Solved

Need answers to some AS400 Questions for an iSeries Audit

Posted on 2009-05-19
27
1,516 Views
Last Modified: 2013-12-06
I have been tasked with having to do an AS400 Audit. I have a template page to use as a guide. I basically just have to find the answers to the items listed. Where to go while logged on or what AS400 commands to use for each item to find the information. That's all I need.

I have attached the audit template. could you please provide me with the AS400 command (s) that i need to enter for each item to get the information listed? Thanks in advance!

btw, I'm not an AS400 guy so that is why I need to obtain this information. :-)
AS400-Audit.doc
0
Comment
Question by:matrix0511
  • 12
  • 7
  • 4
  • +2
27 Comments
 
LVL 18

Expert Comment

by:daveslash
ID: 24427476

In looking at your list of information to gather, let me give you what I believe is the only way to accomplish it.

Step 1: Find an "AS/400 guy" on-site
Step 2: Hand him or her this list
0
 

Author Comment

by:matrix0511
ID: 24427490
funny. but I wasn't posting this for jokes. This site has "AS400" experts on it. Let me remind you the name of this site is "experts" exchange. I'm sure I will find a real AS400 expert who is serious about giving out good information.
0
 
LVL 18

Expert Comment

by:daveslash
ID: 24427522

Sorry for the sarcasm ... it's just that the answers to these items are rather involved. Each line-item would require a pretty good amount of AS/400-specific knowledge that's probably beyond the scope of normal questions I've seen posted here.

PTF inventory, logical-file access-path size, expert caching, QPWFSERVER, etc. Those all require significant amounts of explanation.

Again, I apologize for the sarcasm.
0
 
LVL 34

Expert Comment

by:Gary Patterson
ID: 24427535
Kidding aside, daveslash makes a point that I was kind of thinking, too.  This isn't a simple question, it is an entire audit (albiet a small one).  I typically get paid for doing this sort of work, and daveslash probably does too.

Maybe if you break up the list into a series of individual questions, you can get some of this knocked out.

I really think you would be best off hiring an expert to help guide you though the process.

- Gary Patterson
0
 

Author Comment

by:matrix0511
ID: 24427571
Guys, you all are missing what I'm asking for! I'm only looking for "YES" or "NO". I have attached an example of anohter audit that was done by another person who is not available right now. See attached file. Most of these items require only a simple command statement. if you are an experienced AS400 person. In fact, I just did a Google on some of these and found a simple command taht you enter to get the answer. All I need is the simple as400 command to display the information I need. do you see what i'm asking for now??
AS400-Audit2.doc
0
 
LVL 34

Accepted Solution

by:
Gary Patterson earned 350 total points
ID: 24427732
I'm an "experienced AS/400 person", with 20+ years on the platform.  Check my profile for my credentials.

Some of your topics can be answered by running a simple command (and since you found them with a quick Google search, you don't need us for that).  The problem is, some of the questions are ambiguous, some require a specific knowledge of how your system is configured in order to know where to look, and others require a series of steps, each depending on the output of the previous step.

Let me clarify by going through the list of 13 questions you attached.  I'll even answer the easy ones.

  1. Is a separate memory pool set up for EnterpriseOne QZADASOINT jobs
    First, you need to determine which jobs belong to JDE EnterpriseOne, then you need to examine all of the subsystem descriptions on your system to verify that there is a private pool used only by those specific jobs.  That's not a command, that is a procedure.

  2. Is SMP enabled on the 400 if it has Multi-Processors
    This one is easy.  SMP (Symmetric Multiprocessing) is a licensed program.  GO LICPGM and take option 10.  Review the list and see if it is on there.

  3. Are QZDASOINIT jobs set up as pre-start
    Easy one:  WRKACTJOB, look for QZDSAOINIT and see if they are listed as Prestart jobs.

  4. Is Shared Access Path set to *YES
    On what?

  5. Is As/400 Journaling enabled
    On what?  Anywhere?  On specific files?  

  6. Is Ethernet Adapter set to 100MB Full Duplex and using TCP/IP only
    Part easy, part not so easy.  WRKLIND with your ethernet line description object and examine the DUPLEX setting.  Determining definitively if you are using TCP/IP only requires analysis to eliminate other protocols, and is not just a simple command.

  7. Is Host Name Search Priority set to *Local
    CFGTCP, option 12

  8. Is Access path size set to *MAX1TB
    On what?  This is a file-level setting on each file with an index.

  9. Have all PTFs from latest IBM APAR for current OS been applied
    First of all,this is a silly question that makes no sense.  An APAR is an Authorized Program Analysis Report.  It is an official report, entered by IBM of a bug.  Each bug may apply to your environment, or not.  SOme APAA's don't have PTF's.  This question should read: "Ary toy current on Cumulative and HIPER PTF's for your OS version and any licensed programs installed on your system."  Anyway, this is an entire procedure.  First you need to ddetermine your OS version and release, then you need to determine your current PTF level for the OS, and thhen you need to determine Group PTF levels for key licensed programs, etc., etc.,

  10. Are Job Values set to *WRAP
    For what jobs?  Every job description can containa different value, and jobs that are submitted from job schedulers, batch programs, and manually can override job description settings.

  11. Is Expert Caching enabled for memory pools
    Easy one: WRKSHRPOOL - If it says *CALC for paging, then Expert Cache is on.

  12. Is QPWFSERVER set to *Eligible for Purge
    WRKJOB QPWFSERVER, option 1 or 2, look for Eligible for purge *YES or *NO

  13. Is REUSEDLT set to *YES for Physical Files
    Which physical files?  This is a file-level setting that can be different for every file.
I'm not trying to be difficult, it is just that it isn't as simple as you seem to feel.

- Gary Pattterson




0
 
LVL 34

Expert Comment

by:Gary Patterson
ID: 24427745
Let me clarify 4 & 5 further:

Again these are file-level setting that can be set differently for every file on the system.  What files are we talking about?

- Gary Patterson
0
 
LVL 27

Assisted Solution

by:tliotta
tliotta earned 100 total points
ID: 24427782
matrix0511:

The biggest problem is that a number of answers in the AS400-Audit2.doc file are wrong and I don't even need to see what system was being audited. Additionally, 'yes' or 'no' answers don't make sense for many of the questions.

> Are QZDASOINIT jobs set up as pre-start

Well, yes (probably; maybe). But so what? How does that in any way answer if pre-starts are actually being used? What does 'set up' mean? A subsystem has pre-start entries for QZDASOINIT? What if that subsystem isn't active today? Should no QZDASOINIT jobs be allowed outside of a pre-start environment? Ever?

> Is Shared Access Path set to *YES

For what? The weekly PAYROLL job? Some job kicked off by a stored procedure CALL via a Net.Data macro? A logical file in someone's current library?

> Is Expert Caching enabled for memory pools

Which ones? All of them? or only ones where it makes sense? Which ones make sense on this system?

> Have all PTFs from latest IBM APAR for current OS been applied

The answer could be "Yes" and that could mean that 95% of the most important PTFs are not applied. The answer possibly _should_ be "No." If it's "Yes", it could even mean that the system is in such bad shape that it can't even IPL. It might be that the PTFs from the latest IBM i APAR were marked "defective" and whoever put them on this system should be laid off. Or, what if this system is running i5/OS instead of IBM i? Should there still be an attempt to apply PTFs for the 'current OS'? What is 'current OS'?

My concern is that there seems to be no point to the document. It doesn't seem to be useful for anything except maybe to test the auditor to see what kind of strange answers come back.

I suspect that you were handed the document by someone who really had no idea how to audit this kind of system. That's not your fault and you're not being blamed for it.

But you need to accept that these questions are almost useless. The answers simply can't be 'yes' or 'no' while making sense.

Can you give something of a description of the working environment? Are you in a staff position and stuck with the task of filling in the answers? Are you a consultant from outside trying to learn? If from outside, is this a task assigned by the client or by one of your managers?

Really, we're more than willing to help. But the very first thing we want to do is make sure you're going in a right direction.

Tom
0
 

Author Comment

by:matrix0511
ID: 24427866
Tom/Gary, first of all, thanks so much for taking the time to break all this down. Yes, you are correct, I was just given this list by my manager and told to get the answers. So, I do agree that it does look like this doc is not complete.

and I do now totally  understand what  you  mean when  you say some of the items need more than just a Yes or No response.

Thanks for answering the ones that you could.

I would like to know more about a couple of the items listed though. Journaling. is that the same as "logging" on the 400?? I think the person who came up with that question was asking if journaling is enabled for the entire system. is that possible?? so that any activity is journaled?

Also, I was  under the impression that some of these items were "global" settings. For example:" Is REUSEDLT set to *YES for Physical Files?".  "Are Job Values set to *WRAP?"  Is there not a global setting for all files? Also, Expert Caching. I was told this was a global setting I could set.  If that's not the case, I will accept that.

Again, I do really appreciate all your input. I will now definitely go back and give my manager some positive feedback! Haha.

Thanks again guys! And sorry if I came across as a little snappy. I have just been frustrated trying to find the answers to these items. :-(
0
 
LVL 34

Assisted Solution

by:Gary Patterson
Gary Patterson earned 350 total points
ID: 24427918
Journaling is a logging function, most commonly used for logging individual (record-level) changes to database files, but it has other uses, too, including managing access path updates to minimize downtime in the event of a system failure (SMAPP), security auditing, and more.  It is not "global to the system", it is managed for each and every object seperately.

Of the others that you listed in your last post, only Expert Cache is a "global setting",  I think I outlined these in plenty of detail above.

I've developed security and performance standards for clients, developed audit checklists, conducted audits, and been audited as a system administrator, and I think I'm qualified to tell you that whoever wrote this was just going through the motions: it is sloppy, unprofessional, and serves no useful purpose that I can see.  It is also not a document that is designed to be completed by an inexperienced system administrator.

Good luck with your boss.

- Gary Patterson
0
 

Author Comment

by:matrix0511
ID: 24427960
Hey Gary, for items: 4, 5 8, 10 & 13 you mentioned that I need to first know what specific files or jobs first. Assuming I know the specific files and jobs for itmes: 4, 5 8, 10 & 13, could you give me the command (s) I need to enter to get the info I need for those specific files?

Thanks again! You definitely sound like you have a wealth of 400 skills and knowledge. :-)
0
 
LVL 34

Expert Comment

by:Gary Patterson
ID: 24427991
Display File Description (DSPFD) will get you most file-specific information from individual files.

For Job queue wrapping *WRAP, it can be a bunch of places:   In various job descriptions (DSPJOBD, but which job descriptions are we concerned with?  All of them?), in scheduled job entries (do you use the native scheduler another IBM or third-party job scheduler?), in programs that submit jobs (that probably means searching the source code of every program on the system: RPG, CL, SQL stored procedures, Java, etc.), jobs submitted from remote systems, etc.  

- Gary Patterson
0
 

Author Comment

by:matrix0511
ID: 24428010
Thanks Gary! If it's ok with you. I'd like to keep this question open just for a couple of more days. i may have a few more quesitons. Thanks again!
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:matrix0511
ID: 24428119
Gary, one last question for the night. I am trying to find out the total disk space, used space and free space on an as400. I am at the correct screen: Work With System Status. I'm just not 100% sure how to calculate the numbers. See the attached screen print. It shows: 3903 G for "Total". How should I translate that into Gigs?? Thanks.
Work-With-System-Status-screen-p.doc
0
 
LVL 34

Expert Comment

by:Gary Patterson
ID: 24428153
In the future, we would all appreciate it if you would please post new questions as new questions.

It is Gigabytes, that's what the "G" is for.

- Gary Patterson
0
 

Author Comment

by:matrix0511
ID: 24428171
I will. Sorry about that.

I figured it was Gigs, but am I to believe they have 3 thousand 9 hundred Gigs of space????That's why I thought I needed to translate that to a lower number.
0
 
LVL 34

Expert Comment

by:Gary Patterson
ID: 24428218
Yep.  More commonly know as 3.8 terabytes.  Why is that surprising?  I have a 2TB external USB drive hooked up to my laptop - I paid less than $200 for it.  The drives the AS/400 uses are smaller and faster, but it is still a moderate amount of disk space by today's standards.

- Gary Patterson
0
 
LVL 27

Expert Comment

by:tliotta
ID: 24428270
matrix0511:

Some general elaboration on a couple elements...

Expert Cache is kind of "global", but maybe not. It's more associated with particular memory pools. However, when set for a memory pool, it can affect every process that runs in that pool. The WRKSHRPOOL command will list all shared memory pools and which ones are *FIXED and which are *CALC. (A third possibility is [USRDFN] which is a little beyond this discussion.) Unfortunately, that won't tell you if the setting is correct nor if it's helpful or harmful.

*WRAP may be global in the sense that the QJOBMSGQFL system value will supply the default value for all jobs in the system. But it won't tell you if it's in effect for any given job nor if it's a good idea. If I had to choose a value, I'd go with *NOWRAP first. Once familiar with the system, I'd probably switch to *PRTWRAP. The *WRAP option is a difficult one to recommend because it guarantees that logging information is lost when it actually starts to wrap. (There's an additional problem that _rarely_ arises, but it's almost certain to arise _only_ when wrapping is allowed, including *PRTWRAP.)

The WRKSYSVAL command is the major entry point to the most important "global" settings -- the 'system values'. The command by itself will bring up the full list. Names can also be given generically (e.g., WRKSYSVAL QJOB* for all related "job" system values). Other variations are possible.

Journaling -- as Gary noted, it's a kind of logging function. It's most commonly associated with database logging, but journaling is much more on AS/400s. A primary characteristic of journaling is that once auditing is enabled for the system, there are no IBM-supported interfaces for removing entries (that aren't used by the database itself) from a journal without leaving additional audit entries. Yes, you can issue commands to delete journals and any associated receivers, but those actions are themselves logged as audit entries.

Journals are fundamental audit tools on AS/400s. Two particular journals of potential importance are QAUDJRN for system auditing and QACGJRN for system job accounting. Numerous others exist that _might_ be important depending on what your system does. Mail services, object distribution, and other facilities can make use of journals.

In any case, for the remainder of this question's life, pretty much anything Gary (or daveslash) tells you is worth more than what it costs. You'll get a reliable education with minimal effort.

Tom
0
 

Author Comment

by:matrix0511
ID: 24428293
Ok. Thanks guys! All of your have been awesome! And very quick responses! :-)
0
 
LVL 27

Expert Comment

by:tliotta
ID: 24428402
matrix0511:

> It shows: 3903 G for "Total". How should I translate that into Gigs??

One more minor detail that you need to memorize and use over and over...

When looking at any system screen, use the arrow keys to move the cursor anywhere and press the <F1> key.

<F1> is the universal [help] key. There is a huge amount of context help built into almost everything you look at. And pay attention to the legends -- the <F-key> legends at the bottom of most screens, the 'Options' legends near the headings on many list screens, etc.

Also, you _might_ want to avoid commands like WRKSYSSTS and use DSPSYSSTS instead. It's far more difficult to make accidental changes on a 'Display' screen than on a 'Work with...' screen, eh? Ya' never know...

Tom
0
 
LVL 32

Expert Comment

by:shalomc
ID: 24430137
matrix0511,
I read this thread with interest, but one thing puzzles me: why an auditor needs to know the answers for many of the questions asked.

Don't get me wrong: it is good that all access paths' sizes are set to *MAX1TB, but somehow I can't see the value of including this question (and some others) in any audit, while other questions are not included.

cheers,
ShalomC
0
 

Author Comment

by:matrix0511
ID: 24430495
Great points Tom! Thanks I will do that!

Shalomc, I agree with you. but again, I'm no AS400 expert.

On the subject of audit and the fact that the one I'm using is obviously not complete or accurate enough,

Tom/Shalomc/Daveslash/Gary,

Do you guys have any audit template docs out there that I could use vs. the one I have? Or any web link to an audit that you trust and that would be more thoorough? I'm open to any suggestions you have.

Please let me know if I should put this in another question post. The only reason I was hesitant to create a new quesiton post, is becuase I would prefer to continue to work with you guys on this. You all have a wealth of knowledge and i'm sure you probably  have a better audit doc I could use.

Just let me know what you think. Thanks!
0
 

Author Comment

by:matrix0511
ID: 24431100
Gary, just FYI, we found out that by issuing the following command will tell us if Journaling is running or not

WRKJRNRCV JRNRCV(OWJRNL/*ALL)

Is this because OWJRNL is a specfic file/LIB to check against?? Or is this a case were we can check journaling globally?
0
 
LVL 32

Assisted Solution

by:shalomc
shalomc earned 50 total points
ID: 24431818
google this query
audit as400 filetype:doc
and check out the first two links.
(the documents' properties disclose the consulting firms who wrote them)

it is a bit outdated, but mostly valid for an audit.

from a security point of view, you need your AS400 not audited but pentested.
0
 

Author Comment

by:matrix0511
ID: 24432203
Thanks!
0
 

Author Closing Comment

by:matrix0511
ID: 31583290
Thanks to all for your expert comments!
0
 
LVL 27

Expert Comment

by:tliotta
ID: 24434920
matrix0511:

The docs you uploaded have a title area that narrows the focus significantly -- 'DB2/AS-400 Database Audit'. It's mostly about some guidelines related to particular aspects of database access performance in a networked environment. It might be used to give a new DBA a kind of baptism into some of the range of elements that a DB2 DBA would want to know about on a AS/400 (or later iSeries or System i).

> WRKJRNRCV JRNRCV(OWJRNL/*ALL)

That command will return a list of all journal receivers in a library named OWJRNL; at least, it will list the ones you're authorized to see.

It won't tell you if receivers exist in other libraries.

> Is this because OWJRNL is a specfic file/LIB to check against?? Or is this a case were we can check journaling globally?

No. OWJRNL is most likely a library that was created for OneWorld. It indeed might be the only library you really care about if the focus is primarily over OneWorld performance.

Be very aware at the <F-keys> at the bottom of the list, and especially note the <F-keys> that become available after you select (option 5=Display attributes) a receiver from the list. Once you are displaying a receiver's attributes, you are given the ability to switch to see the attributes of that receiver's journal also (<F10>=Work with journal attributes).

By switching to the journal itself, you then gain the ability to see which objects are being journaled into that journal's receivers.

Note that it _cannot_ tell you about objects that are _not_ being journaled. (For that, a different approach is called for.)

Tom
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
RDP Disconnect Problem with W8.1 5 21
db2 != check 14 50
Ubuntu 16.04 Emergency Boot 2 150
Windows pro to home 2 70
November 2009 Recently, a question came up in the DB2 forum regarding the date format in DB2 UDB for AS/400.  Apparently in UDB LUW (Linux/Unix/Windows), the date format is a system-wide setting, and is not controlled at the session level.  I'm n…
In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now