Defining Files for Firewall to Track
While Firewall can track and log all accesses to all of your data files, this can place a heavy load on your resources. Some files are less critical than others and do not need to be watched as intently.
As shown in Controlling DBOPEN and SQL Access, you can set Firewall to
- track attempts to access a limited set of files and
- limit the types of accesses that it tracks to
- only those that change the files or
- only those specified in the user profile of the person requesting the access.
Defining the set of files takes place in two stages:
- Planning and creating the set of files
- Checking and implementing the changes.
Planning Changes to the Set of Files that Firewall Tracks
To plan changes to the set of files, select 51. Plan Object Auditing from the Native Object Security screen (STRFW > 4) as shown in Setting Firewall Rules for Native Objects.
The Work with Object Auditing Plan screen appears:
| Work with Object Auditing Plan Type options, press Enter. Position to . 1=Modify 3=Copy 4=Remove 5=Check library Subset . . . Opt Library Object Type Value SMZ1DTA *ALL *FILE *CHANGE TZION *ALL *FILE *CHANGE VICTOR *ALL *FILE *CHANGE Bottom F3=Exit F6=Add new(based on cursor) F12=Cancel F13=Repeat F14=Clear repeat |
The body of the screen lists files that Firewall is to track. For each it shows the standard Opt field followed by:
Library
A library containing the files.
Object
The name or generic* name of the files within the library. If set to *ALL, all files in the library are tracked.
Type
The type of objects to be tracked. This is always *FILE.
Value
The access attempts that Firewall tracks for these files. The auditing value can be:
- *NONE: No access attempts.
- *USRPRF: Set by the user's profile definition.
- *CHANGE: Attempts to change the file or its contents, but not attempts to read it.
- *ALL: All access attempts.
Adding Files for Firewall to Track
To add a new set of files for Firewall to track, place the cursor in the Opt field of a line for similar files on the Work with Object Auditing Plan screen, and press the F6 key.
The Add Object Auditing Value Plan screen appears:
| Add Object Auditing Value Plan Type choices, press Enter. Library . . . . . . . . . TZION Name Object . . . . . . . . . . Name, generic*, *ALL Object type . . . . . . . . *FILE *FILE, *CMD, *PGM, *DTAARA ... Auditing Value . . . . . . *CHANGE *NONE, *USRPRF, *CHANGE, *ALL F3=Exit F4=Prompt F12=Cancel |
The fields that appear correspond to those on the previous screen. Values for several fields are filled with those from the original item.
Change the auditing values to those for the new set of files and press Enter. To confirm the values, press Enter again.
The Work with Object Auditing Plan screen reappears with the new item added.
Copying Auditing Values for Files
To copy the auditing values from one set of files to another, enter 3 in the Opt field for the item on the Work with Object Auditing Plan screen.
The Copy Object Auditing Value Plan screen appears:
| Copy Object Auditing Value Plan Type choices, press Enter. To library *SAME Name, *SAME To type *SAME *SAME *ALL, *FILE, *PGM, *DTAARA... Library Type Object New name New type TZION *FILE *ALL *ALL Bottom F3=Exit F4=Prompt F12=Cancel |
The fields at the top of the screen show the location of the new set of files:
To library
The library containing the new group of files. To keep the same library as the original set, use the default value of *SAME.
To type
The type of files to be considered.
The body of the screen has lines for each copy to be made. After the standard Opt field, the Library, Type, and Object fields show the values of the original set. The remaining two are:
New name
For the specification for the new group of files within the library specified in the To library field. This can be a name, a generic* name, or *ALL.
New type
The object type of new group of files, if it differs from the type set in the To type field.
When you have entered values into the needed fields, press Enter. Fields that had been left blank are filled in with values based on what was entered in other fields. To confirm the changes, press Enter again.
The Work with Object Auditing Plan screen reappears with the new items added.
Removing Files from the Set for Firewall to Track
To remove files from the set that Firewall examines, enter 4 in the Opt field for the item on the Work with Object Auditing Plan screen.
The Remove Object Auditing Value Plan screen appears:
| Remove Object Auditing Value Plan Press Enter to confirm remove. Press F12 to cancel and return without removing. Library Type Object Value TZION *FILE TEST* *CHANGE Bottom F3=Exit F4=Prompt F12=Cancel |
The body of the screen shows the set of files that you had selected for removal.
To confirm the removal, press Enter.
To cancel the removal, press the F12 key.
The Work with Object Auditing Plan screen reappears.
Checking and Implementing Changes to the Set of Files that Firewall Tracks
To check the changes that are planned to the set of files before implementing them, select 52. Check Object Auditing from the Native Object Security screen (STRFW > 4) as shown in Setting Firewall Rules for Native Objects.
The Work with Object Auditing Value Status screen appears:
| Work with Object Auditing Value Status Type options, press Enter. Position to . 1=Check Subset . . . Opt Library SMZ1DTA FileScope Temporary library (A) TZION VICTOR Victor training Bottom F3=Exit F12=Cancel |
Each line on the body of the screen lists the name and a free-form text description of each library that contains files that Firewall is currently examining or will examine once the changes are set.
To see the current and planned auditing values for each file within the library, enter 1 in the Opt field for that line.
The Check Objects window appears.
| Work with Object Auditing Value Status Type options, press Enter. Position to . 1=Check Subset . . . Opt Library ...................................................... SMZ1DTA : Check objects : 1 TZION : : VICTOR : Objects in library . . TZION Name : : According to plan of . *AUTO Name, *AUTO : : *AUTO uses the "Library generic* setting" (see the : : menu), to determine the policy library to use. : : : : F3=Exit F4=Prompt : : : :....................................................: Bottom F3=Exit F12=Cancel |
The window contains two fields:
Objects in library
The name of the library containing the files.
According to plan of
Firewall can check the contents of one library according to the rules for another one.
To use the rules for a different library, enter its name in this field.
To use a predefined setting for another library to use, as shown in Substituting Firewall Rules for Native Objects with Rules from a Policy Library set this field to *AUTO.
To view the files in the library, press Enter.
The Work with Object Auditing Value screen appears.
| Work with Object Auditing Value Objects in library . . TZION Subset by Object . . According to plan of . TZION Type . . . . Text . . . . Type options, press Enter. In mismatch . Y, N 3=Set as planned --- Actual --- -- Planing --- Opt Object Type Status Auditing Value Auditing Value AUDIT *FILE Same *CHANGE *CHANGE BLOBNUL *FILE Same *CHANGE *CHANGE BLOBREG *FILE Same *CHANGE *CHANGE CASTN *FILE Same *CHANGE *CHANGE CASTNEW *FILE Same *CHANGE *CHANGE CAST99 *FILE Same *CHANGE *CHANGE CHAR6A *FILE Same *CHANGE *CHANGE CHAR6B *FILE Same *CHANGE *CHANGE CUSTOMER *FILE Same *CHANGE *CHANGE CUSTOMER10 *FILE Same *CHANGE *CHANGE FWOUTFILE *FILE Same *CHANGE *CHANGE GSCALP1 *FILE Same *CHANGE *CHANGE More... F3=Exit F5=Refresh F12=Cancel |
The body of the screen contains a line for each file in the library.
To see only files for which change is planned, type Y in the Is mismatch field toward the top of the screen and press Enter.
To see only files for which change is not planned, enter N in the Is mismatch field toward the top of the screen and press Enter.
For each file, it shows these fields:
Opt
This standard field is only available for files that are set to be changed.
Object
The name of the file.
Type
The type of object. In this context, it is always *FILE.
Status
If a change is planned, Not same. If change is planned, Same.
Actual Auditing Value
The current auditing value for the file. The value can be:
- *NONE: No access attempts.
- *USRPRF: Set by the user's profile definition.
- *CHANGE: Attempts to change the file or its contents, but not attempts to read it.
- *ALL: All access attempts.
Planned Auditing Value
The planned auditing value for the file. If no change in value is planned, it is the same as the previous field.
To implement the changes for a file, enter 3 in the Opt field on the line for that file. The standard Change Object Auditing (CHGOBJAUD) screen appears. Press Enter to confirm the change.