Oversight Review

After all of your servers have been locked down, continue monitoring for rejected transactions. Add user rules as necessary to amend any access oversights. In urgent situations, you have the option of changing the *PUBLIC *REJECT value back to *ALLOW while research of the prior rules are reviewed.

Use the available tools in the Active Analytics Menu, option 3, to analyze transaction activity and make adjustments. You can filter fresh, incoming data by Server, User, Location (IP Address), and many other attributes, and use available reports to collect and view transaction activity.

Auditing Powertech Exit Point Manager for IBM i Rules

While the majority of oversight and Rule management will take place from the Management System, Powertech Exit Point Manager for IBM i also allows Rules to be managed directly from an Endpoint. This might be necessary, for example, if access to the Management System is unavailable, but critical business processes require a Rule to be changed on an Endpoint. To verify the integrity of Powertech Exit Point Manager for IBM i throughout your network, and ensure adherence to your organization's security policy, you can run an audit to identify and manage Rules that have been changed on Endpoints directly.

NOTE: Audits only apply to Endpoints. The Management System is always skipped during an audit.

To conduct an audit, you must first define a System Group that includes the systems you would like to audit, then use Central Administration's Audit Menu to complete the audit, applying remedies as necessary.

To add a system group

  1. From the Powertech Main Menu, choose option 80, Central Administration, then choose option 5, Auditing Menu.
  2. Choose option 80, Work with System Groups.
  3. Press F6 to create a System Group.
  4. Name the Group and add a description, then use 1 to specify the systems you will be auditing.
  5. Press Enter twice to add the System Group, then press F3 until you return to the Auditing Menu.

To run a user rules audit

  1. On the Auditing Menu of Central Administration, choose option 1, Audit Definitions.
  2. Press F6 to create a new Audit Definition.
  3. Name the definition (for example, "USER_RULES_AUDIT"), add a description, and press Enter.
Create Audit Definition panel
  1. Enter option 7 (Strategies) for the Audit Definition you just created.
  2. Place a 1 next to the strategies you would like to use (for example, the User Rules strategies), and press Enter, then press F3 to return to Audit Definitions.
  3. Enter 6 (Start) for the Audit Definition and press Enter. Then, choose the System Group you defined earlier.
  4. Enter 9 (Results) for the Audit Definition. When the audit is finished, enter 7 (Strategy Results) for the audit you just ran.
  5. Enter 6 (System Results) for User Profile Settings. ("Failed" means there is at least one User Rule that doesn't match the Management System.)
  6. Enter 5 (Item Results) for a system marked "Failed."
    NOTE: Any discrepancy to a Rule between systems, including differences to the audit, message, and capture flags, will cause an Endpoint to fail the audit.
  7. Find the Rule whose Status is Failed and enter 5 (Details) to review the inconsistent setting(s).
Audit Item Results panel
  1. Press F7 (Apply Remedy).
  2. Enter 1 for "Accept rule from endpoint" to update Powertech Exit Point Manager for IBM i's Rule Configuration to match that of the Endpoint for this Rule. Choose "Send rule to endpoint" to reset the Rule to match Powertech Exit Point Manager for IBM i's configuration. If you would like the Rule to continue to differ on the endpoint, choose "Acknowledge."
Powertech Central Administration Select Ready panel
  1. Press Enter. You return to the Audit Item Results, where the Status and Remedy Applied are listed.
Powertech Central Administration Audit Item Results panel
  1. Press F3 and repeat for other Profiles on the system. Then, repeat this process for Failed Profiles on other systems.