Analyzing Recent Data on Users and Groups with the Rule Wizard
The Rule Wizards analyze data on recent system activity to develop and improve rules for filtering future activity.
To develop rules to filter incoming activity by the user or group requesting it, first create a data set of recent activity, as shown in Creating a Data Set for Users and Groups with the Rule Wizard.
Once you have created a data set, select 42. Re-use Data Set from the Work with Users screen (STRFW > 3).
The Plan User Security screen appears:
| Plan User Security Type choices, press Enter. Subset . . Skip Allow All Y Exists Y 2=Set by use 3=Add by use 4=Dlt 5=DSPFWLOG 6=Crt rule 7=Stts 8=Add to %Group 9=Add to GrpPrf G=%Groups P=GrpPrf U=Users E=CHGUSRPRF Specific rule exists F F F F R R S D O R F O C C C N N M T No specific rule I T T T E R M Q B B M I R S S S P P S C Current(Crn): Y, V=By verb L P P P X E T L O J T L D V L L D C C R R G P Revised(Rvs): Y, N T L S C L X S E S P N I S S T P I I D R N L E S S S User Grp/ Exi- Grp F O R L O E Q N Q E D N R R A R C C D D V N N P R G Opt User sts Prf R G V N G C L T L N B F V V Q T M M M A M M T L V N %EVG Crn Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Use Y Rvs HAIM Y N Crn Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Use Y Y Rvs OS Y Y Crn Use Y Rvs QSRVAGT Y N Crn Use Y Rvs More... F3=Exit F6=Add New F8=Print F12=Cancel F17=Set by use globally |
Much of the screen is made up of groups of three lines.
The User Group/User field on the first line shows the user or group to whom the rules apply. If the name is on a green background, a rule set applies directly to that server. If the name is on a pink background, the user or group is included in rules for a generic group.
The rest of each of the lines shows the rules for a set of servers for one user or group.
Each server is shown in a separate column with the name spelled vertically at the top of the column:
- FILTFR: Original File Transfer Function
- FTPLOG: FTP Server Logon
- FTPSRV: FTP Server-Incoming Request Validation
- FTPCLN: FTP Client-Outgoing Request Validation
- REXLOG: REXEC Server Logon
- REXEC: REXEC Server Request Validation
- RMTSQL: Original Remote SQL Server
- SQLENT: Database Server - entry
- SQL: Database Server - SQL access & Showcase
- DBOPEN: Open Database
- NDB: Database Server - data base access
- OBJINF: Database Server - object information
- RMTSRV: Remote Command/Program Call
- FILSRV: File Server
- DTAQ: Data Queue Server
- VPRT: Original Virtual Print Server
- ORLICM: Original License Management Server
- CSLICM: Central Server - license management
- DDM: DDM request access
- DRDA: DRDA Distributed Relational DB access
- CSCNVM: Central Server - conversion map
- CSCLNM: Central Server - client management
- NPRENT: Network Print Server - entry
- NPRSPL: Network Print Server - spool file
- MSGSRV: Original Message Server
- TCPSGN: TCP Signon Server
Each of the three lines shows the state of rules for the relevant user or group.
- Crn shows the rules for each server as they now stand. Possible values include:
- Y: Access requests are accepted
- N: Access requests are rejected
- V: Access requests depend on the server verb used
- Blank: No rule is set. The user or group inherits the rule for the next higher group, up through *ALL
- Use shows the results of the actual activity found for that user or group and server in the data set
NOTE: To use the Y in the Use line to create a new rule for the user/%group, enter 2 in the Opt column for that user/%group. The rule is written and the line disappears.
- Rvs shows the changes that you are making to the rules.
NOTE: To combine the Y in the Crn line plus the Y in the Use line to create a new rule for the user/%group, enter 3 in the Opt column for that user/%group. The rule is written, and the line disappears.
To delete the rules for a user, enter 4 in the Opt column for that user. NOTE: You are not prompted for confirmation, and the user's rules are immediately deleted.
To display the firewall log entries relevant to this user, enter 5 in the Opt column for that rule. The Display Firewall Log screen appears, as shown in Displaying Firewall Logs.
To create your own rule for the user/%group, regardless of lines Crt and Use, type the Y in the desired field of the Rvs line and enter 6 in the Opt column for that user/%group. The rule is written, and the line disappears.
To view the statistics on activity by a specific user during the time period in the data set, enter 7 in the Opt column for that use. The Statistics by Server for User screen appears.
To assign this user to an existing %group, enter 8 in the Opt column for that user.
| Plan User Security Type choices, press Enter. Subset . . Skip Allow All Y Exists Y 2=Set ..................................................................... 8=Add : List of User Groups : : Position to : T : Select User Group, press Enter. : C Curre : 1=Select : P Revis : Sel Name Text : S : %AAII : G Opt : %ACC : N : %ALEX123 : Y : %AOO : : %ATT : 8 : %BEFSCL12L : Y : %CSXX : : %DEVELOP1 : : More... : : : : F3=Exit F12=Cancel : : : :...................................................................: Rvs More... F3=Exit F6=Add New F8=Print F12=Cancel F17=Set by use globally |
The window displays only %groups that are not yet assigned to the user, and you can select one %group using option 1. The user is added to the %group, and the program returns to the previous screen. If you have to add a user to more than one %group, repeat this step.
To assign this user to an existing group profile, enter 9 in the Opt column for that user.
| Plan User Security Type choices, press Enter. Subset . . Skip Allow All Y Exists Y 2=Set ..................................................................... 8=Add : List of Group Profiles : : Position to : T : Select Group profile, press Enter. : C Curre : 1=Select : P Revis : Sel Name Text : S : ALEX Alex Muchnik : G Opt : ALEX2 Security Officer : N : ALEX3 Alex - Supporteam strong user : Y : AODSPC : : AU AU : 9 : CA Capture : Y : CNOOPGRP01 Test user for case #61414 (SeaSoft) : : CS CODESCOPE : : More... : : : : F3=Exit F12=Cancel : : : :...................................................................: Rvs More... F3=Exit F6=Add New F8=Print F12=Cancel F17=Set by use globally |
The window displays only group profiles that are not yet assigned to the user and you can select one group profile using option 1. The user is added to the group profile, and the program returns to the previous screen. If you have to add a user to more than one %group, repeat this step.
Note: If you do not see the desired group profile, this means that either the group profile is already assigned – you can check this with option P in the previous screen, in front of the user, or there is not yet a user assigned to the group profile. In this case, you can use option E in the previous screen in front of the user and add the group profile there. For the next user, you should see this group profile in the list of group profiles.
To view a list of the %groups assigned to this user, enter G in the Opt column for that group. The List of %groups window appears, listing the %groups of this user.
To view a list of the group profiles assigned to this user, enter P in the Opt column for that group. The List of group profiles appears, listing the group profiles for this user.
To view a list of the users in a %group or a list of users in a group profile, enter U in the Opt column for that %group/group profile. The List of Users in %group/Group Profile window appears, listing the users in the %group/group profile.
To add rules for a new user, press the F6 key. The Add User Security screen appears, as shown in Adding Firewall Rules for Users and Groups with the Rule Wizard.
To use the function "Set by use" for all users in the list, press the F17 key (Shift+F5). The rules for all the users and groups in the data set change, accepting activity on all servers that the user or group had accessed during the period that the data set covered.
To print the information from the data set, press the F8 key.
In all cases where options 2, 3, or 6 are used, the Writing New Rule screen appears:
| Update Existing Rule User . . . . . . . . %GROUP1 F F F F R R S D O R F O C C C N N M T I T T T E R M Q B B M I R S S S P P S C L P P P X E T L O J T L D V L L D C C R R G P T L S C L X S E S P N I S S T P I I D R N L E S S S F O R L O E Q N Q E D N R R A R C C D D V N N P R G R G V N G C L T L N B F V V Q T M M M A M M T L V N Current . . . . . . . Y Y Y Y Y Y Y Y Y Y Y Y Y V Y Y Y Y Y Y Y Y Y Y Y Y Done . . . . . . . . Y Y Y New authority . . . . Y Y Y Write this rule . . . Y Y=Yes, N=No Same answer to all . Y=Yes, N=No F12=Cancel |
To create a rule corresponding to the user or group's activity within the data set, type Y in the Write this rule field.
To accept the rule based on activity each time you create it within this session, type Y in the Same answer to all field.