Auditing fixes

This topic summarizes steps for auditing fixes.

PTF operations and PTF object changes can be audited by using the security auditing support that is described in the System i Security Reference manual. The security auditing support and security audit journal (QSYS/QAUDJRN) is used to track PTF changes made to installed licensed programs. The QAUDCTL (Auditing Control) system value indicates whether auditing is performed. When QAUDCTL is set to *AUDLVL, auditing is performed for any functions that are selected on the QAUDLVL and QAUDLVL2 system values. The Auditing Level (QAUDLVL) system value along with the QAUDLVL2 system value determines which security-related events are logged to the security audit journal (QAUDJRN) for all system users. The following new values are allowed for Auditing Level:

• *PTFOPR - Program Temporary Fix (PTF) operations are audited. The following are some examples:
  • Load, apply, or remove a PTF.
  • Log or delete a PTF save file.
  • Install PTFs by using GO PTF or INSPTF command
• *PTFOBJ - Changes to Program Temporary Fix (PTF) objects are audited. The following are some examples:
  • Library objects such as *PGM and *SRVPGM objects.
  • Replaceable Unit (RU) objects for Licensed Internal Code (LIC) PTFs.
  • Integrated File System (IFS) objects.

Appendix F of the System i Security Reference manual includes the layout of audit journal entries and describes the entry specific data for PF (*PTFOPR) and PU (*PTFOBJ) auditing types.