Configure Integrity Scan Task (AVCFGITGT)

The AVCFGITGT command allows you to configure the settings for an object integrity scanning task. Object integrity tasks scan the operating system for missing and invalid signatures, and user libraries for patched programs.

Task name

Specifies the name or description of the task. The task name is used to configure and run tasks. To change an existing task, press F4 and type the name of the task you want to change, then press Enter. To create a new task, type the name of the task you want to create and press Enter.

*SYS The system default task.
task-name Specify the name of a task to create or use.
Task type

Specifies the type of object integrity scanning task.

*LIB Library object integrity task
*USER User object integrity task
Libraries

Specifies the libraries of the objects to check integrity.

*IBM All libraries in the auxiliary storage pools (ASPs) defined by the ASP device (ASPDEV) parameter which are saved and restored using the SAVLIB and RSTLIB CL commands with *IBM specified for the Library (LIB) parameter are shown.
*ALLUSR All libraries with names that do not begin with the letter Q except for the following:
 
#CGULIB #DSULIB #SEULIB
#COBLIB #RPGLIB
#DFULIB #SDALIB
 
Although the following libraries with names that begin with the letter Q are provided by IBM, they typically contain user data that changes frequently. Therefore, these libraries are also considered user libraries:
 
QDSNX QRCLxxxxx QUSRIJS QUSRVxRxMx
QGPL QSRVAGT QUSRINFSKR
QGPL38 QSYS2 QUSRNOTES
QMGTC QSYS2xxxxx QUSROND
QMGTC2 QS36F QUSRPOSGS
generic-name

Specify the generic name of the objects to be shown. A generic name is specified as a character string that contains one or more characters followed by an asterisk (*). A generic name specifies objects that have names with the same prefix as the generic object name for which you have some authority (except exclude (*EXCLUDE) authority).

library name Specify the name of the library to be scanned.
 
Users Specifies the list of users to check integrity. Objects owned by the specified users are checked.
 
generic-name Specify the generic name of the objects to be shown. A generic name is specified as a character string that contains one or more characters followed by an asterisk (*). A generic name specifies objects that have names with the same prefix as the generic object name for which you have some authority (except exclude (*EXCLUDE) authority).
 
user name Specify the name of the user to be scanned.
Omit

The list of objects to exclude from scanning.

If you are working with library scan tasks, specify the library name you want to exclude. For example, ABCLIB will exclude library ABCLIB. ABC* will exclude all libraries starting with ABC.

If you are working with user scan tasks, specify the user name you want to exclude. For example, USER1 will exclude user USER1. USER* will exclude all users starting with USER.

To exclude an object from checking, specify the QSYS.LIB path name of the object. For example, to exclude PGM1 from LIBA, specify /QSYS.LIB/LIBA.LIB/PGM1.PGM.

Check signatures

The digital signatures of objects that can be signed will be checked.

Most objects in user libraries are not signed. Using CHKSIG(*ALL) on user libraries will log an error for every object in the library -- probably not what you want. All IBM objects are signed, so use CHKSIG(*ALL) on all IBM libraries, and CHKSIG(*SIGNED) on user libraries that are not signed.

*SIGNED Objects with digital signatures are checked. Any object with a signature that is not valid will be logged.
*ALL All objects that can be digitally signed are checked. Any object that can be signed but has no signature will be logged. Any object with a signature that is not valid will be logged. Use this option with LIB(*IBM) to ensure there are no unsigned objects in IBM libraries.
Force program re-creation

Specifies whether re-creation of patched programs is forced.

To be eligible for re-creation, OPM programs must have all observability and ILE programs must have all observable creation data. Use the Display Program (DSPPGM) command to determine whether a program is observable or has all observable creation data. Unobservable creation data cannot be used by CHGPGM.

*NO Patched programs will not be recreated.
*YES Patched programs will be recreated.
Output

Specifies where output from program should be sent.

* The output is sent to the display. If the job is a batch job, the output is spooled to an output queue.
*LOGFILE The output is sent to an IFS stream file in the logs directory.
*PRINT The output is spooled to an output queue.
Schedule

Specifies the type of scheduling for the command or process.

*NONE Do not schedule the command or process to run.
*DAILY Run the command or process every day.
*WEEKLY Run the command or process on the same day once per week.
*MONTHLY Run the command or process on the same day each month.
Days

Specifies the days to perform the task.

*SUN Sundays
*MON Mondays
*TUE Tuesdays
*WED Wednesdays
*THR Thursdays
*FRI Fridays
*SAT Saturdays
Day

Specifies the day of the week to perform the task.

*SUN Sundays
*MON Mondays
*TUE Tuesdays
*WED Wednesdays
*THR Thursdays
*FRI Fridays
*SAT Saturdays
Day

Specifies the day of the month (1 - 31) to perform the task.

Schedule time Specifies the time perform the task.
 
Run priority Specifies the run priority for the job. Run priority is a value, ranging from 1 (highest priority) through 99 (lowest priority), that represents the priority at which the job competes for the processing unit relative to other jobs that are active at the same time. This value represents the relative (not the absolute) importance of the job. For example, a job with a run priority of 25 is not twice as important as one with a run priority of 50.
Delete

Specifies to delete the record or job.

*YES The record or job will be deleted.
*NO Do not delete the record or job.