View Attach Info

Add new attachment

Only authorized users are allowed to upload new attachments.

This page (revision-1) was last changed on 28-Aug-2023 16:25 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 1 added 110 lines
%%(display:none)
{{{
WikiUp
}}}
/%
[{TableOfContents }]\\
!!! Descrizione\\
E' possibile attivare l'auditing degli accessi negati al sistema e delle modifiche ai profili utente (tra cui la disabilitazione)\\
Questo può servire in particoalre quando vari accessi causano la disabilitazione di un utente.\\
\\
!! Nota\\
Le seguenti istruzioni valgono per un sistema in cui l'auditing non è già attivo.\\
Ossia per un sistema in cui i valori di sistema QAUDCTL e QAUDLVL valgono *NONE.\\
In altre situazioni valutare caso per caso.\\
\\
!!! Attivazione audit\\
CRTJRNRCV JRNRCV(libreria/AUDRCV0001)\\
THRESHOLD(100000)\\
TEXT('Auditing Journal Receiver')\\
AUT(*EXCLUDE)\\
\\
CRTJRN JRN(QSYS/QAUDJRN)\\
JRNRCV(libreria/AUDRCV0001)\\
MNGRCV(*SYSTEM)\\
DLTRCV(*NO)\\
TEXT('Auditing Journal')\\
AUT(*EXCLUDE)\\
\\
Per abilitare auditing accessi negati\\
CHGSECAUD QAUDLVL(*AUTFAIL *SECURITY) INLJRNRCV(libreria/AUDRCV0001)\\
\\
CHGSYSVAL SYSVAL(QAUDCTL) VALUE(*AUDLVL)\\
\\
!!! Interrogazione audit accessi negati\\
CPYAUDJRNE ENTTYP(PW) OUTFILE(libreria/QAUDIT)\\
\\
SELECT PWUSRN, PWRADR, PWTYPE, PWTSTP, PWJOB, PWUSER, PWNBR, PWPGM\\
FROM libreria/QAUDITPW\\
\\
!!! Interrogazione audit modifiche agli utenti\\
CPYAUDJRNE ENTTYP(CP) OUTFILE(libreria/QAUDIT)\\
\\
SELECT CPONAM, CPCMDN, CPPCHG, CPPNON, CPPEXP, CPSTAT, CPTSTP, CPJOB, CPUSER, CPNBR, CPPGM, CPPGMLIB, CPUSPF, CPSYNM, CPRPORT, CPRADR, CPETYP, CPOLIB, CPOTYP FROM libreria/QAUDITCP\\
\\
!!! Interrogazioni su tutto il ricevitore\\
I comandi precedenti copiano i record solo del ricevitore corrente (che tipicamente viene ricreato all'IPL).\\
Se si vuole effettuare una ricerca più estesa bisogna considerare tutti i ricevitori (filtrando per intervallo temporale)\\
\\
Aggiunger al comando CPYAUDJRNE i paramentri JRNRCV(*CURCHAIN) FROMTIME('date' 'time') TOTIME('date' 'time')\\
\\
!!! Disattivazione audit\\
DLTF libreria/QAUDITPW\\
\\
CHGSYSVAL SYSVAL(QAUDCTL) VALUE(*NONE)\\
\\
CHGSECAUD QAUDLVL(*NONE)\\
INLJRNRCV(libreria/AUDRCV0001)\\
\\
DLTJRN JRN(QSYS/QAUDJRN)\\
\\
DLTJRNRCV JRNRCV(libreria/AUDRCV0001)\\
\\
!!! Significato del tipo violazione (PWTYPE)\\
A\\
APPC bind failure.\\
\\
C\\
User authentication with the CHKPWD command failed.\\
\\
D\\
Service tools user ID name not valid (QSYCHGDS API, CRTSSTUSR, CHGSSTUSR, DLTSSTUSR commands).\\
\\
E\\
Service tools user ID password not valid (QSYCHGDS API, CRTSSTUSR, CHGSSTUSR, DLTSSTUSR commands).\\
\\
P\\
Password not valid.\\
\\
Q\\
Attempted signon (user authentication) failed because user profile is disabled.\\
\\
R\\
Attempted signon (user authentication) failed because password was expired. This audit record might not occur for some user authentication mechanisms. Some authentication mechanisms do not check for expired passwords.\\
\\
S\\
SQL Decryption password is not valid.\\
\\
U\\
User name not valid.\\
\\
X\\
Service tools user ID is disabled.\\
\\
Y\\
Service tools user ID not valid (service tools interface).\\
\\
Z\\
Service tools user ID password not valid (service tools interface).\\
\\
!!! Link utili\\
\\
https://www.ibm.com/docs/en/i/7.4?topic=services-audit-journal-pw-table-function\\
\\
https://www.ibm.com/docs/en/i/7.4?topic=entries-pw-password-journal\\
\\
https://www.ibm.com/docs/en/i/7.4?topic=services-audit-journal-cp-table-function\\
\\
https://www.ibm.com/docs/en/i/7.4?topic=entries-cp-user-profile-changes-journal\\
\\
https://www.ibm.com/support/pages/determining-how-user-profile-getting-disabled\\
This page has only one version
«