How do you audit QSH commands on iSeries? (NETIQKB70898)

  • 7770898
  • 29-Jan-2008
  • 14-Aug-2008

Environment

NetIQ Security Solutions for iSeries 8.0

Situation

How do you audit QSH commands on iSeries?

Resolution

When Environment Variable QIBM_QSH_INTERACTIVE_CMD (Initial interactive command) is set to a command string, QSH runs the command when an interactive session is started.

The variable must be set before calling the QSH CL command to have QSH run the command. There is no default value.

Example:

ADDENVVAR ENVVAR(QIBM_QSH_INTERACTIVE_CMD) VALUE('set -l') REPLACE(*YES)

However, this only affects the current job.

If you specify LEVEL(*SYS), the environment variable will affect all jobs:

ADDENVVAR ENVVAR(QIBM_QSH_INTERACTIVE_CMD) VALUE('set -l') REPLACE(*YES) LEVEL(*SYS)

To reset the variable:

ADDENVVAR ENVVAR(QIBM_QSH_INTERACTIVE_CMD) VALUE(*NULL) REPLACE(*YES) LEVEL(*JOB)

ADDENVVAR ENVVAR(QIBM_QSH_INTERACTIVE_CMD) VALUE(*NULL) REPLACE(*YES) LEVEL(*SYS)

If SAA is being used to capture joblogs, you can set up SAA select/omit criteria and then scan the joblogs for jobs named QZSHSH for the following string:

'Message . . . . : QSH CMD'

Additional Information

Formerly known as NETIQKB70898

If you activate SAA then you need to perform housekeeping on the files created ALPF01/03

Please see KB 30667 at the following url for details : https://srmanager.netiq.com/eservice_enu/start.swe?SWECmd=InvokeMethod&SWEMethod=NETIQGOTO&SWEService=NETIQKBGOTO&SWERF=1&SId=NETIQKB30667


Feedback service temporarily unavailable. For content questions or problems, please contact Support.