Can Audit journal and database journal receivers be tampered. ?

1,160 pts.
Tags:
CL/400
iSeries
OS/400
Can Audit journal and database journal receivers be tampered.ie. entries modified or deleted by users who have *AUDIT authority alongwith *ALLOBJ authority.

Software/Hardware used:
iseries, os400,cl400, i750
ASKED: September 11, 2012  5:11 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

NO

They can be deleted, but not altered.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    There are no operating system interfaces that allow change or delete access to entries in a journal regardless of authorities. Entire receivers can be deleted with sufficient authority, but that would leave holes in receiver chains.   A very sophisticated user who has *ALLOBJ authority can probably manipulate various system interfaces in order to obtain the capabilities needed for access to entries. The sequences of actions that would be needed in order to get to necessary machine interfaces would be fairly obvious in audit logs if logs are monitored.   And if you're up against someone with *ALLOBJ who doesn't already have the required capabilities and yet knows everything needed to access machine interfaces and also knows what to do with them once obtained, it might not matter what you do.   Every computer has capabilities in the hardware layers to read and write data. That's essentially just a fact of "computers". If you can work your way down to that level and know how to make things happen, you can do pretty much whatever the machine can do.   The chances of you having anyone accessing your system (other than IBM) who can get that done are practically zero -- unless you have your system open to the internet. And then the chances are merely very very small.   Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following