Analyzing Recent Data on IFS Objects with the Rule Wizard
The Rule Wizards analyze data on recent system activity to develop and improve rules for filtering future activity.
To develop rules to filter incoming activity by the IFS object on which it is requesting to operate, first create a data set of recent activity, as shown in Creating a Data Set on IFS Objects with the Rule Wizard.
Once you have created a data set, select 42. Work with Rule Wizard from the IFS Security screen (STRFW > 5).
The Plan IFS Security screen appears:
| Plan IFS Security Subset: Type choices, press Enter. File Sys/Root 1=Statistics 2=Allow by use 3=Display Dir/Filename 4=Delete 5=DSPFWLOG 6=Create Rule Grp/User 7=WRKLNK 8=WRKAUT 9=Add similar Higher level only (Y-Yes) G=Groups U=Users E=CHGUSRPRF C>R=Current to Revised Specify revised authority in the R column. Y/S Alw/Skip Y=Allow, S=Skip N Rejected N=Reject Y/S Alw/Skip (fr higher level) Rd Wrt Crt Rnm Dlt Mov File Sys/ N Rejected (fr higher level) Opt C>R C>R C>R C>R C>R C>R Root Dir Directory/File name Grp/User Entries N S N N N N test test TEST Bottom F3=Exit F6=Add New F8=Print F12=Cancel F17=Allow by use globally |
Each line on the lower part of the screen represents requests within the data set by a single user or group to access a single object.
After the Opt field, the first five pairs of fields show ways that objects can be accessed.
- Rd: Read
- Wrt: Write
- Rnm: Rename
- Dlt: Delete
- Mov: Move
The pairs of fields for each are:
- a letter on a colored background, showing how Firewall responded to the activity according to current rules
- an underscore in which you can revise the rule
The letter codes are:
- Blank or N: Reject all incoming activity
- S: Allow activity, but do not log this
- Y: Allow activity
The color codes are:
- Green: A rule specifically referring to this user or group and object accepts this activity
- Red: A rule specifically referring to this user or group and object rejects this activity
- Blue: A rule for a generic set of users, groups, or objects that includes this one accepts this activity
- Purple: A rule for a generic set of users, groups, or objects that includes this one rejects this activity
The following fields show the location of the object and the user or group accessing it.
The File Sys/Root Dir field shows the file system or root directory containing the object.
The Directory/File name field shows the directory containing the object and the file name of the object itself. The field is truncated to twenty characters. To see the full file path, type 3 in the Opt field for the rule and press Enter.
The Entries field shows the number of requests made during the time period in the data set.
To view the statistics on activity by a specific user or group on a specific object during the time period in the data set, type 1 in the Opt column for that row and press Enter. The Display Statistics for IFS object window appears.
| Display Statistics for IFS object File Sys: HOME Dir: SCREEN⁄JOE-QPADEV001L User: %GROUP1 Total Read Write Rename Delete Move Entries 12 12 Rejected 12 12 F3=Exit Rd Wrt Rnm Dlt Mov File Sys⁄ N Rejected(from higher level) Opt C>R C>R C>R C>R C>R Root Dir Directory⁄File name Grp⁄User Entries 1 N N N N N HOME SCREEN⁄JOE-QPADEV001L %GROUP1 12 N N N N N HOME SCREEN⁄JOE-QPADEV001L %GROUP1 24 N N N N N HOME SCREEN⁄JOE-QPADEV001L %GROUP1 12 N N N N N HOME SCREEN⁄JOE-QPADEV001L %GROUP1 24 N N N N N HOME SCREEN⁄JOE-QPADEV001L %GROUP1 12 N N N N N HOME SCREEN⁄JOE-QPADEV001L %GROUP1 12 N N N N N HOME SCREEN⁄JOE-QPADEV001L %GROUP1 12 N N N N N HOME SCREEN⁄JOE-QPADEV001L %GROUP1 12 N N N N N HOME SCREEN⁄JOE-QPADEV001L %GROUP1 12 More... F3=Exit F6=Add New F8=Print F12=Cancel F17=Allow by use globally |
To add a new rule, press the F6 key. The Add IFS Object screen appears, as shown in Adding Firewall Rules for IFS Objects with the Rule Wizard.
To allow the shown access, type 2 in the Opt field for that rule and press Enter. The new rule is written, and the line in the subfile disappears.
To display the full IFS object, enter 3 in the Opt field for this access and press Enter.
To delete a rule, type 4 in the Opt field for that rule and press Enter. NOTE: You are not prompted for confirmation, and the rule is immediately deleted.
To display the firewall log entries relevant to this rule, type 5 in the Opt field for that rule and press Enter. The Display Firewall Log screen appears, as shown in Displaying Firewall Logs.
To change rules based on activity in the data set, type 6 in the Opt field for that rule and press Enter. If a rule had set a particular activity on an object by a user or group to be rejected, a specific new rule is set for that activity, object, and user to accept it. Otherwise, the option has no effect.
To work with object links in a rule, type 7 in the Opt column for the rule and press Enter. The OS/400 WOrk with Object Links screen appears, as described in IBM documentation.
To edit the object authority for the object in a rule, type 8 in the Opt column for the rule and press Enter. The OS/400 Work with Authority screen appears, as described in IBM documentation.
To add a rule for an object and a user or group similar to an existing one, type 9 in the Opt field for that rule and press Enter. The Add Similar Revised Security screen appears, as shown in Adding Firewall Rules for a Similar IFS Object with the Rule Wizard.
To change rules manually, see Setting Firewall Rules Manually based on IFS Objects with the Rule Wizard.
To view a list of the users in a group, type U in the Opt column for that group and press Enter. The List of Users in User Group window appears, listing the users in the group.
To view a list of the groups containing a user, type G in the Opt column for that group and press Enter. The List of Users in Group Profile window appears, listing the users in the group.
To change a user profile of the shown user (only valid if Grp/User is not %Group), type E in the Opt column for that user and press Enter. Change User Profile (CHGUSRPRF) screen for that user appears. Here, you are able, among others, to add a group profile to the user profile.
To print the information from the data set, press the F8 key.