When Was Your Last SAVSECDTA, SAVSYS, SAVCFG? And Where Are They?
Editor’s note: This blog was previously published on SecureMyi.com and in the SecureMyi Security newsletter.
Backup and Recovery is an area that is critical to the security and integrity of our systems. If someone accidentally wipes out a file, or in the event of a large-scale disaster, it’s critical we have all of the pieces needed to recover the file, or the entire system.
We typically have a pretty good handle on when we last backed up our User Libraries, our Document Library objects, and the root ‘/’ file system. But what about the last save of the operating system? And what about our user profiles and security data and our system configuration objects? When was that data last backed up? And what tape or other media contains the last backup?
If you need to recover your system, and the Last Save of Security Data (Including User Profiles) was 3 months ago, that is your recovery point for User Profiles and Passwords, Authorization Lists and Private Authorities. Can you recall what your password was 3 months ago? And your End-Users Passwords? You potentially have a real mess on your hands.
When we save a library using the SAVLIB command, objects are marked with the save date and save device information, as long as we specify UPDHST(*YES). But when we save the operating system, the objects that are saved are not marked with the save information. The same is true when we save user profiles and configuration data. The saved objects are not updated with the last save date.
IBM has supplied some special purpose data areas in the QSYS library that are updated with the save date and save device information when we perform certain save operations.
When we save our security data (including user profiles) using the command Save Security Data (SAVSECDTA), the special data area QSAVUSRPRF in QSYS is updated to reflect the save date and time and save device information.
Below is a list of various SAVE commands and the associated QSYS data area. Upon execution of the command, the data area is updated.
Viewing the Last Save Date and Save Device Information
To view the last save information, you display the object description (DSPOBJD), you don’t display the content of the data area. You can start with the command Work with Objects (WRKOBJ), as shown here:
WRKOBJ OBJ(QSYS/QSAV*) OBJTYPE(*DTAARA)
This command allows you to work with all the data areas in the QSYS library that start with the characters QSAV. This results in the following display:
Place option 8 (DSPOBJD) next to one of the data areas. In the example, we chose QSAVUSRPRF to see when we last saved our security data (including user profiles). Scroll through the resulting list to see the last Save Date and Time, the Save Device used and Save Volume ID and Sequence Number on the Tape.
If you simply want to examine one of the special SAVE data areas, you can use the command DSPOBJD. Here’s an example that can be used to display the information on the last time we did a SAVSECDTA.
DSPOBJD OBJ(QSAVUSRPRF) OBJTYPE(*DTAARA)
While We’re Here: Where IS Your SAVSYS?
While we’re here discussing saving the system and its different pieces, check to make sure you’re routinely saving your user profiles and system configuration data. Also check to make sure you have a good SAVSYS backup media handy. You probably did a SAVSYS operation the last time you made a major change to the operating system, like an OS upgrade, or after applying a cumulative PTF package.
If you don’t have these backups available (SAVSYS, SAVSECDTA, SAVCFG), plan to do the needed backups as soon as you can. You don’t want to be stuck in a recovery scenario needing to go back to the original IBM distribution media. That would be a disaster on top of a disaster.
Republished by permission of IT Security and Compliance Group. © Copyright 2017 IT Security and Compliance Group