Manage Learn to apply best practices and optimize your operations.

Can users alter audit logs?

Our external auditor has stated that two of our users -- who function as security officers, that have *ALLOBJ (BUT NOT *AUDIT) authority -- can alter the audit logs. While I can see that maybe possible for them to delete the audit journals, is it possible for them to delete or alter individual records without leaving footprints?
OS/400 audit records were placed in journals by design and that's because, while you could delete an entire journal receiver, you cannot delete or modify individual records. This way, you can count on the accuracy and the integrity of the audit journals themselves as well as their entries. In addition, journal receivers are numbered so if a receiver was deleted, you could tell that one was missing.


The Best Web Links: tips, tutorials and more.

Search400's targeted search engine: Get relevant information on security.

Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.

Check out this Search400.com Featured Topic: Top ten security tips

Dig Deeper on iSeries system and application security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.