How do I generate real-time alerts for changes to specific user profiles? (NETIQKB53875)

  • Document ID:7753875
  • Creation Date:02-Feb-2007
  • Modified Date:18-May-2007
    • Micro Focus Products:
      Security Solutions for iSeries

Resolution

goal
How do I generate real-time alerts for changes to specific user profiles?

goal
How can I receive notification when a specific user profile is changed?

fact
PSDetect 8.0

fact
PSDetect 7.5

fact
PSSecure 7.5

fact
PSSecure 8.0

fact
Profile and Password Management (PPM) 7.5

fact
Profile and Password Management (PPM) 8.0

fact
NetIQ Security Solutions for iSeries 8.0

fact
VigilEnt Security Agent for iSeries 7.5

fix

To maintain the integrity and security of your operational environment, you should monitor and receive immediate notification of changes to specific user profiles, especially powerful profiles and communications profiles. To generate real-time alerts for changes to specific user profiles, you must use the attached source code to create a program that will generate the desired alert.

Program ZPCLAPICHG will generate a notification to QHST similar to the following, when a user profile is changed:

User profile Q123456789 was CHANGED in job 224455/QSECOFR/QPADEV0000.

The alerts that are sent to QHST will be picked up by PSDetect and can be managed through the PSDetect alert queue QHST.

Use the following steps to implement this program:

  1. Save the file https://download.netiq.com/kb/files/ZPCLAPICHG.txt  to the root of your PC?s local (C) drive.

  2. Copy the file from the PC to the iSeries using FTP:

    1. Open a new DOS or command window.

    2. Type the following command substituting the name of the iSeries server for [system name]. The iSeries IP (internet address) can be used instead of the system name.

      FTP [system-name]

    3. Type a user ID at the FTP prompt, and press Enter.

    4. Type the password at the FTP prompt, and press Enter.

    5. Type the following FTP commands, pressing Enter after each:

      put c:\ZPCLAPICHG.txt  QGPL/QCLSRC.ZPCLAPICHG

      quit

  3. On an iSeries command line, type CALL QCMD, press Enter, and then run the following commands:

    CRTCLPGM QGPL/ZPCLAPICHG QGPL/QCLSRC TEXT('React to action on user profile') REPLACE(*YES) ALWRTVSRC(*NO) AUT(*EXCLUDE)

    CHGPGM QGPL/ZPCLAPICHG USRPRF(*OWNER) USEADPAUT(*YES) RMVOBS(*ALL)

    CHGOBJOWN QGPL/ZPCLAPICHG *PGM NEWOWN(PSOBJOWN)

    GRTOBJAUT  OBJ(QGPL/ZPCLAPICHG) OBJTYPE(*PGM) REFOBJ(PSSECURE/ZPCL47)

    CRTDTAARA DTAARA(PSSECURE/ZPCHGP0100) TYPE(*CHAR) LEN(10) VALUE('ZPCLAPICHG') TEXT('Called from QIBM_QSY_CHG_PROFILE/CHGP0100') AUT(*EXCLUDE)

    CHGOBJOWN  OBJ(PSSECURE/ZPCHGP0100) OBJTYPE(*DTAARA) NEWOWN(PSOBJOWN)

    GRTOBJAUT  OBJ(PSSECURE/ZPCHGP0100) OBJTYPE(*DTAARA) REFOBJ(PSSECURE/ZPDA01)

    ADDMSGD MSGID(ZPW0501) MSGF(PSSECURE/ZPMSGS) MSG('User profile &1 was &2 in job &5/&4/&3 on system XXXXXXXX.')  FMT((*CHAR 10) (*CHAR 10) (*CHAR 10) (*CHAR 10) (*CHAR 6))

    CRTDUPOBJ ZPPF08 PSSECURE *FILE QGPL USRPRFALT DATA(*NO)

    CHGOBJOWN QGPL/USRPRFALT *FILE NEWOWN(PSOBJOWN)

    GRTOBJAUT QGPL/USRPRFALT *FILE REFOBJ(PSSECURE/ZPPF08)

  4. Use the following commands to load the file with the specific user profiles to monitor. Repeat the PSRUNSQL command for each user profile to monitor, substituting UUUUUUUUUU with each user profile name:

    ADDLIBLE PSCOMMON

    PSRUNSQL REQUEST('insert into QGPL/USRPRFALT (XUSER) VALUES(''UUUUUUUUUU'')')

    RMVLIBLE PSCOMMON

  5. Configure PPM Profile and Password Synchronization even though it will not actually be used for synchronization. It is necessary for the configuration objects and installs user profile exit programs. To configure PPM Profile and Password Synchronization, from PSMENU, select options 2, 2, 2, and 8.

  6. If you are not currently using PPM Profile and Password Synchronization to propagate profiles and passwords, disable synchronization globally. To disable synchronization, from PSMENU, select options 2, 2, 2, and 4. On the Profile Synchronizer Defaults screen, change the first four fields to N.

  7. Add user profile exit programs. To add user profile exit programs, from PSMENU, select options 2, 2, 2, and 10.

    I>Configure PSDetect to get alerts from QHST and perform specified actions by performing the following steps:

    1. From PSDetect menu, select option 3 (Work With Alert Filters) and press Enter.
    2. Select the Alert Queue QHST with option 5 (=Work with Filters) and press Enter.

    3. Press F6 (Create) to add a new filter.

    4. Specify the filter sequence and filter description (?user profile changes?) and press Enter.

    5. Specify Message ID ZPW0501, Message file ZPMSGS, and Library PSSECURE and press Enter twice.

    6. Press F4 to view list of available actions.

    7. Select the desired action using option 1, press Enter, and complete the alert configuration.
.


Additional Information

Formerly known as NETIQKB53875