CAPSECINF Security Information

CAPSECINF CAPTURE SECURITY INFORMATION TAASEGM
The Capture Security Information tool allows you to capture the current information for user profiles, system values, network attributes, and registration information. A comparison may be made at a later time against the same information captured on a different date. The following commands are provided: ** CRTSECINF to create a unique library for the information to be stored in and establish the defaults for what will be captured. ** CAPSECINF to capture the information. ** CMPSECINF to compare the information. ** RMVSECINF to remove old information. ** DLTSECINF to delete the files and library created by CRTSECINF. You must have *ALLOBJ authority to any of the commands. Getting started --------------- ** As an *ALLOBJ user, prompt for: CRTSECINF The default library name is TAASECINF. Any library may be specified, but the library must not exist. The library will contain all of the files used for capturing information even if the defaults are set to not capture all of the possible information. No members will exist for the files. The files are created with ALWUPD(*NO) and ALWDLT(*NO). The library will be created with *PUBLIC(*EXCLUDE). You may specify what information you want to collect when using the defaults for CAPSECINF. The information from CRTSECINF is stored in the Application Value CAPSECINF in TAASECURE. ** As an *ALLOBJ user, prompt for: CAPSECINF A prompt override program accesses the values that were entered on CRTSECINF and uses them as the parameter values. If the command is entered without any parameters, the defaults (*DFT) will also access the values specified on CRTSECINF for what information you are interested in capturing. For each set of information to be captured, a new member is added to the corresponding file in the library you specified (default is TAASECINF). The member will have the date INcyymmdd. You may want to schedule a job to capture the information on a weekly or monthly basis. ** If you want to test the function, there are two solutions: -- Wait for a week or so to let some normal changes to your system occur before you use CAPSECINF again. Then see the section on 'Comparing information'. -- For a simple sanity test: a) Use WRKNETA and increase the 'Maximum Intermediate Sessions' by one. b) Use CAPSECINF again. c) Enter: CMPSECINF TYPE(*NETATR) FROMMBR(*LAST) TOMBR(*FIRST) d) The spooled file should identify the change that was made. Comparing information --------------------- After changes have been made to your system and new members created by CAPSECINF, you can compare the information with the CMPSECINF command. You name the type you want to compare and a From and To member. Assume you have used the default library of TAASECINF and you want to compare the information captured on Dec 1, 2008 to the information captured on Nov 1, 2009. For user profile information, you would specify: CMPSECINF TYPE(*USRPRF) FROMMBR(IN1081201) TOMBR(IN1091101) CMPSECINF provides a simple front end to the following TAA commands which could be used directly: CMPUSRPRF2 CMPSYSVAL CMPNETA CMPREGINF You may compare all of the types by specifying TYPE(*ALL). Special values exist for the FROMMBR and TOMBR parameters to allow you to compare to the *FIRST, *LAST, or *PREV member. *PREV means the member prior to the one that was specified. For example, CMPSECINF TYPE(*USRPRF) FROMMBR(IN1051201) TOMBR(*PREV) or CMPSECINF TYPE(*USRPRF) FROMMBR(*LAST) TOMBR(*PREV) The TOMBR would be the member added previously to the specified FROMMBR. A 'constant array' exists to allow you to bypass certain exit program names during the processing of registration information. See the section on 'Bypassing exit programs'. Member naming convention ------------------------ The member names used are INcyymmddx. For the first member converted on each day, the 'x' value will be blank. You can have up to 10 members created on each day. The subsequent members would be INcyymmddA - INcyymmddJ. Removing unwanted members ------------------------- When old information is no longer needed, the RMVSECINF command may be used to remove old members. You may remove old members from all files or chose a specific file. For example, to remove members older than 365 days from all files, you would specify: RMVSECINF TYPE(*ALL) RETAINDAYS(365) Changing the CAPSECINF defaults ------------------------------- The CRTSECINF command sets the initial defaults for CAPSECINF. You can change the CAPSECINF defaults by using: EDTAPPVAL APPVAL(TAASECURE/CAPSECINF) A prompt will appear and you may key over the existing values. If you rename the library, you should change the LIB value. If you delete the library and want to use a different name, use the CRTSECINF command to start over. Bypassing exit programs ----------------------- In some cases there may be exit programs that you do not want to include in the comparison of registration program information. Two solutions are provided: ** You may use the CMPREGINF command directly with the BYPEXIT parameter to list the exit programs that should be bypassed. ** A 'constant array' CMPSECINF in TAASECURE is provided to allow you to list the exit programs that you want to bypass. The array information is extracted by CMPSECINF and specified on the CMPREGINF command. As an *ALLOBJ user, enter: EDTCONARR DTAARA(TAASECURE/CMPSECINF) and enter up to 45 exit program names that should be bypassed. CAPSECINF escape messages you can monitor for --------------------------------------------- None. Escape messages from based on functions will be re-sent. CRTSECINF command parameters *CMD ---------------------------- LIB The library where the security information will be stored. The library must not exist. The default is TAASECINF. All of the required files will be created in the library regardless of what other options are chosen. The library is created with *PUBLIC(*EXCLUDE). USRPRF The default value assigned when CAPSECINF USRPRF(*DFT) is specified. *YES is the default to cause user profile information to be captured. *NO may be specified to bypass user profile information. SYSVAL The default value assigned when CAPSECINF SYSVAL(*DFT) is specified. *YES is the default to cause system value information to be captured. *NO may be specified to bypass system value information. NETATR The default value assigned when CAPSECINF NETATR(*DFT) is specified. *YES is the default to cause network attribute information to be captured. *NO may be specified to bypass network attribute information. REGINF The default value assigned when CAPSECINF REGINF(*DFT) is specified. *YES is the default to cause registration information to be captured. *NO may be specified to bypass registration information. TEXT The text description for the library. The default is 'TAASECINF tool library'. CAPSECINF command parameters *CMD ---------------------------- USRPRF Whether to capture user profile information into the USRPRFP file. *DFT is the default to use the value specified in the CAPSECINF Application Value in TAASECURE. *YES may be specified to capture the user profile information. *NO may be specified to bypass user profile information. SYSVAL Whether to capture the system value information into the SYSVALP file. *DFT is the default to use the value specified in the CAPSECINF Application Value in TAASECURE. *YES may be specified to capture the system value information. *NO may be specified to bypass the system value information. NETATR Whether to capture the network attribute information into the NETATRP file. *DFT is the default to use the value specified in the CAPSECINF Application Value in TAASECURE. *YES may be specified to capture the network attribute information. *NO may be specified to bypass the network attribute information. REGINF Whether to capture the registration information into the REGINFP file. *DFT is the default to use the value specified in the CAPSECINF Application Value in TAASECURE. *YES may be specified to capture the registration information. *NO may be specified to bypass the registration information. CMPSECINF command parameters *CMD ---------------------------- TYPE The type of comparison to be made. *ALL may be specified or the individual values *USRPRF, *SYSVAL, *NETATR, or *REGINF. FROMMBR The From member to be used in the comparison. A specific member name may be entered or the special values *FIRST, *LAST, or *PREV. *PREV means the member that was added just previous to the *LAST member. *PREV may not be used if TOMBR(*FIRST) is specified. TOMBR The To member to be used in the comparison. A specific member name may be entered or the special values *FIRST, *LAST, or *PREV. *PREV means the member that was added just previous to the *LAST member. *PREV may not be used if FROMMBR(*FIRST) is specified. OUTPUT How to output the results. * is the default which will cause the results to be displayed if the command is entered interactively. If the command is entered in batch, *PRINT is assumed. If TYPE(*ALL) is specified, the value is changed to *PRINT. *PRINT may be specified to cause spooled files to be created. RMVSECINF command parameters *CMD ---------------------------- TYPE The type of file to remove members from. The default is *ALL for all files. A specific file may be entered by using one of the values *USRPRF, *SYSVAL, *NETATR, or *REGINF. RETAINDAYS The number of days in the past to retain the members. A value of 1 to 9999 must be entered. DLTSECINF command parameters *CMD ---------------------------- None. Restrictions ------------ An *ALLOBJ user is required for any of the commands. Prerequisites ------------- The following TAA Tools must be on your system: CHGAPPVAL Change application value CHKALLOBJ Check *ALLOBJ special authority CMPNETA Compare network attributes CMPREGINF Compare registration information CMPUSRPRF2 Compare user profile 2 CMPSYSVAL Compare system values CVTNETA Convert network attributes CVTREGINF Convert registration information CVTSYSVAL Convert system values DUPTAADBF Duplicate TAA data base file RMVOLDMBR Remove old member RSNLSTMSG Resend last message RTVAPPVAL Retrieve application value RTVDAT Retrieve date SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message SNDSTSMSG Send status message Implementation -------------- None, the tool is ready to use. CRTSECINF is required before the use of CAPSECINF. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- TAASEGM *CMD TAASEGM QATTCMD TAASEGM2 *CMD TAASEGM2 QATTCMD TAASEGM3 *CMD TAASEGM3 QATTCMD TAASEGM4 *CMD TAASEGM4 QATTCMD TAASEGM5 *CMD TAASEGM5 QATTCMD TAASEGMC *PGM CLP TAASEGMC QATTCL TAASEGMC2 *PGM CLP TAASEGMC2 QATTCL TAASEGMC3 *PGM CLP TAASEGMC3 QATTCL TAASEGMC4 *PGM CLP TAASEGMC4 QATTCL TAASEGMC5 *PGM CLP TAASEGMC5 QATTCL TAASEGMC12 *PGM CLP TAASEGMC12 QATTCL The CAPSECINF (Application Value) is a *USRSPC object in TAASECURE. Structure --------- CRTSECINF Cmd TAASEGMC CL pgm CAPSECINF Cmd TAASEGMC2 CL pgm TAASEGMC12 CLP Pgm for prompt override CMPSECINF Cmd TAASEGMC3 CL pgm RMVSECINF Cmd TAASEGMC4 CL pgm DLTSECINF Cmd TAASEGMC5 CL pgm


CAPSECINF CAPTURE SECURITY INFORMATION TAASEGM
The Capture Security Information tool allows you to capture the current information for user profiles, system values, network attributes, and registration information. A comparison may be made at a later time against the same information captured on a different date. The following commands are provided: CRTSECINF to create a unique library for the information to be stored in and establish the defaults for what will be captured. CAPSECINF to capture the information. CMPSECINF to compare the information. RMVSECINF to remove old information. ** DLTSECINF to delete the files and library created by CRTSECINF. You must have ALLOBJ authority to any of the commands. Getting started --------------- * As an ALLOBJ user, prompt for: CRTSECINF The default library name is TAASECINF. Any library may be specified, but the library must not exist. The library will contain all of the files used for capturing information even if the defaults are set to not capture all of the possible information. No members will exist for the files. The files are created with ALWUPD(NO) and ALWDLT(NO). The library will be created with PUBLIC(EXCLUDE). You may specify what information you want to collect when using the defaults for CAPSECINF. The information from CRTSECINF is stored in the Application Value CAPSECINF in TAASECURE. * As an ALLOBJ user, prompt for: CAPSECINF A prompt override program accesses the values that were entered on CRTSECINF and uses them as the parameter values. If the command is entered without any parameters, the defaults (DFT) will also access the values specified on CRTSECINF for what information you are interested in capturing. For each set of information to be captured, a new member is added to the corresponding file in the library you specified (default is TAASECINF). The member will have the date INcyymmdd. You may want to schedule a job to capture the information on a weekly or monthly basis. ** If you want to test the function, there are two solutions: -- Wait for a week or so to let some normal changes to your system occur before you use CAPSECINF again. Then see the section on 'Comparing information'. -- For a simple sanity test: a) Use WRKNETA and increase the 'Maximum Intermediate Sessions' by one. b) Use CAPSECINF again. c) Enter: CMPSECINF TYPE(NETATR) FROMMBR(LAST) TOMBR(FIRST) d) The spooled file should identify the change that was made. Comparing information --------------------- After changes have been made to your system and new members created by CAPSECINF, you can compare the information with the CMPSECINF command. You name the type you want to compare and a From and To member. Assume you have used the default library of TAASECINF and you want to compare the information captured on Dec 1, 2008 to the information captured on Nov 1, 2009. For user profile information, you would specify: CMPSECINF TYPE(USRPRF) FROMMBR(IN1081201) TOMBR(IN1091101) CMPSECINF provides a simple front end to the following TAA commands which could be used directly: CMPUSRPRF2 CMPSYSVAL CMPNETA CMPREGINF You may compare all of the types by specifying TYPE(ALL). Special values exist for the FROMMBR and TOMBR parameters to allow you to compare to the FIRST, LAST, or PREV member. PREV means the member prior to the one that was specified. For example, CMPSECINF TYPE(USRPRF) FROMMBR(IN1051201) TOMBR(PREV) or CMPSECINF TYPE(USRPRF) FROMMBR(LAST) TOMBR(PREV) The TOMBR would be the member added previously to the specified FROMMBR. A 'constant array' exists to allow you to bypass certain exit program names during the processing of registration information. See the section on 'Bypassing exit programs'. Member naming convention ------------------------ The member names used are INcyymmddx. For the first member converted on each day, the 'x' value will be blank. You can have up to 10 members created on each day. The subsequent members would be INcyymmddA - INcyymmddJ. Removing unwanted members ------------------------- When old information is no longer needed, the RMVSECINF command may be used to remove old members. You may remove old members from all files or chose a specific file. For example, to remove members older than 365 days from all files, you would specify: RMVSECINF TYPE(ALL) RETAINDAYS(365) Changing the CAPSECINF defaults ------------------------------- The CRTSECINF command sets the initial defaults for CAPSECINF. You can change the CAPSECINF defaults by using: EDTAPPVAL APPVAL(TAASECURE/CAPSECINF) A prompt will appear and you may key over the existing values. If you rename the library, you should change the LIB value. If you delete the library and want to use a different name, use the CRTSECINF command to start over. Bypassing exit programs ----------------------- In some cases there may be exit programs that you do not want to include in the comparison of registration program information. Two solutions are provided: * You may use the CMPREGINF command directly with the BYPEXIT parameter to list the exit programs that should be bypassed. ** A 'constant array' CMPSECINF in TAASECURE is provided to allow you to list the exit programs that you want to bypass. The array information is extracted by CMPSECINF and specified on the CMPREGINF command. As an ALLOBJ user, enter: EDTCONARR DTAARA(TAASECURE/CMPSECINF) and enter up to 45 exit program names that should be bypassed. CAPSECINF escape messages you can monitor for --------------------------------------------- None. Escape messages from based on functions will be re-sent. CRTSECINF command parameters CMD ---------------------------- LIB The library where the security information will be stored. The library must not exist. The default is TAASECINF. All of the required files will be created in the library regardless of what other options are chosen. The library is created with PUBLIC(EXCLUDE). USRPRF The default value assigned when CAPSECINF USRPRF(DFT) is specified. YES is the default to cause user profile information to be captured. NO may be specified to bypass user profile information. SYSVAL The default value assigned when CAPSECINF SYSVAL(DFT) is specified. YES is the default to cause system value information to be captured. NO may be specified to bypass system value information. NETATR The default value assigned when CAPSECINF NETATR(DFT) is specified. YES is the default to cause network attribute information to be captured. NO may be specified to bypass network attribute information. REGINF The default value assigned when CAPSECINF REGINF(DFT) is specified. YES is the default to cause registration information to be captured. NO may be specified to bypass registration information. TEXT The text description for the library. The default is 'TAASECINF tool library'. CAPSECINF command parameters CMD ---------------------------- USRPRF Whether to capture user profile information into the USRPRFP file. DFT is the default to use the value specified in the CAPSECINF Application Value in TAASECURE. YES may be specified to capture the user profile information. NO may be specified to bypass user profile information. SYSVAL Whether to capture the system value information into the SYSVALP file. DFT is the default to use the value specified in the CAPSECINF Application Value in TAASECURE. YES may be specified to capture the system value information. NO may be specified to bypass the system value information. NETATR Whether to capture the network attribute information into the NETATRP file. DFT is the default to use the value specified in the CAPSECINF Application Value in TAASECURE. YES may be specified to capture the network attribute information. NO may be specified to bypass the network attribute information. REGINF Whether to capture the registration information into the REGINFP file. DFT is the default to use the value specified in the CAPSECINF Application Value in TAASECURE. YES may be specified to capture the registration information. NO may be specified to bypass the registration information. CMPSECINF command parameters CMD ---------------------------- TYPE The type of comparison to be made. ALL may be specified or the individual values USRPRF, SYSVAL, NETATR, or REGINF. FROMMBR The From member to be used in the comparison. A specific member name may be entered or the special values FIRST, LAST, or PREV. PREV means the member that was added just previous to the LAST member. PREV may not be used if TOMBR(FIRST) is specified. TOMBR The To member to be used in the comparison. A specific member name may be entered or the special values FIRST, LAST, or PREV. PREV means the member that was added just previous to the LAST member. PREV may not be used if FROMMBR(FIRST) is specified. OUTPUT How to output the results. is the default which will cause the results to be displayed if the command is entered interactively. If the command is entered in batch, PRINT is assumed. If TYPE(ALL) is specified, the value is changed to PRINT. PRINT may be specified to cause spooled files to be created. RMVSECINF command parameters CMD ---------------------------- TYPE The type of file to remove members from. The default is ALL for all files. A specific file may be entered by using one of the values USRPRF, SYSVAL, NETATR, or REGINF. RETAINDAYS The number of days in the past to retain the members. A value of 1 to 9999 must be entered. DLTSECINF command parameters CMD ---------------------------- None. Restrictions ------------ An ALLOBJ user is required for any of the commands. Prerequisites ------------- The following TAA Tools must be on your system: CHGAPPVAL Change application value CHKALLOBJ Check ALLOBJ special authority CMPNETA Compare network attributes CMPREGINF Compare registration information CMPUSRPRF2 Compare user profile 2 CMPSYSVAL Compare system values CVTNETA Convert network attributes CVTREGINF Convert registration information CVTSYSVAL Convert system values DUPTAADBF Duplicate TAA data base file RMVOLDMBR Remove old member RSNLSTMSG Resend last message RTVAPPVAL Retrieve application value RTVDAT Retrieve date SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message SNDSTSMSG Send status message Implementation -------------- None, the tool is ready to use. CRTSECINF is required before the use of CAPSECINF. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- TAASEGM CMD TAASEGM QATTCMD TAASEGM2 CMD TAASEGM2 QATTCMD TAASEGM3 CMD TAASEGM3 QATTCMD TAASEGM4 CMD TAASEGM4 QATTCMD TAASEGM5 CMD TAASEGM5 QATTCMD TAASEGMC PGM CLP TAASEGMC QATTCL TAASEGMC2 PGM CLP TAASEGMC2 QATTCL TAASEGMC3 PGM CLP TAASEGMC3 QATTCL TAASEGMC4 PGM CLP TAASEGMC4 QATTCL TAASEGMC5 PGM CLP TAASEGMC5 QATTCL TAASEGMC12 PGM CLP TAASEGMC12 QATTCL The CAPSECINF (Application Value) is a *USRSPC object in TAASECURE. Structure --------- CRTSECINF Cmd TAASEGMC CL pgm CAPSECINF Cmd TAASEGMC2 CL pgm TAASEGMC12 CLP Pgm for prompt override CMPSECINF Cmd TAASEGMC3 CL pgm RMVSECINF Cmd TAASEGMC4 CL pgm DLTSECINF Cmd TAASEGMC5 CL pgm

Added to TAA Productivity Tools June 1, 2005

Home Page

Last modified on January 12, 2010