Tracking System i program object changes

For your tracking to work, you will first have to set up a baseline of information about the programs on your system. I suggest that you dedicate a separate library on your system for this purpose and then make sure that access to the library is restricted to your security officers only. For purposes of this tip, I set up a library called KISPGMTRK and I'm going to track changes to *PGM objects only. In your implementation, you can expand the implementation to other program objects as you have need. To set up the baseline information about all programs on your system, just run the following command:

 DSPOBJD OBJ(*ALLUSR/*ALL) OBJTYPE(*PGM) OUTPUT(*OUTFILE) 

OUTFILE(KISPGMTRK/PGMMST)

This will create a database file in your library named PGMMST which will become your baseline file. The file will contain information about all *PGM objects on your system from all user libraries. To expand your baseline to include all programs in the OS, just change the OBJ parameter to specify *ALL libraries, not just *ALLUSR libraries.

Once you have this baseline established, wait for some program change activity on your system. Then, repeat the above command only specify a different OUTFILE file. For my example, I have used a file name of CURMST. This will capture a second picture of all *PGM objects on your system taken at the second point in time.

Now, all that's left is to compare the two files and produce your control listings. For my example, I used the System i Query tool (WRKQRY). This tool will let you run a query joining two files together dynamically. I joined them on library name and object name. If you are tracking more than just *PGM objects, then you will also have to join on object type.

For my tracking, I generate three different reports. A list of new programs added to the system, a list of programs deleted from the system and a list of programs that have changed. To get the new programs added, set up the current file, then the baseline file and specify a key join for unmatched records with the primary file. For deleted programs, set up the baseline file first and the current file second using the same unmatched records with primary file join (the opposite of your first report). Then for changed programs, process the two files using the matched records join option. To get just the changed programs, select records where the object size, create date or create time have changed.

System i security resources Ensuring security on i runbook Fast Guide: System i security Ask your peers a question about AS/400 security at IT Knowledge Exchange

When your reports have been created, you will just need to replace your baseline database file with the most recent current file. In my example, I just do a copy/replace from the CURMST to the PGMMST file. Now you're all set up for the next report cycle.

Once you have this set up and working, you could even work with it to keep a history database on file for all of the adds, deletes and changes over time. At a minimum, when your auditor shows up, you'll have a nicely bound volume of reports showing all changes. And, you can review the program change activity for yourself to make sure there are no surprises along the way. After all, isn't that the point of security checking?

If you're interested, I'll send you a save file of the library on my system where I developed my version of this process along with a simple CL program and CMD object to run it. If you have any questions about anything included in this tip, or you would like the sample, you can reach me at (rich@kisco.com), All email messages will be answered as quickly as possible.

ABOUT THE AUTHOR: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.

Rate this Tip To rate tips, you must be a member of Search400.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT iSeries security tips Security considerations for IBM i backups Developing a security incident response system for System i Tracking remote access users on System i Setting up security for programmers on IBM i Controlling remote access on your IBM i Checking in on your IBM i authorization lists PCI data security standards and the System i Securing the integrated file system on IBM System i Contextual security on IBM i: Limit user profile access Time for a security checkup for your i iSeries system and application security Developing a security incident response system for System i Setting up security for programmers on IBM i Blocking AS/400 DB2 users Trouble accessing IFS path from Win2k3 server Checking in on your IBM i authorization lists Strategies for securing IBM i production files Changing password security levels and upgrading operating systems on the IBM i Determine the value of parameter UPPWEI in the DSPUSRPRF field Define journal code value "K" Modify content within a journal receiver file Sarbanes-Oxley Detecting copied files on the AS/400 using audit journals System i security policy: Time for a check up Learning guide: Steps to a secure System i 12 security tips in 12 minutes iSeries (AS/400) security: Who's in charge? Study: SOX-compliant firms see drop in costs in year 2 Compliance without Confusion: Addressing the Payment Card Industry's Data Security Standard Mandate Go beyond SOX for business continuity SOX regulations concerning applications COMMON: New security tools for iSeries Sarbanes-Oxley Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary midrange  (Search400.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.