Use this checklist along with auditing journal to audit unauthorized attempts to access information.
- Security-related events are logged to the security auditing journal (QAUDJRN)
when the auditing function is active.
To audit authority failures, use the following system values and settings:
- QAUDCTL must be set to *AUDLVL.
- QAUDLVL must include the values of *PGMFAIL and *AUTFAIL.
- The QMAXSIGN system value limits the number of consecutive incorrect access attempts to five or less. The QMAXSGNACN system value is set at 2 or 3.
- The QSYSMSG message queue is created and monitored.
- The audit journal is audited for repeated attempts by a user. (Authorization failures cause AF type entries in the audit journal.)
- Programs fail to access objects using interfaces that are not supported. (QSECURITY system value is set to 40 or 50.)
- User ID and password are required to sign on.
Security levels 40 and 50 enforce this. At level 20 or 30, you must make sure that no subsystem descriptions have a workstation entry that uses a job description that has a user profile name.