Scan Instructions (Manual Method)
Prerequisites
None.
Outline of this Step
**IMPORTANT**
To ensure correct results use the QSECOFR profile for the following operations.
The user profile used will be locked while the DSPPGMADP command below is running. If this profile owns a lot of objects, the profile could be locked for an extended period of time
Refer to IBM Technical APAR#: SA54337 for further information. We recommend that command DSPPGMADP is run during off-peak hours.
1. Allocate Temporary Library
From the AS/400 command line enter:
CRTLIB LIB(SEKCHEK)
SekChek = Desired Output Library Name
2. Dump User Profiles (basic information) to a File
From the AS/400 command line enter:
DSPUSRPRF USRPRF(*ALL) TYPE(*BASIC) OUTPUT(*OUTFILE) OUTFILE(SEKCHEK/PROFBAS)
SEKCHEK = Output Library Name
PROFBAS = Output File Name
3. Dump the System Values to a Spooled File
From the AS/400 command line enter:
WRKSYSVAL SYSVAL(*ALL) OUTPUT(*PRINT)
4. Create a Physical File to contain the Spooled File created in Step 3
From the AS/400 command line enter:
CRTPF FILE(SEKCHEK/SYSVALS) RCDLEN(132)
SEKCHEK = Output Library Name
SYSVALS = Output File Name
5. Copy the Spooled File to the Physical File created in Step 4
From the AS/400 command line enter (e.g. see notes below):
CPYSPLF FILE(QSYSPRT) TOFILE(SEKCHEK/SYSVALS) JOB(012345/MYUSER/MYUSER2S1)
SEKCHEK = Output Library Name
SYSVALS = Output File Name
012345 = Job Number for the Spooled File created in step 3
MYUSER = User Name for the Spooled File created in step 3
MYUSER2S1 = Job Name for the Spooled File created in step 3
[Use 'WRKOUTQ' (display attributes option) or 'WRKSPLF' command to obtain information about the Spooled File]
6. Dump Program Adopt Authorities to a File (optional step)
This (optional) step will dump a list of all programs that adopt the authorities of the QSECOFR & QSYS profiles.
From the AS/400 command line enter:
DSPPGMADP USRPRF(QSECOFR) OUTPUT(*OUTFILE) OUTFILE(SEKCHEK/PGMADP)
SEKCHEK = Output Library Name
QSECOFR = Profile being adopted
PGMADP = Output File Name
From the AS/400 command line enter:
DSPPGMADP USRPRF(QSYS) OUTPUT(*OUTFILE) OUTFILE(SEKCHEK/PGMADP) OUTMBR(*FIRST *ADD)
SEKCHEK = Output Library Name
QSYS = Profile being adopted
PGMADP = Output File Name
This command will append the output to file PGMADP created by the previous command.
7. Dump Object Authorities for Specific Objects to a File (optional step)
This (optional) step will dump a list of object authorities for the object STRDFU (a powerful data manipulation utility).
From the AS/400 command line enter:
DSPOBJAUT OBJ(QSYS/STRDFU) OBJTYPE(*CMD) OUTPUT(*OUTFILE) OUTFILE(SEKCHEK/OBJAUT)
STRDFU = Object for which a list of object authorities is required
*CMD = Object type
SEKCHEK = Output Library Name
OBJAUT = Output File Name
You can dump the object authorities for as many objects as you wish. The 'OUTMBR' parameter ensures that the data is appended (added) to file OBJAUT. From the AS/400 command line enter:
DSPOBJAUT OBJ(QSYS/ObjectName) OBJTYPE(*ObjectType) OUTPUT(*OUTFILE) OUTFILE(SEKCHEK/OBJAUT) OUTMBR(*FIRST *ADD)
QSYS = Name of the library containing the object
ObjectName = Name of the object for which a list of authorities is required
ObjectType = Object type (e.g. *CMD - command, *PGM - program)
SEKCHEK = Output Library Name
OBJAUT = Output File Name
This command will append the output to file OBJAUT created by the previous command.
8. Dump Profiles with Default Passwords to a Spooled File (optional step)
From the AS/400 command line enter:
ANZDFTPWD ACTION(*NONE)
9. Create a Physical File to contain the Spooled File created in Step 8 (optional step)
From the AS/400 command line enter:
CRTPF FILE(SEKCHEK/ANZDFTPWD) RCDLEN(132)
SEKCHEK = Output Library Name
ANZDFTPWD = Output File Name
10. Copy the Spooled File to the Physical File created in Step 9 (optional step)
From the AS/400 command line enter (e.g. see notes below):
CPYSPLF FILE(QPSECPWD) TOFILE(SEKCHEK/ANZDFTPWD) JOB(012345/MYUSER/MYUSER2S1) SPLNBR(*LAST)
SEKCHEK = Output Library Name
ANZDFTPWD = Output File Name
012345 = Job Number for the Spooled File created in step 8
MYUSER = User Name for the Spooled File created in step 8
MYUSER2S1 = Job Name for the Spooled File
created in step 8
[Use 'WRKOUTQ' (display attributes option) or 'WRKSPLF' command to obtain information about the Spooled File]
11. Dump Service Table to a Spooled File (optional step)
From the AS/400 command line enter:
WRKSRVTBLE SERVICE(*ALL) OUTPUT(*PRINT)
12. Create a Physical File to contain the Spooled File created in Step 11 (optional step)
From the AS/400 command line enter:
CRTPF FILE(SEKCHEK/SRVTBLE) RCDLEN(132)
SEKCHEK = Output Library Name
SRVTBLE = Output File Name
13. Copy the Spooled File to the Physical File created in Step 12 (optional step)
From the AS/400 command line enter (e.g. see notes below):
CPYSPLF FILE(QSYSPRT) TOFILE(SEKCHEK/SRVTBLE) JOB(012345/MYUSER/MYUSER2S1) SPLNBR(*LAST)
SEKCHEK = Output Library Name
SRVTBLE= Output File Name
012345 = Job Number for the Spooled File created in step 11
MYUSER = User Name for the
Spooled File created in step 11
MYUSER2S1 = Job Name for the Spooled File created in step 11
[Use 'WRKOUTQ' (display attributes option) or 'WRKSPLF' command to obtain information about the Spooled File]
14. Download the Scan Files to a PC
Download files PROFBAS, SYSVALS and (if created) ANZDFTPWD, PGMADP, OBJAUT & SRVTBLE to a PC.
**IMPORTANT**
Specify binary in your copy utility or ftp software when downloading the PROFBAS file to a PC.
For all other files, specify fixed-length records and ASCII/text format.
Basic ftp commands are:
ftp 193.241.02.85 (establish an ftp connection with machine 193.241.02.85)
Note: Remember to replace 193.241.02.85 with the relevant IP address on your system.
get sekchek/profbas local_filename (copy the profbas file from the remote machine to the default directory on the local machine. The local_filename in this case would be Profbas.txt in a specified directory on the PC )
binary (switch to binary transfer mode)
ascii (switch to ASCII transfer mode)
bye (or quit) (exit ftp)
More information: A sample ftp session
15. Delete Temporary Files Created on AS/400
From the AS/400 command line enter:
RMVLIBLE SEKCHEK
DLTLIB LIB(SEKCHEK)
This will delete library SEKCHEK and its contents (i.e. all files/objects created during the Scan process).
Should you encounter difficulties with the process, call us with details of the problem and we will help guide you through the process.