Schedule daily and monthly procedures - Assure_Secure_File_Transfer_ - Assure_Elevated_Authority_Manager_(EAM) - Assure_Secure_File_Transfer_PGP - Assure_Encryption - Assure_Secure_File_Transfer - Required_for_All_Modules - Assure_Monitoring_and_Reporting_(AMR) - Assure_Security_Multi-Factor_Authentication_(MFA) - Assure_DB2_Data_Monitor_(DB2MON) - Assure_System_Access_Manager_(SAM) - Assure_Secure_File_Transfer_with_PGP - 7.0

Assure Security Installation (Manual) Guide

Product type
Software
Portfolio
Integrate
Product family
Assure
Product
Assure Security > Assure Elevated Authority Manager (EAM)
Assure Security > Assure Encryption
Assure Security > Assure Secure File Transfer
Assure Security > Required for All Modules
Assure Security > Assure Monitoring and Reporting (AMR)
Assure Security > Assure Security Multi-Factor Authentication (MFA)
Assure Security > Assure DB2 Data Monitor (DB2MON)
Assure Security > Assure System Access Manager (SAM)
Assure Security > Assure Secure File Transfer with PGP
Version
7.0
Language
English
Content type
Installation (Manual) Guide
Product name
Assure Security
Title
Assure Security Installation (Manual) Guide
Copyright
2023
First publish date
1999
Last updated
2025-01-05
Published on
2025-01-05T12:58:06.220000

New installations must schedule daily and monthly procedures. Precisely provides examples of these procedures in file XQJEXSRC in the secondary library. This is required for new installations that have applied a license key for any of the following features:

  • Assure Monitoring and Reporting
  • Assure System Access Manager
  • Assure Elevated Authority Manager
  • Assure Multi-Factor Authentication

The following table provides details about each procedure:

Licensed Feature Daily procedure Monthly procedure

Assure Monitoring and Reporting

  • Generates report to verify sequence number for registered journals
  • Generates report showing size of all AMR query output files
  • Rebuilds field and program repositories
  • Runs daily reports (all reports set to a specific destination)
  • Deletes receivers more than 10 days old for journals administered by AMR
  • Reorganizes AMR preparation files
  • Verifies that files defined to an AMR report are actually journaled
  • Reports on status of all queries executed in the QJRN_SCDD job
  • Rebuilds the field repository with key calculation
  • Rebuilds the program repository
  • Removes old preparation files
  • Reorganizes monthly preparation files
  • Rebuilds internal work files
  • Runs monthly queries
  • Reports on status of all queries executed in the QJRN_SCDM job

Assure System Access Manager

  • Cleans up QXU user spaces and DB Monitor files
  • Rebuilds relationship between controls and points and reports any errors
  • Creates a report for rejected log entries
  • Compresses the SAM log
  • Removes unwanted entries prior to a given date
  • Saves the SAM configuration

Assure Elevated Authority Manager

N/A
  • Cleans up EAM logs

Assure Multi-Factor Authentication

N/A
  • Saves the MFA configuration
  • Cleans up the MFA log

General

  • Maintains condition list integrity by recalculating the condition list cross reference file and statistics and removing temporarily created references
  • Resets object and user audit values if the appropriate condition lists exist
  • Rebuilds all dedicated display files for condition lists
  • Reorganizes all profiles in the security instance
In the following steps, the names of the product library and secondary library depend on your environment. For new installations, the secondary library name uses the name of the primary library with characters EX added as a suffix. For example, if the default library name SECOPS was used, the secondary library name is SECOPSEX.
  1. Copy the following file members from source file <secondary-library>/XQJEXSRC to source file <secondary-library>/XQJSRC.
    • Daily procedure: QJRN_SCDD
    • Monthly procedure: QJRN_SCDM
  2. Edit the members in <secondary-library>/XQJSRC and adapt it to your environment

  3. Compile the copied members in <secondary-library>/XQJSRC according to the instructions documented in the header of each program’s source member.

  4. Add the copied programs to the job scheduler using the command ADDJOBSCDE. The programs must run with the following context:
    • JOBD(<product_library>/IJRN)
    • JOBQ(<product_library>/QJRN)
    • USER(<product_library>)

For example, this would schedule the daily procedure. This example is in the header of the source example

ADDJOBSCDE JOB(QJRN_SCDD) CMD(CALL PGM(<secondary_library>/QJRN_SCDD))
FRQ(*WEEKLY) SCDDATE(*NONE) SCDTIME(010000) SCDDAY(*ALL)
JOBD(<product_library>/IJRN) JOBQ(<product_library>/QJRN)
USER(<product_library>) TEXT('Assure Security daily scheduled job')
Note: If you do not use any of the licensed features, remove the sections for those features from the procedure before running it.

The following is the daily procedure:

Add the names of the instance libraries to your library list.


      ADDLIBLE SECOPS                                                                             
      ADDLIBLE SECOPSEX
      
      DLTPGM   SECOPSEX/QJRN_SCDD
    

The CRTCLMOD and CRTPGM commands below will need a TGTRLS() parameter if you are intending to deploy the program on a system running an earlier release level.

CRTCLMOD MODULE(SECOPSEX/QJRN_SCDD)                                                      
      SRCFILE(SECOPSEX/XQJSRC)                                                       
      OPTIMIZE(*NONE)                                                                
      DBGVIEW(*LIST)                                                                 
      ENBPFRCOL(*NONE) 
      
      CRTPGM   PGM(SECOPSEX/QJRN_SCDD)                                                            
      MODULE(SECOPSEX/QJRN_SCDD)                                                        
      BNDSRVPGM( (QJRN *DEFER) (QXEXITS *DEFER))                                        
      TEXT('Assure Security Daily Maintenance')                                       
      ACTGRP(CILASOFT)                                                                  
      DETAIL(*BASIC) REPLACE(*YES) ALWLIBUPD(*YES)                                      
      USRPRF(*OWNER)                                                                    
      
      SETQJAUT   *QSYS SECOPSEX/QJRN_SCDD *PGM                                                                                     
    

Verify that the program is added to the job scheduler. If necessary, add the program to the job scheduler at an appropriate time when the system is least used.


      ADDJOBSCDE JOB(QJRN_SCDD)                                                                  
      CMD(CALL PGM(SECOPSEX/QJRN_SCDD))                                               
      FRQ(*WEEKLY)                                                                   
      SCDDATE(*NONE)                                                              
      SCDTIME(010000)    
      SCDDAY(*ALL)        
      JOBD(SECOPS/IJRN)                                                               
      JOBQ(SECOPS/QJRN)                                                               
      USER(SECOPS)                                                                    
      TEXT('Assure Security Daily Maintenance')
      /*------------------------------------------------------------------------------------------------*/
      
      PGM                                                                                                 
      DCL        VAR(&QJRN) TYPE(*CHAR) LEN(10)                                              
      /* ===============================================================================================*/
      /* Procedure to promote escape message to the caller           */                                   
      DCL        VAR(&MSGID) TYPE(*CHAR) LEN(7)                                              
      DCL        VAR(&MSGDTA) TYPE(*CHAR) LEN(100)                                           
      DCL        VAR(&MSGF) TYPE(*CHAR) LEN(10)                                              
      DCL        VAR(&MSGFLIB) TYPE(*CHAR) LEN(10)                                           
      DCL        VAR(&KEYVAR) TYPE(*CHAR) LEN(4)                                             
      DCL        VAR(&IJRNLIBPRD) TYPE(*CHAR) LEN(10)                                        
      DCL        VAR(&IJRNLIB) TYPE(*CHAR) LEN(2000)   
      DCL        VAR(&IFShome) TYPE(*CHAR) LEN(46)                     
      DCL        VAR(&IFSDIR) TYPE(*CHAR) LEN(200)                     
      COPYRIGHT  TEXT('Copyright 1999, 2024 Precisely.')               
     
      /* Trap escape messages and send to caller                     */             
      
      MONMSG     MSGID(CPF0000) EXEC(GOTO CMDLBL(ERREUR))              
      GOTO       CMDLBL(DEBUTPGM)                                      
      
      ERREUR:     RCVMSG     MSGTYPE(*LAST) KEYVAR(&KEYVAR) +                      
      MSGDTA(&MSGDTA) MSGID(&MSGID) MSGF(&MSGF) +          
      SNDMSGFLIB(&MSGFLIB)                                 
      MONMSG     MSGID(CPF0000)                                         
      SNDPGMMSG  MSGID(&MSGID) MSGF(&MSGFLIB/&MSGF) +                   
      MSGDTA(&MSGDTA) +                                    
      TOMSGQ(&IJRNLIBPRD/QJRNDMP) MSGTYPE(*DIAG)           
      MONMSG     MSGID(CPF0000)                                         
      
      SNDPGMMSG  MSGID(&MSGID) MSGF(&MSGFLIB/&MSGF) +                   
      MSGDTA(&MSGDTA) MSGTYPE(*ESCAPE)                     
      MONMSG     MSGID(CPF0000)                                                                
      /* ===============================================================================================*/  
      
      DEBUTPGM:                                                                                            
      
      RTVqjusp          IJRNLIB  1 2000      &IJRNLIB                                          
      CHGVAR     VAR(&IJRNLIBPRD) VALUE(%SST(&IJRNLIB 1 10))                                   
      
      /* ---------------------- DORMANT INSTANCE ------------------------------------------------------ */  
      if (%sst(&IJRNLIB 417 1 ) *eq '0') then(return)                                          
      /* ---------------------- START PROGRAM --------------------------------------------------------- */  
      
      /* Set library list for job                                                                       */ 
      RTVqjusp          *LIBL/IJRNLIB  01 10          &QJRN                                   
      RTVQJUSP   USP(*LIBL/IJRNLIB) POSITION(174) LENGTH(46) +                                
      VALUE(&IFSHOME)                                                            
      CALL &QJRN/JRNILIBL                                                                     
      MONMSG CPF0000                                                                          
      
      /* =================  GENERAL  ===================================================================*/ 
      /* Any valid key required                                                                         */
      
      CHKQJKEY   ADDRESS(*MAIL)                            /* Licence key verification     */ 
      /* update QJRN cross references */ 
      UPDQJREF   DST(*YES) QRY(*YES) AUT(*YES) CTL(*YES) +                                    
      PNT(*YES) GRP(*YES) EML(*YES) LCN(*YES) +                                    
      EAM(*YES) ELT(*YES) EXPDTL(*YES)                                             
      
      /* Functions requiring PSTF                                                                       */ 
      CHGQJAUD   LCN(OBJAUD) TOLCN(OBJAUD_OUT)             /* Reset object audit values    */ 
      CHGQJAUD   LCN(USRAUD) TOLCN(USRAUD_OUT)             /* Reset user audit values      */
      
      /* Key independent                                                                                */ 
      /* Clean-up temporary LCN entries                                                                 */ 
      EXECUTESQL SQL('DELETE FROM FILCN001 WHERE LCNOM +                                      
      >''0000000   ''') MONMSG(ST02000)                                          
      EXECUTESQL SQL('DELETE FROM FILCH001 WHERE LHNOM +                                      
      >''0000000   ''') MONMSG(ST02000)                                          
      EXECUTESQL SQL('DELETE FROM FILCX001 WHERE LXNOM +                                      
      >''0000000   ''') MONMSG(ST02000)                                          
      /* reorganize LCN statistics                                                                      */ 
      CALL       PGM(JRN26K) PARM(*DAY)                                                       
      
      /* =================  SAM ========================================================================*/ 
      
      DLCQXPNT PNT(*ALL)                                   /* Release all points           */ 
      
      /* minimize risks associated to *SBS SECOPS not running : -                                          
      run here all the cleanup process */                                                               
      CALLPRC    PRC('Misc.CleanupDBMON')                                                     
      CALLPRC    PRC('Misc.CleanupJOBN')                                                      
      CALLPRC    PRC('Misc.CleanupQLOG')                                                      
      CALLPRC    PRC(CleanupSynPnt)                                                           
      CALLPRC    PRC(CLEANUPQXU)                                                              
      
      /* Report all rejected traces                                                                     */ 
      PRTQXLOG SEQ(*USER *POINT) PERIOD(*AVAIL *LAST *AVAIL *LAST) STATUS('R')                
      /* rebuild relationships between control and points */                                               
      CALL       PGM(QXCTP )                                                                  
      /* report controls that cannot attach to a point because of vocabulary */                            
      CHGVAR     VAR(&IFSDIR) VALUE(&IFShome *TCAT +                                          
      'sql/procedures/standard')                                                 
      SNDQJPF    FILE(EXCNP001) CVNTYPE(*XLS) +                                               
      DOCNAME('DiagnozeControlNotUsedByPoint') +                                 
      ADDRESS(*IFS) FOLDER(&IFSDIR)                   
      
      /* =================  AMR  ======================================================================*/  
      
      /* Functions requiring AMR or IS4i key                                                            */ 
      
      RUNQJCHK   JRN(*ALL) CHKTYPE(*SEQNBR) ADDRESS(*MAIL) /* Check journal sequence number*/ 
      
      CHKSIZQJPF QJ(*ALL) ADDRESS(*MAIL)                   /* Check size of all QJRN       */
      /* output files                 */ 
      
      DLCQJJOB                                             /* Release all QJRN jobs        */ 
      DLCQJ QJ(*ALL)                                       /* Release all QJRN queries     */ 
      
      RUNQJGNF                                             /* Generate file repository     */ 
      RUNQJGNR JRN(*ALL)                                   /* Generate field repository    */ 
      RUNQJGNP JRN(*ALL)                                   /* Generate program repository  */
      
      
      /* Functions requiring AMR key                                                                    */
      RUNQJ QJ(*ALL) DST(EXAMP_PRD) OFSDATE(*DAY 1)        /* Run daily reports            */
      
      RUNQJDLT JRN(*ALL) DATEKEEP(10) FRCDLT(*YES)         /* Delete receivers more than   */
      /* 10 days old                  */
      
      RGZQJPF QJ(*ALL)                                     /* Reorganize QJRN preparation  */
      /* files                        */
      
      CHKQJPF    JRN(*ALL) OUTPUT(*MAIL) TOQJDST(*ADM)     /* Check files defined to       */
      /* queries are journalled       */  
      
      
      /* Functions requiring AMR key                                                                    */  
      
      PRTQJQRY   QJ(*ALL) FROMTIME(*LAST) TOTIME(*LAST) +                                      
      JOB(*) FRCMSG(*SETTING)                 /* Send report to *ADM for all  */  
      /* queries which ended *ABNORMAL*/  
      
      /* ---------------------- END PROGRAM ----------------------------------------------------------- */ 
      
      RETURN                                                                                  
      ENDPGM                                                                                                                   
    

The following is the monthly procedure:

Add the names of the instance libraries to your library list.


      ADDLIBLE SECOPS                                                                             
      ADDLIBLE SECOPSEX
      
      DLTPGM   SECOPSEX/QJRN_SCDM                                                                                                                                                                
      CRTCLMOD MODULE(SECOPSEX/QJRN_SCDM)                                                      
      SRCFILE(SECOPSEX/XQJSRC)                                                       
      OPTIMIZE(*NONE)                                                                
      DBGVIEW(*LIST)                                                                 
      ENBPFRCOL(*NONE) 
      
      CRTPGM   PGM(SECOPSEX/QJRN_SCDM)                                                            
      MODULE(SECOPSEX/QJRN_SCDM)                                                        
      BNDSRVPGM( (QJRN *DEFER) (QXEXITS *DEFER))                                        
      TEXT('Assure Security Monthly Maintenance')                                       
      ACTGRP(CILASOFT)                                                                  
      DETAIL(*BASIC) REPLACE(*YES) ALWLIBUPD(*YES)                                      
      USRPRF(*OWNER)                                                                    
      
      SETQJAUT   *QSYS SECOPSEX/QJRN_SCDM *PGM                                                                                     
    

Verify that the program is added to the job scheduler. If necessary, add the program to the job scheduler at an appropriate time when the system is least used.


      ADDJOBSCDE JOB(QJRN_SCDM)                                                                  
      CMD(CALL PGM(SECOPSEX/QJRN_SCDM))                                               
      FRQ(*MONTHLY)                                                                   
      SCDDATE(*MONTHSTR)                                                              
      SCDTIME(010000)                                                                 
      JOBD(SECOPS/IJRN)                                                               
      JOBQ(SECOPS/QJRN)                                                               
      USER(SECOPS)                                                                    
      TEXT('Assure Security Monthly Maintenance')
      
      PGM 
      DCL        VAR(&QJRN) TYPE(*CHAR) LEN(10)                                            
      DCL        VAR(&STRDATE) TYPE(*CHAR) LEN(6)                                          
      DCL        VAR(&ENDDATE) TYPE(*CHAR) LEN(6)                                          
      DCL        VAR(&RTNDATE) TYPE(*CHAR) LEN(12)                                         
      DCL        VAR(&SAVF) TYPE(*CHAR) LEN(10)
      
      DCL        VAR(&QJRN) TYPE(*CHAR) LEN(10)                                                 
      DCL        VAR(&STRDATE) TYPE(*CHAR) LEN(6)                                               
      DCL        VAR(&ENDDATE) TYPE(*CHAR) LEN(6)                                               
      DCL        VAR(&RTNDATE) TYPE(*CHAR) LEN(12)                                              
      DCL        VAR(&SAVF) TYPE(*CHAR) LEN(10)                                                 
      
      /*================================================================================================*/   
      /* Procedure to promote escape message to the caller           */                                      
      DCL        VAR(&MSGID) TYPE(*CHAR) LEN(7)                                                 
      DCL        VAR(&MSGDTA) TYPE(*CHAR) LEN(100)                                              
      DCL        VAR(&MSGF) TYPE(*CHAR) LEN(10)                                                 
      DCL        VAR(&MSGFLIB) TYPE(*CHAR) LEN(10)                                              
      DCL        VAR(&KEYVAR) TYPE(*CHAR) LEN(4)                                                
      DCL        VAR(&IJRNLIBPRD) TYPE(*CHAR) LEN(10)                                           
      DCL        VAR(&IJRNLIB) TYPE(*CHAR) LEN(2000)                                            
      COPYRIGHT  TEXT('Copyright 1999, 2024 Precisely.')                                    
      
      /*-Route escape messages------------------------------*/                                             
      MONMSG     MSGID(CPF0000) EXEC(GOTO CMDLBL(ERREUR))                                       
      GOTO       CMDLBL(DEBUTPGM)
      
      /*-----------Catch escape message-----------------------*/           
      ERREUR:     RCVMSG     MSGTYPE(*LAST) KEYVAR(&KEYVAR) +             
      MSGDTA(&MSGDTA) MSGID(&MSGID) MSGF(&MSGF) +
      SNDMSGFLIB(&MSGFLIB)                       
      MONMSG     MSGID(CPF0000)                               
      SNDPGMMSG  MSGID(&MSGID) MSGF(&MSGFLIB/&MSGF) +         
      MSGDTA(&MSGDTA) +                          
      TOMSGQ(&IJRNLIBPRD/QJRNDMP) MSGTYPE(*DIAG) 
      MONMSG     MSGID(CPF0000) 
      
      /*-----------Promote Escape Message---------------------*/       
      SNDPGMMSG  MSGID(&MSGID) MSGF(&MSGFLIB/&MSGF) +                                         
      MSGDTA(&MSGDTA) MSGTYPE(*ESCAPE)                                           
      MONMSG     MSGID(CPF0000)        
      
      /*============================================================================*/                     
      DEBUTPGM:      
      
      RTVQJUSP   IJRNLIB 1 2000  &IJRNLIB                                                     
      CHGVAR     VAR(&IJRNLIBPRD) VALUE(%SST(&IJRNLIB 1 10))                                  
      
      /* ---------------------- DORMANT INSTANCE ------------------------------------------------------ */ 
      if (%sst(&IJRNLIB 417 1 ) *eq '0') then(Return)                                         
      
      /* ---------------------- START PROGRAM --------------------------------------------------------- */ 
      /* Set library list for job                                                                       */ 
      RTVqjusp          *LIBL/IJRNLIB  01 10          &QJRN                                   
      CALL       &QJRN/JRNILIBL                                                               
      MONMSG     CPF0000           
      
      /* =================  SAM  =======================================================================*/
      RTVQJDAT   OFSDATE(*MONTH 4) RTNDATE(&RTNDATE)       /* Set date: Today - 4 months   */  
      CHGVAR     VAR(&ENDDATE) VALUE(%SST(&RTNDATE 7 6))                                       
      CPRQXLOGE  PNT(*ALL) TODATE(&ENDDATE)                /* Compress log -4 months       */  
      
      RTVQJDAT   OFSDATE(*MONTH 7) RTNDATE(&RTNDATE)       /* Set date: Today - 7 months   */  
      CHGVAR     VAR(&ENDDATE) VALUE(%SST(&RTNDATE 7 6))                                       
      RMVQXLOGE  PNT(*ALL) TOTIME(&ENDDATE)                /* Remove log entries older than 7 months */ 
      /* Reorganization of the SAM log file EXLOG001 is performed by the RUNQJRGZ command */   
      /* found in the GENERAL section of this program. It provides a RGZPFM without the */     
      /* need for an exclusive lock. */                                                        
      /* RGZPFM is necessary after compression or removing of records in the log file.  */     
      /* This is the normal solution to stop daily alerts about log threshold alert */         
      /* as defined in WRKQXVAL */                                                             
      
      RTVQJDAT   OFSDATE(*MONTH 1) RTNDATE(&RTNDATE)       /* Set date: Today - 1 month    */  
      CHGVAR     VAR(&SAVF) VALUE('CTL_' *CAT %SST(&RTNDATE 7 6))                              
      
      /* Save CONTROLER configuration           */                                                          
      SAVQXCFG   SAVF(&SAVF) REPLACE(*YES)                                                      
      
      /* =================  MFA   ======================================================================*/
      
      CHGVAR     VAR(&SAVF) VALUE('RAM_' *CAT %SST(&RTNDATE 7 6))                            
      /* Save RAMI (MFA) configuration           */                                                       
      SAVQACFG   SAVF(&SAVF) REPLACE(*YES)                                               
      /* Cleanup RAMI (MFA) log file : remove entries older than 6 months */                              
      CLNQALOG   CALCDAYS(180)                                                             
      
      /* =================  AMR  ======================================================================*/   
      
      RUNQJGNF                                             /* Generate file repository     */  
      RUNQJGNR JRN(*ALL) KEYS(*ADD)                        /* Generate field repository    */  
      RUNQJGNP JRN(*ALL)                                   /* Generate program repository  */  
      
      RMVQJPF    QJ(*ALL) OFFSET(0 12)                     /* Delete preparation older then 12 months  */  
      
      RGZQJPF    QJ(*ALL) OFFSET(0 1)                      /* Reorganize monthly preparation files     */  
      
      RUNQJCLN                                             /* Clean-up QJRN work files and queries     */  
      RUNQJ      QJ(*ALL) DST(EXAMP_PRD) OFSDATE(*MONTH 1) /* Run monthly reports for destination EXAMP_PRD  */  
      
      PRTQJQRY   QJ(*ALL) FROMTIME(*LAST) TOTIME(*LAST) +                                      
      JOB(*) FRCMSG(*SETTING)                                                     
      /* Send report to *ADM for all  */  
      /* queries which ended *ABNORMAL*
      
      =================  EAM        =================================================================*/ 
      Manual way to delete log by hard coded date (obsolete - more flexible to use *AUTO )           */ 
      RTVQJDAT   OFSDATE(*MONTH 6) RTNDATE(&RTNDATE)  */ /* Use Rule and Value settings  */ 
      CHGVAR     VAR(&ENDDATE) VALUE(%SST(&RTNDATE 7 6)) */                                 
      RMVQSLOGE  DATEKEEP(*NOMAX) CRITERIA(*YES) JOBDATE((*LT &ENDDATE)) */               
      MONMSG     MSGID(CPF0000 JRN0000 SWP0000)  */      /* Keep only 6 months of log    */ 
      
      RMVQSLOGE  DATEKEEP(*AUTO) CRITERIA(*NO)             /* Keep logs according to Rule  */ 
      MONMSG     MSGID(CPF0000 JRN0000 SWP0000)            /* or Value settings in EAM     */ 
      
      /* =================  GENERAL ====================================================================*/    
      
      /* Regenerate all dedicated display files for LCN                                                 */    
      /* Refresh LCN statistics */                                                                            
      CALL       PGM(JRN26G2)                                                                    
      CALL       PGM(JRN26K) PARM(*MONTH)                                                        
      
      /* Reorganize all PF in the Assure Security Instance                                              */    
      RUNQJRGZ                                                                                   
      
      /* ---------------------- END PROGRAM ----------------------------------------------------------- */    
      RETURN                                                                                     
      ENDPGM -->