My final example for this chapter is truly one of those hidden gems of IBM i. Administration Runtime Expert (ARE) is a no-charge IBM i Licensed Program Product that allows you to automate various tasks such as PTF distribution, which is especially helpful when you’re managing multiple partitions. But in the context of checking security configuration, it’s also very helpful and not just when you have multiple partitions; it’s also useful when managing one partition. You can check system value settings, network attributes, TCP/IP configuration settings, user profile configurations, as well as object authorities against what you’ve defined as your baseline settings. You can also “fix” settings. It has its own scheduler, so you can schedule these checks to run on a regular basis and be sent a report of the results. Finally, my favorite feature: You can schedule SQL statements. So if one of the predefined categories’ (known as plugins in ARE) attributes aren’t exactly what you want to check, you can use the SQL that you’ve been developing throughout this book.
Let’s take a closer look at ARE. Once you have installed the prerequisite products, PTFs, and ARE itself (5733-ARE), you’ll have to start the servers that process ARE:
Open a web browser and access ARE via http://system_name:12401/are. This launches the Deployment Editor, where you’ll create a “template,” and within that template you’ll define the checks you want to make. See Figure 13.1.
Figure 13.1: Deployment Template Editor in ARE.
Choose Create and name your template. Figure 13.2 shows the categories available. Open each category to see the plugins available. Click on Edit (see Figure 13.3) to customize the plugin and add it to your template. This is now known to ARE as a “collection.” (Yes, I agree that the ARE terminology could use a bit of help.)
Figure 13.2: Open each category to see what plugins are available.
Figure 13.3: Click on Edit to customize a plugin and add the collection to your template.
Once you’ve edited one or more plugins (that is, created one or more collections), click on Build template on the Plugin Selection display. Building the template puts it in the format ARE needs so it can be used to verify a system. That is, the values in the template are compared to the values on the system against which the template is being run. If you make changes to the template but don’t rebuild it, the changes won’t be picked up when it’s used to verify the system.