Oversight Review
After all of your servers have been locked down, continue monitoring for rejected transactions. Add user rules as necessary to amend any access oversights. In urgent situations you have the option of changing the *PUBLIC *REJECT value back to *OS400 while research of the prior rules are reviewed.
Use reports to look at the rejected and allowed transactions. Reports are available by Server, User profile, and Location (IP address).
Auditing Exit Point Manager Rules
While the majority of oversight and Rule management will take place from the Management System, Exit Point Manager also allows Rules to be managed directly from an Endpoint. This might be necessary, for example, if access to the Management System is unavailable, but critical business processes require a Rule to be changed on an Endpoint. To verify the integrity of Exit Point Manager throughout your network, and ensure adherence to your organization's security policy, you can run an audit to identify and manage Rules that have been changed on Endpoints directly.
To conduct an audit, you must first define a System Group that includes the systems you would like to audit, then use Central Administration's Audit Menu to complete the audit, applying remedies as necessary.
- From the Powertech Main Menu, choose option 80, Central Administration, then choose option 5, Auditing Menu.
- Choose option 80, Work with System Groups.
- Type F6 to create a System Group.
- Name the Group and add a description, then use 1 to specify the systems you will be auditing.
- Press Enter twice to add the System Group, then press F3 until you return to the Auditing Menu.
- On the Auditing Menu, choose option 1, Audit Definitions.
- Type F6 to create a new Audit Definition.
- Name the definition (e.g. "USER_RULES_AUDIT"), add a description, and press Enter.
- Enter option 7 (Strategies) for the Audit Definition you just created.
- Place a 1 next to the strategies you would like to use (e.g. the User Rules strategies), and press Enter, then press F3 to return to Audit Definitions.
- Enter 6 (Start) for the Audit Definition and press Enter. Then, choose the System Group you defined earlier.
- Enter 9 for the Audit Definition. When the audit is finished, enter 7 (Strategy Results) for the audit you just ran.
- Enter 6 (System Results) for User Profile Settings. ("Failed" means there is at least one User Rule that doesn't match the Management System.)
- Enter 5 (Item Results) for a system marked "Failed."
NOTE: Any discrepancy to a Rule between systems, including differences to the audit, message, and capture flags, will cause an Endpoint to fail the audit.
- Find the Rule whose Status is Failed and enter 5 (Details) to review the inconsistent setting(s).
- Press F7 (Apply Remedy).
- Enter 1 for "Accept rule from endpoint" to update Exit Point Manager's Rule Configuration to match that of the Endpoint for this Rule. Choose "Send rule to endpoint" to reset the Rule to match Exit Point Manager's configuration. If you would like the Rule to continue to differ on the endpoint, choose "Acknowledge."
- Press Enter. You return to the Audit Item Results, where the Status and Remedy Applied are listed.
- Press F3 and repeat for other Profiles on the system. Then, repeat this process for Failed Profiles on other systems.