(iSeries)

Backing up security configuration files

Back up the security configuration files to prevent the loss of information due to a potential system failure.

Consider backing up the following security information:

Tasks

• Back up your user profiles.

  When we use local OS security, back up your user profiles, using the normal save procedures for user profiles.

  For information about Lotus Domino, see the Lotus Domino reference library.

• Back up our security property files.

  Security settings are saved in several properties files. By default, these properties are located in the profile_root/properties directory. The default stand-alone profile name is default. If we define additional WAS profiles, there are additional properties files located in the directories for those profiles.

  The following command saves all of the properties in the /SAS subdirectory:

  SAV DEV('/QSYS.lib/wsalib.lib/wsasavf.file')
  OBJ(('profile_root/properties/sas*'))
  

  This previous command is on two lines for illustrative purposes only. Enter it as one continuous line

  We can save security property files while WAS is running.

• Back up the HTTP configuration.

  The following information applies to IBM HTTP Server. If we are using Lotus Domino HTTP Server, see the Notes .net Documentation Library.

  Changes to the HTTP configuration are often made to enable WAS to serve servlets and JSP file requests and to enable WAS security. Consider saving the HTTP configuration as a part of our WAS backup and recovery. The IBM HTTP Server configurations are stored as members of the QATMHTTPC file in the QUSRSYS library. HTTP server instances are members of the QATMHINSTC file in the QUSRSYS library. The following example commands back up these files:

  SAVOBJ OBJ(QUSRSYS/QATMHTTPC)
  
  SAVOBJ OBJ(QUSRSYS/QATMHINSTC)
  

• Back up your key files.

  The key files contain certificates used by the security infrastructure for WAS. These certificates are also used for HTTPS transport between servers. Save all of the files in the profile_root/etc directory. Key files are contained in the profile_root/etc directory, but administrators might create and store these files in other directories.

• Back up our validation lists.

  Passwords are stored as encrypted data in validation list objects when using the OS/400 password encoding algorithm. The default validation list is /QSYS.LIB/QUSRSYS.LIB/EJSADMIN.VLDL, but we can change it in the administrative console by specifying it as a system property for the application server. See the information about administering application servers.

Tune, harden, and maintain security configurations

Administer application servers

Security: Resources for learning