CHKLIBITG -- Check Library Integrity

CHKLIBITG CHECK LIBRARY INTEGRITY TAALIDB
The Check Library Integrity command checks for integrity of objects in a library. CHKLIBITG is a front end to the system command CHKOBJITG which checks the owned objects of a user profile and creates an outfile of exceptions. The checking ensures such things as whether the object is in the proper domain, a determination of whether a program or module has been tampered with, or whether a CISC program has not yet been converted to RISC (RISC only function). To use CHKLIBITG, you must be or have all rights to the QSECOFR profile (an adopted program is valid). All objects in the library must be free of any allocations to allow the full use of the command. Integrity checking occurs by creating a temporary profile TAATMPUSR, changing the ownership of each object in the library to TAATMPUSR, running the system command CHKOBJITG, and then changing the ownership back to the original owner. See the later section on Recovery Considerations. TAATMPUSR is deleted when all objects have been checked. You cannot have a profile by the name of TAATMPUSR on your system. A typical command would be: CHKLIBITG LIB(xxx) A spooled file is output with any conditions found by the command and any error conditions such as when an object is allocated and the ownership cannot be changed to allow checking to occur. Differences with CHKOBJITG -------------------------- CHKOBJITG is the system command. It checks all objects owned by a user profile and creates an outfile of exceptions. You must provide a function to print the outfile. CHKLIBITG is the tool. It operates against all objects in a specified library. The processing of each object is to change the ownership to the temporary profile TAATMPUSR and then use the system command CHKOBJITG. After checking the object, ownership is restored to the original owner along with the owners original authorities. A spooled file is output. Recovery considerations ----------------------- During the execution of the command, messages are sent to the job log as each object is processed. The messages describe the object, its owner and the owner's authorities These special recovery messages all begin with *. The object owner is then changed in order to test the integrity. After the test, the owner and the authorities are reset and the messages are removed. Therefore, if the job abnormally terminates, you should review the job log and do the following: Determine if any of the * special messages exist. If so, check the ownership of the object and the authorities of the owner. They should agree with the messages in the job log. If not, use CHGOBJOWN and/or EDTOBJAUT. Check for the existence of the TAATMPUSR user profile. If it exists, delete it. Command parameters CMD ------------------ LIB The library to be checked. Restrictions ------------ * You must be or have all rights to the QSECOFR profile. All objects in the library must be free of allocations to allow the temporary change of ownership to occur. You cannot have a profile by the name of TAATMPUSR on your system. Prerequisites ------------- The following TAA Tools must be on your system: CHGOBJD2 Change object description 2 CHKACTPGM Check active program EDTVAR Edit variable RSNLSTMSG Resend last message RTVOBJAUT Retrieve object authority RTVOBJD2 Retrieve object description 2 RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDDIAGMSG Send diagnostic message SNDESCMSG Send escape message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- CHKLIBITG CMD TAALIDB QATTCMD TAALIDBC PGM CLP TAALIDBC QATTCL TAALIDBR PGM RPG TAALIDBR QATTRPG TAALIDBP FILE PF TAALIDBP QATTDDS TAALIDBL *FILE LF TAALIDBL QATTDDS

CHKLIBITG       CHECK LIBRARY INTEGRITY                TAALIDB


The Check  Library Integrity  command checks  for integrity of  objects
in  a  library.   CHKLIBITG  is  a  front  end  to the  system  command
CHKOBJITG  which  checks  the  owned  objects  of  a  user  profile and
creates an  outfile of exceptions.   The  checking ensures such  things
as  whether the  object is  in the  proper domain,  a  determination of
whether  a program or module has been  tampered with, or whether a CISC
program has not yet been converted to RISC (RISC only function).

To use  CHKLIBITG,  you must  be  or have  all  rights to  the  QSECOFR
profile (an  adopted program  is valid).   All  objects in the  library
must be  free of any allocations to allow the  full use of the command.

Integrity checking occurs  by creating a  temporary profile  TAATMPUSR,
changing the  ownership of  each object  in the  library to  TAATMPUSR,
running the  system command CHKOBJITG, and then  changing the ownership
back  to  the  original  owner.   See  the  later  section  on Recovery
Considerations.   TAATMPUSR  is  deleted  when all  objects  have  been
checked.   You cannot have a profile  by the name of  TAATMPUSR on your
system.

A typical command would be:

             CHKLIBITG   LIB(xxx)

A  spooled file is output with any  conditions found by the command and
any error  conditions  such as  when an  object  is allocated  and  the
ownership cannot be changed to allow checking to occur.

Differences with CHKOBJITG
--------------------------

CHKOBJITG is  the system  command.  It  checks all  objects owned  by a
user  profile and creates an  outfile of exceptions.   You must provide
a function to print the outfile.

CHKLIBITG  is  the  tool.    It  operates  against  all  objects  in  a
specified library.   The  processing of  each object is  to change  the
ownership to  the temporary profile  TAATMPUSR and then  use the system
command  CHKOBJITG.  After  checking the object,  ownership is restored
to the original  owner along with the  owners original authorities.   A
spooled file is output.

Recovery considerations
-----------------------

During the execution  of the command, messages are sent  to the job log
as  each object is  processed.   The messages describe  the object, its
owner and the owner's authorities  These special recovery messages  all
begin with ***.

The object owner is then changed in order to test the integrity.

After  the test,  the  owner  and the  authorities  are  reset and  the
messages are removed.

Therefore,  if the  job abnormally  terminates,  you should  review the
job log and do the following:

  **   Determine if any  of the  *** special  messages exist.   If  so,
       check the  ownership of the  object and  the authorities of  the
       owner.   They  should agree with  the messages  in the  job log.
       If not, use CHGOBJOWN and/or EDTOBJAUT.

  **   Check  for the existence  of the TAATMPUSR user  profile.  If it
       exists, delete it.

Command parameters                                    *CMD
------------------

   LIB           The library to be checked.

Restrictions
------------

  **   You must be or have all rights to the QSECOFR profile.

  **   All objects  in  the  library must  be  free of  allocations  to
       allow the temporary change of ownership to occur.

  **   You  cannot have  a profile  by the  name of  TAATMPUSR  on your
       system.

Prerequisites
-------------

The following TAA Tools must be on your system:

     CHGOBJD2        Change object description 2
     CHKACTPGM       Check active program
     EDTVAR          Edit variable
     RSNLSTMSG       Resend last message
     RTVOBJAUT       Retrieve object authority
     RTVOBJD2        Retrieve object description 2
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDDIAGMSG      Send diagnostic message
     SNDESCMSG       Send escape message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHKLIBITG     *CMD                   TAALIDB       QATTCMD
   TAALIDBC      *PGM       CLP         TAALIDBC      QATTCL
   TAALIDBR      *PGM       RPG         TAALIDBR      QATTRPG
   TAALIDBP      *FILE      PF          TAALIDBP      QATTDDS
   TAALIDBL      *FILE      LF          TAALIDBL      QATTDDS

Added to TAA Productivity tools August 1, 1997

Home Page

Up to Top