Analyzing Recent Data on Users and Groups with the Rule Wizard
The Rule Wizards analyze data on recent system activity to develop and improve rules for filtering future activity.
To develop rules to filter incoming activity by the user or group requesting it, first create a data set of recent activity, as shown in Creating a Data Set for Users and Groups with the Rule Wizard.
Once you have created a data set, select 42. Re-use Data Set from the Work with Users screen (STRAUD > 3).
The Plan User Security screen appears:
| Plan User Security Type choices, press Enter. Subset . . Exists 2=Set by use 4=Dlt 5=DSPFWLOG 6=Crt rule 7=Stats G=Groups U=Users E=CHGUSRPRF Specific rule exists F F F F R R S D O R F O C C C N N M T No specific rule I T T T E R M Q B B M I R S S S P P S C Current: Y, V=By verb L P P P X E T L O J T L D V L L D C C R R G P Revised: Y, N T L S C L X S E S P N I S S T P I I D R N L E S S S User Grp/ Exi- F O R L O E Q N Q E D N R R A R C C D D V N N P R G Opt User sts R G V N G C L T L N B F V V Q T M M M A M M T L V N %ADM Current Y Y Y Y Y Y Y Y V Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Done Y Y Y Y Y Revised %GROUP1 Current Y Y Y Y Y Y Y Y Y Y Y Y Y V Y Y Y Y Y Y Y Y Y Y Y Y Done Y Y Revised DB Y Current Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Done Y Y Y Revised QLWISVR Y Current Done Y Revised More... F3=Exit F6=Add New F8=Print F12=Cancel F17=Set by use globally |
Much of the screen is made up of groups of three lines.
The User Group/User field on the first line shows the user or group to whom the rules apply. If the name is on a green background, a rule set applies directly to that server. If the name is on a pink background, the user or group is included in rules for a generic group.
The rest of each of the lines shows the rules for a set of servers for one user or group.
Each server is shown in a separate column with the name spelled vertically at the top of the column:
- FILTFR: Original File Transfer Function
- FTPLOG: FTP Server Logon
- FTPSRV: FTP Server-Incoming Request Validation
- FTPCLN: FTP Client-Outgoing Request Validation
- REXLOG: REXEC Server Logon
- REXEC: REXEC Server Request Validation
- RMTSQL: Original Remote SQL Server
- SQLENT: Database Server - entry
- SQL: Database Server - SQL access & Showcase
- DBOPEN: Open Database
- NDB: Database Server - data base access
- OBJINF: Database Server - object information
- RMTSRV: Remote Command/Program Call
- FILSRV: File Server
- DTAQ: Data Queue Server
- VPRT: Original Virtual Print Server
- ORLICM: Original License Management Server
- CSLICM: Central Server - license management
- DDM: DDM request access
- DRDA: DRDA Distributed Relational DB access
- CSCNVM: Central Server - conversion map
- CSCLNM: Central Server - client management
- NPRENT: Network Print Server - entry
- NPRSPL: Network Print Server - spool file
- MSGSRV: Original Message Server
- TCPSGN: TCP Signon Server
Each of the three lines shows the state of rules for the relevant user or group.
- Current shows the rules for each server as they now stand. Possible values include:
- Y: Access requests are accepted
- N: Access requests are rejected
- V: Access requests depend on the server verb used
- Blank: No rule is set. The user or group inherits the rule for the next higher group, up through *ALL
- Done shows the results of the actual activity found for that user or group and server in the data set
- Revised shows the changes that you are making to the rules
To view the statistics on activity by a specific user during the time period in the data set, enter 7 in the Opt column for that use. The Statistics by Server for User screen appears.
To view a list of the users in a group, enter G in the Opt column for that group. The List of Users in User Group window appears, listing the users in the group.
To view a list of the groups containing a user, enter U in the Opt column for that group. The List of Users in Group Profile window appears, listing the users in the group.
To add rules for a new user, press the F6 key. The Add User Security screen appears, as shown in Adding Firewall Rules for Users and Groups with the Rule Wizard.
To change rules based on activity in the data set, see Setting Firewall Rules based on Activity for Users and Groups with the Rule Wizard.
To change rules based on activity globally, press the F17 key (Shift+F5). The rules for all the users and groups in the data set change, accepting activity on all servers that the user or group had accessed during the period that the data set covered.
To change rules manually, see Setting Firewall Rules Manually based on Users and Groups with the Rule Wizard.
To delete the rules for a user, enter 4 in the Opt field for that user. NOTE: You are not prompted for confirmation, and the user's rules are immediately deleted.
To display the firewall log entries relevant to this user, enter 5 in the Opt field for that rule. The Display Firewall Log screen appears, as shown in Displaying Firewall Logs.
To print the information from the data set, press the F8 key.