How do you audit QSH commands on iSeries? (NETIQKB70898)

Document ID:7770898
Creation Date:29-Jan-2008
Modified Date:14-Aug-2008
- Micro Focus Products:
  Security Solutions for iSeries

Environment

NetIQ Security Solutions for iSeries 8.0

Situation

How do you audit QSH commands on iSeries?

Resolution

When Environment Variable QIBM_QSH_INTERACTIVE_CMD (Initial interactive command) is set to a command string, QSH runs the command when an interactive session is started.

The variable must be set before calling the QSH CL command to have QSH run the command. There is no default value.

Example:

ADDENVVAR ENVVAR(QIBM_QSH_INTERACTIVE_CMD) VALUE('set -l') REPLACE(*YES)

However, this only affects the current job.

If you specify LEVEL(*SYS), the environment variable will affect all jobs:

ADDENVVAR ENVVAR(QIBM_QSH_INTERACTIVE_CMD) VALUE('set -l') REPLACE(*YES) LEVEL(*SYS)

To reset the variable:

ADDENVVAR ENVVAR(QIBM_QSH_INTERACTIVE_CMD) VALUE(*NULL) REPLACE(*YES) LEVEL(*JOB)

ADDENVVAR ENVVAR(QIBM_QSH_INTERACTIVE_CMD) VALUE(*NULL) REPLACE(*YES) LEVEL(*SYS)

If SAA is being used to capture joblogs, you can set up SAA select/omit criteria and then scan the joblogs for jobs named QZSHSH for the following string:

'Message . . . . : QSH CMD'

Additional Information

Formerly known as NETIQKB70898

If you activate SAA then you need to perform housekeeping on the files created ALPF01/03

Please see KB 30667 at the following url for details : https://srmanager.netiq.com/eservice_enu/start.swe?SWECmd=InvokeMethod&SWEMethod=NETIQGOTO&SWEService=NETIQKBGOTO&SWERF=1&SId=NETIQKB30667