Most auditors will want to see proof that proof that your IBM i program base has not been tampered with.
Set up a baseline of information about the programs on your system:
DSPOBJD OBJ(*ALLUSR/*ALL) OBJTYPE(*PGM) OUTPUT(*OUTFILE)
OUTFILE(KISPGMTRK/PGMMST)
This will create a database file in your library named PGMMST which will become your baseline file. The file will contain information about all *PGM objects on your system from all user libraries. To expand your baseline to include all programs in the OS, change the OBJ parameter to specify *ALL libraries, not just *ALLUSR libraries.
To look for changes, run the same procedure above, but pointed to a different outfile. Then compare the baseline file to the new files to see what values have changed. Using a query tool, run a query joining two files together dynamically on library name and object name. If you are tracking more than just *PGM objects, then you will also have to join on object type.
OBJECT STATISTICS in IBM i SQL services
The OBJECT_STATISTICS table function tells you pretty much everything you want to know about program objects on your system. See the IBM i documentation for the full list of available values.
To monitor program changes, you might be interested in the CHANGE_TIMESTAMP and OBJCREATED parameters
This SQL statement will list everything:
SELECT OBJNAME,OBJCREATED,CHANGE_TIMESTAMP,DAYS_USED_COUNT,OBJATTRIBUTE
FROM TABLE(QSYS2.OBJECT_STATISTICS('*ALL','LIB')) A
Experiment to get the columns that you need for your analysis. To update a baseline you could export your query results to a file to compare against previous versions. Or you can modify the query to only list objects that have changed since a specific date:
SELECT OBJNAME,OBJCREATED,CHANGE_TIMESTAMP,DAYS_USED_COUNT,OBJATTRIBUTE
FROM TABLE(QSYS2.OBJECT_STATISTICS('*ALL','LIB')) A
WHERE CHANGE_TIMESTAMP > '2023-04-01'
Three recommended reports:
Finally, replace the original baseline file with the latest version as this is now the baseline.
Our audit product, iSecMap uses a similar approach to provide this solution for you in a ready-made reporting package.
RELATED POSTS
BROWSE KISCO U
PRODUCT CONTENT