NO may be specified to bypass the system value
information.
NETATR Whether to capture the network attribute information
into the NETATRP file.
*DFT is the default to use the value specified in
the CAPSECINF Application Value in TAASECURE.
*YES may be specified to capture the network
attribute information.
*NO may be specified to bypass the network attribute
information.
REGINF Whether to capture the registration information into
the REGINFP file.
*DFT is the default to use the value specified in
the CAPSECINF Application Value in TAASECURE.
*YES may be specified to capture the registration
information.
*NO may be specified to bypass the registration
information.
CMPSECINF command parameters *CMD
----------------------------
TYPE The type of comparison to be made. *ALL may be
specified or the individual values *USRPRF, *SYSVAL,
*NETATR, or *REGINF.
FROMMBR The From member to be used in the comparison. A
specific member name may be entered or the special
values *FIRST, *LAST, or *PREV.
*PREV means the member that was added just previous
to the *LAST member. *PREV may not be used if
TOMBR(*FIRST) is specified.
TOMBR The To member to be used in the comparison. A
specific member name may be entered or the special
values *FIRST, *LAST, or *PREV.
*PREV means the member that was added just previous
to the *LAST member. *PREV may not be used if
FROMMBR(*FIRST) is specified.
OUTPUT How to output the results.
* is the default which will cause the results to be
displayed if the command is entered interactively.
If the command is entered in batch, *PRINT is
assumed. If TYPE(*ALL) is specified, the value is
changed to *PRINT.
*PRINT may be specified to cause spooled files to be
created.
RMVSECINF command parameters *CMD
----------------------------
TYPE The type of file to remove members from. The
default is *ALL for all files. A specific file may
be entered by using one of the values *USRPRF,
*SYSVAL, *NETATR, or *REGINF.
RETAINDAYS The number of days in the past to retain the
members. A value of 1 to 9999 must be entered.
DLTSECINF command parameters *CMD
----------------------------
None.
RFMSECINF command parameters *CMD
----------------------------
None.
Restrictions
------------
An *ALLOBJ user is required for any of the commands.
Prerequisites
-------------
The following TAA Tools must be on your system:
CHGAPPVAL Change application value
CHKALLOBJ Check *ALLOBJ special authority
CMPNETA Compare network attributes
CMPREGINF Compare registration information
CMPUSRPRF2 Compare user profile 2
CMPSYSVAL Compare system values
CVTNETA Convert network attributes
CVTREGINF Convert registration information
CVTSYSVAL Convert system values
DUPTAADBF Duplicate TAA data base file
RMVOLDMBR Remove old member
RSNLSTMSG Resend last message
RTVAPPVAL Retrieve application value
RTVDAT Retrieve date
SNDCOMPMSG Send completion message
SNDESCINF Send escape information
SNDESCMSG Send escape message
SNDSTSMSG Send status message
Implementation
--------------
None, the tool is ready to use. CRTSECINF is required before the use
of CAPSECINF.
Objects used by the tool
------------------------
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
CRTSECINF *CMD TAASEGM QATTCMD
CAPSECINF *CMD TAASEGM2 QATTCMD
CMPSECINF *CMD TAASEGM3 QATTCMD
RMVSECINF *CMD TAASEGM4 QATTCMD
DLTSECINF *CMD TAASEGM5 QATTCMD
TAASEGM6 *CMD TAASEGM6 QATTCMD
TAASEGMC *PGM CLP TAASEGMC QATTCL
TAASEGMC2 *PGM CLP TAASEGMC2 QATTCL
TAASEGMC3 *PGM CLP TAASEGMC3 QATTCL
TAASEGMC4 *PGM CLP TAASEGMC4 QATTCL
TAASEGMC5 *PGM CLP TAASEGMC5 QATTCL
TAASEGMC12 *PGM CLP TAASEGMC12 QATTCL
The CAPSECINF (Application Value) is a *USRSPC object in TAASECURE.
Structure
---------
CRTSECINF Cmd
TAASEGMC CL pgm
CAPSECINF Cmd
TAASEGMC2 CL pgm
TAASEGMC12 CLP Pgm for prompt override
CMPSECINF Cmd
TAASEGMC3 CL pgm
RMVSECINF Cmd
TAASEGMC4 CL pgm
DLTSECINF Cmd
TAASEGMC5 CL pgm
RMVSECINF Cmd
TAASEGMC6 CL pgm
|
