RATE THIS ANSWER
0
Click to Vote:
- 0
0
Last Answered:
Apr 25 2008 2:06 PM GMT
by Rickmcd
Changing to Security Level 40
Make sure that all your applications run successfully at security level 30 before migrating to level 40. Security level 30 gives you the opportunity to test resource security for all your applications. Use the following procedure to migrate to security level 40:
1. Activate the security auditing function, if you have not already done so. The topic “Setting up Security Auditing” on page 258 gives complete instructions for setting up the auditing function.
2. Make sure the QAUDLVL system value includes *AUTFAIL and *PGMFAIL. *PGMFAIL logs journal entries for any access attempts that violate the integrity protection at security level 40.
3. Monitor the audit journal for *AUTFAIL and *PGMFAIL entries while running all your applications at security level 30. Pay particular attention to the following reason codes in AF type entries: B Restriction (blocked) instruction violation C Object validation failure D Unsupported interface (domain) violation J Job-description and user-profile authorization failure R Attempt to access protected area of disk (enhanced hardware storage protection) S Default sign-on attemptThese codes indicate the presence of integrity exposures in your applications. At security level 40, these programs fail.
4. If you have any programs that were created before Version 1 Release 3, use the CHGPGM command with the FRCCRT parameter to create validation values for those programs. At security level 40, the system translates any program that is restored without a validation value. This can add considerable time to the restore process. See the topic “Validation of Programs Being Restored” on page 14 for more information about program validation. Note: Restore program libraries as part of your application test. Check the audit journal for validation failures.
5. Based on the entries in the audit journal, take steps to correct your applications and prevent program failures. 6. Change the QSECURITY system value to 40 and perform an IPL.
This is all found on Chapter 2 of Security Manual
http://publib.boulder.ibm.com/infocenter/iseries/v5r4/topic/books/sc415302.pdf
AS/400 security, QAUDLVL, Security
I have reviewed system values for QAUDLVL and found the we have the appropriate values running. I have reviewed the journals that contain over 3 months of information and determined that we have no AF or J entries. Is this all I need to verify before I recommend that we move to level 40? I have identified some JOBD's that we need to discuss internally but is this really that easy? What am I missing? 
