Base Support Menu

The Maintenance Menu enables you set and display global definitions for iSecurity Part 2.

The BASE Support menu enables you to work with various settings that are common for all modules of iSecurity. This menu, with all its options, is in all iSecurity major modules. To access the BASE Support menu, select 89. BASE Support from the Action Main menu.

 AUBASE​                         ​  BASE Support ​               ​   iSecurity/Base​ 
                                                            ​ System:​  ​ RLDEV   ​ 
 Email                      ​            ​ General                        ​        
  1. Address Book                ​       ​ 51. Work with Collected Data ​          
  2. Email Definitions           ​       ​ 52. Check Locks              ​          
  9. Target Restrictions         ​       ​ 53. Security Assessment      ​          
                                        ​ 54. Watchdog            ​               
 Operators​                              ​ 55. Raz-Lee Support Menu​               
 11. Work with Operators          ​      ​ 56. Re-create Damaged Data Queues​      
 12. Work with AOD, P-R Operators ​      ​ 58. *PRINT1-*PRINT9 Setup      ​        
                                        ​ 59. Global Installation Defaults​       
 Authorization Codes​                                                            
 21. Set Authorization Codes  ​          ​ Network Support​                        
 22. Display/Check Authorization Status​  71. Work with Network Definitions​      
                                        ​ 72. Network Authentication       ​      
 25. Display CPU/Lpar Information   ​    ​ 79. Operation on Remote Systems​        
                                                                                
                                                                                
 Selection or command                  ​                                         
 ===>​                                                                           
                                                                                
 F3=Exit   F4=Prompt   F9=Retrieve   F12=Cancel                                ​ 
 F13=Information Assistant  F16=System main menu                                
                                                                               ​ 

Email Address Book

You can define the email address to be used for each user profile. You can also use this option to define an email group, with multiple addresses.

  1. Select 1. Email Address Book from the BASE Support menu. The Work with Email Address Book screen appears.

  1. Press F6 to add a new address entry (or type 1 next to a name to modify it). The Add Email Name screen appears.

  1. Enter a Name, Description, and all the associated email addresses and press Enter.

Email Definitions

Action can send out automatic emails according to rules set by you.

  1. Select 89 >2. Email Definitions from the BASE Support menu. The E-mail Definitions screen appears.

  1. Enter the required fields and press Enter.

Operators and Authority Codes

Working with Operators

For a detailed explanation of this feature, see Getting Started.

Working with AOD, P-R Operators

iSecurityrelated objects are secured automatically by product authorization lists (named security1P). This strengthens the internal security of the product. It is essential that you use Work with Operators to define all users who have *SECADM, *AUDITor *AUD#SECADprivileges, but do not have all object authority. The Work with Operators screen has Usr (user management) and Adm for all activities related to starting, stopping subsystems, jobs, import/export and so on. iSecurity automatically adds all users listed in Work with Operators to the appropriate product authorization list.

  1. Select 89 >12. Work with AOD, P-R Operators from the BASE Support menu. The Work with Operators screen appears.

  1. Type 1 next to the user to modify his authorities (or press F6 to add a new user). The Modify Operator screen appears.

  1. Set authorities and press Enter. A message appears to inform that the user being added/modified was added to the Authority list that secures the product's objects; the user carries Authority *CHANGE and will be granted Object operational authority. The Authority list is created in the installation/release upgrade process. The SECURITY_P user profile is granted Authority *ALL whilst the *PUBLIC is granted Authority *EXCLUDE. All objects in the libraries of the product (except some restricted special cases) are secured via the Authority list.

Working with Authorization

You can insert license keys for multiple products on the computer using one screen.

  1. Select 89 > 21. Set Authorization Codes from the BASE Support menu. The Set iSecurity Authorization screen appears.

  1. Enter the required parameters and press Enter.

Display Authorization Status

You can display the current authorization status of all installed iSecurity products on the local system.

  1. Select 89 > 22. Display/Check Authorization Status from the BASE Support menu.

  1. Select options to see the authority details.

General

Working with Collected Data

Administrators can view summaries of Audit,Firewall, and Action journal contents by day, showing the number of entries for each day together with the amount of disk space occupied. Administrators can optionally delete individual days to conserve disk space.

  1. Select 89 > 51. Work with Collected Data from the BASE Support menu. The Work with Collected Data screen appears.

  1. Enter 3 (Action) and press Enter. The Work with Collected Data – Action screen appears.

  1. Select 4 to delete data from specific date(s) and press Enter.

You can use the following command to purge all Audit data:

RMVM SMZ4DTA/AUCC *ALL

Before you run these commands, you should back up the Action data to offline storage.

Check Locks

You need to run this option before you upgrade your system to check if any of the Audit files are being used. If they are, you must ensure that they are not in use before you run the upgrade.

  1. Select 89 >52. Check Locks from the BASE Support menu. The Check Locks screen appears.

  1. Select one of the commands that appear on the screen.

*PRINT1-*PRINT9 Setup

Audit enables you to define up to nine specific printers to which you can send printed output. These may be local or remote printers. *PRINT1-*PRINT9 are special values which you can enter in the OUTPUT parameter of any commands or options that support printed output.

Output to one of the nine remote printers is directed to a special output queue specified on the *PRINT1-*PRINT9 User Parameters screen, which, in turn, directs the output to a print queue on the remote system. You use the CHGOUTQ command to specify the IP address of the designated remote location and the name of the remote output queue.

By default, two remote printers are predefined. *PRINT1 is set to print at a remote location (such as the home office). *PRINT2 is set to print at a remote location in addition to the local printer. In addition:

  • *PRINT3 creates an excel file.

  • *PRINT3-9 are user modifiable

To define remote printers, perform the following steps:

  1. Select 89 > 58. *PRINT1 - *PRINT9, PDF Setup from the BASE Support menu. The Printer Files Setup screen appears.

  1. Enter 1 and press Enter. The *PRINT1 - *PRINT9 Setup screen appears.

  1. Enter the name of the local output queue and library as shown in the above example. You can optionally enter a description.

  1. Enter the following command on any command line to direct output to the remote printer. This assumes that the designated output queue has already been defined.

CHGOUTQ OUTQ('local outq/library') RMTSYS(*INTNETADR)
+  RMTPRTQ('outq on remote') AUTOSTRWTR(1) CNNTYPE(*IP) TRANSFORM(*NO)
+  INTNETADR('IP of remote')

If the desired output queue has not yet been defined, use the CRTOUTQ command to create it. The command parameters remain the same.

For example, *PRINT1 in the above screen, the following command would send output to the output queue 'MYOUTQ' on a remote system with the IP address '1.1.1.100' as follows:

CHGOUTQ OUTQ(CONTROL/SMZTMPA) RMTSYS(*INTNETADR)
+  RMTPRTQ(MYOUTQ) AUTOSTRWTR(1) CNNTYPE(*IP) TRANSFORM(*NO)
+  INTNETADR(1.1.1.100)

*PDF Setup

The operating system, from release 6.1, directly produces *PDF prints. In the absence of such support a standard *PDF is printed by other means.

To define PDF printers, perform the following steps:

  1. Select 89 > 58. *PRINT1 - *PRINT9, PDF Setup from the BASE Support menu. The Printer Files Setup screen appears.

  1. Enter 2 and press Enter. The *PDF Setup screen appears.

  1. Follow the instructions on the screen.

NOTE: You must re-perform this task after every upgrade of Audit.

Global Installation Defaults

You can set the parameters that iSecurity uses to control the Installation and upgrade processes.

  1. Select 89 > 59. Global Installation Defaultsfrom the BASE Support menu. The Global Installation Defaults screen appears.

  1. Enter your required parameters and press Enter.

Network Support

Working with network definitions

To get current information from existing report or query. Adjusting the system parameters only, to collect information from all the groups in the system to output files that can be sent via email.

  1. Select 89 > 71. Work with network definitionsfrom the BASE Support menu. The Work with Network Systems screen appears.

  1. Press F6 to define a new network system to work with and press Enter to confirm.

  1. Enter your required definitions and press Enter to confirm.

Network Authentication

To perform activity on remote systems, you must define the user SECURITY2P with the same password on all systems and LPARS with the same password.

  1. Select 89 > 72. Network Authenticationfrom the BASE Support menu. The Network Authentication screen appears.

  1. Enter the .SECURITY2P user password twice and press Enter.